Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Googe/Yahoo Redirect + Blocked Anti-virus sites


  • This topic is locked This topic is locked
15 replies to this topic

#1 Savo

Savo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 14 September 2009 - 05:08 AM

Hi hi =]

Whenever I try to open a search result from google or yahoo, I would get redirected to a random non-relevant websites 1 out of every 3 times. I was also unable to access certain websites such as malwarebytes and the website for spybot search and destroy (It says "Server not found, Firefox can't find the server at www.malwarebytes.org")

However, I was able to download both of those programs from download.com. Both programs were unable to autoupdate but Malwarebytes seems to be already up to date and I downloaded manual update from download.com for spybot.

I had also tried connecting to the internet on safemode but I still could not access the sites like malwarebytes.

Avast (anti virus) seems to update fine but using it to scan seems to report no problems.

I have performed full scan with both softwares in safemode overnight (at the same time). There were a lot of infected files or registries it seems. I removed/fixed them all (First with spybot than malwarebytes if that makes a difference).


I rebooted afterward and still have the same problem.
I have also checked my HOST file and that doesn't seem to be what's preventing me accessing from certain websites. I use firefox mainly but the problem seems to apply to IE (7) as well. I tried disabling all plugins and addons from firefox but I was still unable to access certain anti-virus websites.


I've been having this problem for quite a while and I never really bothered to fix it since I thought all it does was just redirecting. But the fact that it blocks certain pages makes me reconsider the seriousness of the problem :(.

Thanks in advance for any help I can get :(

EDIT: I thought I should mention that I am using Windows XP service pack 2 and my computer is in Traditional Chinese.

This is my rootappeal log
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/14 17:45
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 000.fcl
Image Path: C:\Program Files\CyberLink\PowerDVD\000.fcl
Address: 0xA9568000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xECFA9000 Size: 19072 File Visible: - Signed: -
Status: -

Name: acedrv10.sys
Image Path: C:\WINDOWS\system32\drivers\acedrv10.sys
Address: 0xA9A23000 Size: 352256 File Visible: - Signed: -
Status: -

Name: acehlp10.sys
Image Path: C:\WINDOWS\system32\drivers\acehlp10.sys
Address: 0xEB107000 Size: 194816 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7436000 Size: 185728 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D8000 Size: 2062848 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7A99000 Size: 11648 File Visible: - Signed: -
Status: -

Name: adsal58i.SYS
Image Path: C:\WINDOWS\System32\Drivers\adsal58i.SYS
Address: 0xEB0AE000 Size: 221184 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA1F5000 Size: 138368 File Visible: - Signed: -
Status: -

Name: ar5211.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ar5211.sys
Address: 0xEB137000 Size: 546112 File Visible: - Signed: -
Status: -

Name: aswFsBlk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Address: 0xF79FD000 Size: 32768 File Visible: - Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xA9DE0000 Size: 87808 File Visible: - Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xA8E78000 Size: 15136 File Visible: - Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xAA122000 Size: 90112 File Visible: - Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xEF923000 Size: 33632 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73C8000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xEF248000 Size: 3072 File Visible: - Signed: -
Status: -

Name: AvgAsCln.sys
Image Path: C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
Address: 0xF7DA1000 Size: 3968 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xF5957000 Size: 176128 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7A95000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7C21000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A8D000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xEFBD9000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xEF7EE000 Size: 62592 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF76BD000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xED202000 Size: 14080 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7A91000 Size: 9344 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF76AD000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DKbFltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
Address: 0xF05DD000 Size: 17408 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF73E0000 Size: 151808 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7B81000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xEF953000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA9EAE000 Size: 819200 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEC158000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xEFB97000 Size: 4096 File Visible: - Signed: -
Status: -

Name: epm-psd.sys
Image Path: C:\WINDOWS\system32\drivers\epm-psd.sys
Address: 0xEF247000 Size: 4096 File Visible: - Signed: -
Status: -

Name: epm-shd.sys
Image Path: C:\WINDOWS\system32\drivers\epm-shd.sys
Address: 0xA9947000 Size: 78208 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xEFBF9000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF72E0000 Size: 129920 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7C1F000 Size: 7936 File Visible: - Signed: -
Status: -

Name: fsvga.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fsvga.sys
Address: 0xED1EA000 Size: 12160 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7406000 Size: 125056 File Visible: - Signed: -
Status: -

Name: guard.sys
Image Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
Address: 0xF7DBE000 Size: 4096 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131712 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF5982000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xEFBA9000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF005E000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xEC170000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA8EFA000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xEF80E000 Size: 47744 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF7300000 Size: 819200 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF058000 Size: 2686976 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF2E8000 Size: 3837952 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 212992 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF59DF000 Size: 6278560 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xEF7FE000 Size: 41984 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\WINDOWS\system32\drivers\int15.sys
Address: 0xF79BD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF773D000 Size: 38912 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA138000 Size: 136320 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA298000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF767D000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xEF8A1000 Size: 23424 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B7D000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xEB0E4000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72B7000 Size: 92032 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7C25000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xEF899000 Size: 21888 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xEC16C000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF768D000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA9AA1000 Size: 179712 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA15A000 Size: 455936 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF004E000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xEF9A3000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xEF511000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF71E3000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF71FD000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xEF52D000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xF710A000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xEB097000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xEF983000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xEF913000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA217000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF0046000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF722A000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D8000 Size: 2062848 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7DA0000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7C46000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7905000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7425000 Size: 67072 File Visible: - Signed: -
Status: -

Name: PCI_PNP4386
Image Path: \Driver\PCI_PNP4386
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7C45000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF78FD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D8000 Size: 2062848 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA2CB000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xEB086000 Size: 69120 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\WINDOWS\system32\Drivers\psdfilter.sys
Address: 0xEB24A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: psdvdisk.sys
Image Path: C:\WINDOWS\system32\Drivers\psdvdisk.sys
Address: 0xA8DBD000 Size: 77824 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF008E000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF76CD000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xEC322000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xEF7CE000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xEF7BE000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xEF7AE000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF0086000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D8000 Size: 2062848 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA1CA000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7C27000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xEB055000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xEF7DE000 Size: 54912 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8E40000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rspndr.sys
Address: 0xEB3CD000 Size: 62336 File Visible: - Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAA2EF000 Size: 4788224 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF7464000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sncduvc.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\sncduvc.SYS
Address: 0xECF99000 Size: 28672 File Visible: - Signed: -
Status: -

Name: snp2uvc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
Address: 0xA9F76000 Size: 1749376 File Visible: - Signed: -
Status: -

Name: speo.sys
Image Path: speo.sys
Address: 0xF747C000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF72CE000 Size: 73216 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA982D000 Size: 333184 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xEFBC9000 Size: 49152 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7C13000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF780D000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA23F000 Size: 360960 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xEFAFB000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xEF993000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tvicport.sys
Image Path: C:\WINDOWS\system32\drivers\tvicport.sys
Address: 0xA96E5000 Size: 11808 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xEB1E7000 Size: 364160 File Visible: - Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xA95D9000 Size: 8960 File Visible: No Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7C19000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF79AD000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xEF963000 Size: 59392 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF59A7000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xECFA1000 Size: 26496 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF79A5000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF0056000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF59CB000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF769D000 Size: 49152 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xEFBB9000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xECF91000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA9CDB000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF7162000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7B7F000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D8000 Size: 2062848 File Visible: - Signed: -
Status: -

Name: zntport.sys
Image Path: C:\WINDOWS\system32\drivers\zntport.sys
Address: 0xF7C96000 Size: 3552 File Visible: - Signed: -
Status: -


________________________________________________________-
This is my DDS log


DDS (Ver_09-07-30.01) - NTFSx86
Run by lemon at 17:45:40.31 on 2009/09/14 星期一
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.1014.393 [GMT 8:00]

AV: avast! antivirus 4.8.1169 [VPS 090913-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-

1A293FD8233D}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET 個人防火牆 *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\lemon\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lemon\My Documents\Downloads\banana.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\lemon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Dr.eye WebPage Translation: {92b255fe-94e2-4bca-958d-3926ce38913f} - c:\program

files\inventec\dreye\dreyemt\DreyeIEBar.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
EB: 參考資料(&R): {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -

launchedbylogin
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\amabama.exe" /runcleanupscript
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\acerem~1.lnk - c:\acer\empowering

technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\啟動\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 蹲 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3

\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3

\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2

\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-

2.2.5.0.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5

\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lemon\applic~1\mozilla\firefox\profiles\paagl593.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-

0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-10 75856]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2009-7-24 10872]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program

files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-5-10 144760]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2008-5-8 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2008-5-8 78208]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-5-10 345464]
S2 DUMeterSvc;DU Meter Service;c:\program files\du meter\dumetersvc.exe /startedbyscm:e1f6d4be-40e33354-dumeterservice -->

c:\program files\du meter\DUMeterSvc.exe [?]
S2 TE3CLPT;TE3CLPT;c:\windows\system32\TE3CLPT.SYS [2009-7-5 54488]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-5-10 247160]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\lemon\locals~1\temp\jnv4_mib.sys --> c:\docume~1\lemon\locals~1\temp\jnv4_mib.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -

service [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-11-12 23552]

=============== Created Last 30 ================

2009-09-14 17:45 0 a------- c:\documents and settings\lemon\settings.dat
2009-09-14 12:53 977,920 a------- c:\windows\複製 (2) -explorer.exe
2009-09-13 22:53 <DIR> --d----- c:\program files\Spyfot - Search & Destroy
2009-09-13 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-13 22:24 <DIR> --d----- c:\program files\ProcessScanner
2009-09-12 17:46 977,920 a------- c:\windows\複製 -explorer.exe
2009-09-12 17:00 <DIR> --d----- c:\docume~1\lemon\applic~1\Malwarebytes
2009-09-12 17:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 17:00 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-12 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-12 17:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 15:26 5,174 a------- c:\windows\system32\winio.vxd
2009-09-12 15:26 66 a------- c:\windows\SpeederXP.INI
2009-09-12 15:26 <DIR> --d----- c:\program files\SpeederXP
2009-09-06 12:45 <DIR> --d----- c:\program files\Conquer 2.0
2009-09-06 09:24 <DIR> --d----- c:\program files\Hamster Republic
2009-09-06 09:20 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-06 09:20 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-05 21:30 230,912 a------- c:\windows\PEV.exe
2009-09-05 21:30 161,792 a------- c:\windows\SWREG.exe
2009-09-05 21:30 98,816 a------- c:\windows\sed.exe
2009-09-05 21:30 <DIR> --ds---- C:\ComboFix
2009-09-05 07:48 <DIR> --d----- C:\_Crack_
2009-09-05 07:46 0 a------- c:\windows\PowerReg.dat
2009-09-04 19:11 147,456 a------- c:\windows\system32\igfxCoIn_v5016.dll
2009-09-04 18:23 <DIR> --d----- C:\新資料夾
2009-09-03 21:18 222 a------- C:\savegame.dat
2009-09-03 21:14 159 a------- C:\Settings.ini
2009-09-03 21:14 19,219,565 a------- C:\Knytt.exe
2009-09-03 20:22 <DIR> --d----- C:\wadf
2009-09-03 19:32 <DIR> --d----- C:\VMO
2009-08-27 18:52 90,112 a------- c:\windows\unvise32.exe
2009-08-27 16:11 <DIR> --d----- c:\program files\ProtectDisc Driver Installer
2009-08-23 21:39 13,030 a------- C:\PDOXUSRS.NET
2009-08-23 21:39 <DIR> --d----- c:\program files\common files\Borland Shared
2009-08-23 21:39 <DIR> --d----- c:\program files\Portal
2009-08-23 21:38 299,520 a------- c:\windows\uninst.exe
2009-08-23 21:38 <DIR> --d----- c:\documents and settings\lemon\WINDOWS
2009-08-23 21:38 <DIR> --d----- c:\temp\PortalGTD
2009-08-20 00:04 <DIR> --d----- c:\program files\Flash Movie Player
2009-08-17 21:59 <DIR> --d----- c:\program files\XviD
2009-08-17 21:59 <DIR> --d----- c:\program files\AviSynth 2.5
2009-08-17 21:59 <DIR> --d----- c:\program files\AutoGK
2009-08-17 21:39 <DIR> --d----- c:\program files\Blaze Media Pro
2009-08-17 21:39 <DIR> --d----- c:\documents and settings\lemon\y
2009-08-17 21:39 <DIR> --d----- c:\documents and settings\all users\?﹍
2009-08-17 21:38 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}
2009-08-17 21:33 2,260,992 a------- c:\windows\system32\NCTVideoCompress.dll
2009-08-17 21:33 282,624 a------- c:\windows\system32\NCTQuickTimeFile.dll
2009-08-17 21:33 261,632 a------- c:\windows\system32\mcdvd_32.dll
2009-08-17 21:33 139,264 a------- c:\windows\system32\NCTVideoFile.dll
2009-08-17 21:33 2,564,096 a------- c:\windows\system32\NCTAudioCompress3.dll
2009-08-17 21:33 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-08-17 21:33 1,245,184 a------- c:\windows\system32\NCTRMFile.dll
2009-08-17 21:33 991,232 a------- c:\windows\system32\NCTVideoCoreM.dll
2009-08-17 21:33 294,912 a------- c:\windows\system32\NCTAVIFile.dll
2009-08-17 21:33 196,608 a------- c:\windows\system32\NCTWMVFile.dll
2009-08-17 21:33 106,496 a------- c:\windows\system32\NCTVideoCoreU.dll
2009-08-17 21:33 1,810,432 a------- c:\windows\system32\NCTAudioCompress2.dll
2009-08-17 21:33 <DIR> --d----- c:\program files\4U Computing
2009-08-16 18:48 52,736 a------- c:\windows\ipuninst.exe
2009-08-16 12:07 <DIR> --d----- c:\program files\Softnyx

==================== Find3M ====================

2009-09-11 19:07 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-10 16:05 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-08-10 16:05 17,212 a------t c:\windows\system32\SIntf32.dll
2009-08-10 16:05 12,067 a------t c:\windows\system32\SIntf16.dll
2009-08-10 14:21 51,872 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-21 17:47 1,228,304 a------- C:\ADBEFLPRCS4Win_LS1.exe
2009-07-13 13:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-10 15:28 320,358 a------- c:\windows\system32\prfh0404.dat
2009-07-10 15:28 99,456 a------- c:\windows\system32\prfc0404.dat
2009-07-10 00:12 191,644 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1028.dat
2009-07-03 16:02 2,678 a------- c:\windows\java\packages\data\2E3HNZVB.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\WM2G8QXB.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\QMO2CZL7.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\PFZP37NL.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\FB1393Z5.DAT

============= FINISH: 17:45:52.81 ===============

______________________________________________________________________________

Finally my Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 05:59:02, on 2009/9/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\lemon\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lemon\My Documents\Downloads\banana.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\amabama.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 蹲 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Unknown owner - C:\Program Files\DU Meter\DUMeterSvc.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 12365 bytes
_________________________________________________________________________-


Thanks again =)

Edited by Savo, 14 September 2009 - 05:21 AM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:25 AM

Posted 29 September 2009 - 08:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 September 2009 - 03:32 AM

Thanks for responding. This is my DDS file:


DDS (Ver_09-09-29.01) - NTFSx86
Run by lemon at 16:30:37.42 on 09/30/2009 Wed
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.1014.261 [GMT 8:00]

AV: avast! antivirus 4.8.1169 [VPS 090929-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET 個人防火牆 *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\lemon\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
E:\Program Files\BlackIsle\Fallout2\FALLOUT2.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\lemon\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = asimov.fdn.uq.edu.au:3128
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Dr.eye WebPage Translation: {92b255fe-94e2-4bca-958d-3926ce38913f} - c:\program files\inventec\dreye\dreyemt\DreyeIEBar.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
EB: 參考資料(&R): {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [MP4 Player] "c:\program files\mp4 player\mp4Player.exe" hmw
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\amabama.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\梃國\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\梃國\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
IE: &使用 FlashGet 下載 - c:\program files\flashget\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\flashget\jc_all.htm
IE: 蹲 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lemon\applic~1\mozilla\firefox\profiles\paagl593.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-5-10 75856]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2009-7-24 10872]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-7-24 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-7-11 201848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-5-10 144760]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2008-5-8 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2008-5-8 78208]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-5-10 345464]
S2 DUMeterSvc;DU Meter Service;c:\program files\du meter\dumetersvc.exe /startedbyscm:e1f6d4be-40e33354-dumeterservice --> c:\program files\du meter\DUMeterSvc.exe [?]
S2 TE3CLPT;TE3CLPT;c:\windows\system32\TE3CLPT.SYS [2009-7-5 54488]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-5-10 247160]
S3 jnv4_mib;jnv4_mib;\??\c:\docume~1\lemon\locals~1\temp\jnv4_mib.sys --> c:\docume~1\lemon\locals~1\temp\jnv4_mib.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2008-11-12 23552]

=============== Created Last 30 ================

2009-09-27 14:54 <DIR> --d----- C:\hannibal's stuff
2009-09-19 20:00 36,789 a------- c:\windows\scunin.dat
2009-09-19 20:00 967 a------- c:\windows\ScUnin.pif
2009-09-19 20:00 94,208 a------- c:\windows\ScUnin.exe
2009-09-19 20:00 <DIR> --d----- c:\documents and settings\all users\「開始」功能
2009-09-19 20:00 <DIR> --d----- c:\documents and settings\all users\「開始」功
2009-09-19 17:42 <DIR> --d----- c:\program files\MP4 Player
2009-09-19 09:13 304,128 a------- c:\windows\IsUn0411.exe
2009-09-19 09:12 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-09-19 09:09 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-09-19 09:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-09-14 18:54 <DIR> -cd-h--- c:\program files\複製 -Mozilla Firefox
2009-09-14 18:54 6,144 a--sh--- c:\windows\Thumbs.db
2009-09-14 17:45 0 a------- c:\documents and settings\lemon\settings.dat
2009-09-14 12:53 977,920 a------- c:\windows\複製 (2) -explorer.exe
2009-09-13 22:53 <DIR> --d----- c:\program files\Spyfot - Search & Destroy
2009-09-13 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-13 22:24 <DIR> --d----- c:\program files\ProcessScanner
2009-09-12 17:46 977,920 a------- c:\windows\複製 -explorer.exe
2009-09-12 17:00 <DIR> --d----- c:\docume~1\lemon\applic~1\Malwarebytes
2009-09-12 17:00 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 17:00 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-12 17:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-12 17:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 15:26 5,174 a------- c:\windows\system32\winio.vxd
2009-09-12 15:26 66 a------- c:\windows\SpeederXP.INI
2009-09-12 15:26 <DIR> --d----- c:\program files\SpeederXP
2009-09-06 12:45 <DIR> --d----- c:\program files\Conquer 2.0
2009-09-06 09:24 <DIR> --d----- c:\program files\Hamster Republic
2009-09-06 09:20 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-06 09:20 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-05 21:30 230,912 a------- c:\windows\PEV.exe
2009-09-05 21:30 161,792 a------- c:\windows\SWREG.exe
2009-09-05 21:30 98,816 a------- c:\windows\sed.exe
2009-09-05 21:30 <DIR> --ds---- C:\ComboFix
2009-09-05 07:48 <DIR> --d----- C:\_Crack_
2009-09-05 07:46 0 a------- c:\windows\PowerReg.dat
2009-09-04 19:11 147,456 a------- c:\windows\system32\igfxCoIn_v5016.dll
2009-09-04 18:23 <DIR> --d----- C:\新資料夾
2009-09-03 21:18 222 a------- C:\savegame.dat
2009-09-03 21:14 159 a------- C:\Settings.ini
2009-09-03 21:14 19,219,565 a------- C:\Knytt.exe
2009-09-03 20:22 <DIR> --d----- C:\wadf
2009-09-03 19:32 <DIR> --d----- C:\VMO

==================== Find3M ====================

2009-09-29 15:03 52,736 a------- c:\windows\ipuninst.exe
2009-09-24 17:14 8,224 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-19 09:04 722,416 a------- c:\windows\system32\drivers\sptd.sys
2009-09-11 19:07 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-10 16:05 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-08-10 16:05 17,212 a------t c:\windows\system32\SIntf32.dll
2009-08-10 16:05 12,067 a------t c:\windows\system32\SIntf16.dll
2009-07-21 17:47 1,228,304 a------- C:\ADBEFLPRCS4Win_LS1.exe
2009-07-13 13:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-10 15:28 320,358 a------- c:\windows\system32\prfh0404.dat
2009-07-10 15:28 99,456 a------- c:\windows\system32\prfc0404.dat
2009-07-10 00:12 191,644 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1028.dat
2009-07-03 16:02 2,678 a------- c:\windows\java\packages\data\2E3HNZVB.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\WM2G8QXB.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\QMO2CZL7.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\PFZP37NL.DAT
2009-07-03 16:01 2,678 a------- c:\windows\java\packages\data\FB1393Z5.DAT

============= FINISH: 16:30:50.95 ===============

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 PM

Posted 05 October 2009 - 06:42 PM

Hi savo,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Well, there is a trojan/backdoor in your driver lists which is causing havoc with your updates.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you choose to continue...

There is no sign of a rootkit but we will see.

Let's try and remove the driver and see if that frees up the PC a bit.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\document and settings\lemon\local settings\temp\jnv4_mib.sys
    :Services
    jnv4_mib
    :Commands
    [emptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.


Please also attempt to update and run MBAM at this stage


Finally please run OTL and post the log

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Just to recap:
OTM report
MBAM log (or an explanation of what happened when you treid to run it)
OTL logs

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 06 October 2009 - 09:04 AM

Thanks for your help m0le. Really appreciate it =]

I have just notice recently that my Avast can no longer update but I can still reach their site.
MBAM can still not update as before. However the version i got was relatively up to date. (Current database information: 9/10/2009 version 2775)

Note: I can no longer access any websites at all. This is right after the MBAM scan and delete. I thought it'd be fixed after the reboot but I was wrong. I'm using my housemates computer right now. I thought that I should also mention I'm behind a wired router.

EDIT: Ok, I dont know why this happened but the websites started working on this computer again after I tried a dozen times or so. Mbam website still cannot be accessed though ><


Here is my OTM Log:
All processes killed
========== FILES ==========
File/Folder c:\document and settings\lemon\local settings\temp\jnv4_mib.sys not found.
========== SERVICES/DRIVERS ==========

Service\Driver jnv4_mib deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: lemon
->Temp folder emptied: 53636830 bytes
->Temporary Internet Files folder emptied: 38699207 bytes
->Java cache emptied: 25493442 bytes
->FireFox cache emptied: 72958329 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 3394067 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: r

User: r.RUBYLALALA
->Temp folder emptied: 812777 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2143443 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_770.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 737324 bytes
RecycleBin emptied: 169798217 bytes

Total Files Cleaned = 350.84 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10062009_172255

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_770.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


_______________________--

This is my MBAM log:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/6/2009 9:17:19 PM
mbam-log-2009-10-06 (21-17-19).txt

Scan type: Quick Scan
Objects scanned: 141357
Time elapsed: 3 hour(s), 41 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.20 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e435d107-f04f-4ca2-b658-b0c31762e82f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.20 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.20 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e435d107-f04f-4ca2-b658-b0c31762e82f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.20 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.20 192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e435d107-f04f-4ca2-b658-b0c31762e82f}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.20 192.168.0.1 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
_____________________________________

These are my OTL logs:
OTL logfile created on: 10/6/2009 9:37:13 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\lemon\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 215.20 Mb Available Physical Memory | 21.21% Memory free
2.38 Gb Paging File | 1.53 Gb Available in Paging File | 64.41% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 15.83 Gb Free Space | 22.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.64 Gb Total Space | 5.18 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BANANANA
Current User Name: lemon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/03/30 02:11:18 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/03/30 02:37:02 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007/10/20 20:20:12 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2007/03/01 18:21:52 | 00,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2008/02/13 20:30:00 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/03/30 02:30:47 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/02/13 20:30:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/02/13 20:30:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2007/07/03 19:08:30 | 00,834,056 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/10/05 14:11:12 | 16,844,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/07/04 11:44:00 | 00,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/05/28 15:56:16 | 00,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/03/02 11:25:08 | 00,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2008/03/30 02:37:13 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/06/11 17:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2008/05/02 12:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/02/13 20:30:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/02/13 20:30:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/01/21 11:20:30 | 00,134,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2009/01/21 11:20:12 | 00,166,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2009/01/21 11:18:28 | 00,134,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2009/01/21 11:18:02 | 00,243,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/12/19 00:06:37 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2004/10/14 00:21:24 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2008/02/13 20:30:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/01/21 11:20:18 | 00,165,888 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
PRC - [2009/04/23 21:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/11/07 01:23:16 | 00,772,096 | ---- | M] () -- C:\Program Files\MP4 Player\mp4Player.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2007/07/12 11:36:40 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2009/10/06 17:25:04 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\lemon\Local Settings\Temp\RtkBtMnt.exe
PRC - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
PRC - [2009/09/14 18:53:51 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/06 17:28:11 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lemon\My Documents\Downloads\OTL.exe
PRC - [2008/02/13 20:30:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2008/02/13 20:30:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\amabama.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/03/30 02:11:18 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/03/30 02:37:02 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/03/30 02:36:22 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2008/03/30 02:30:47 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DUMeterSvc [Auto | Stopped])
SRV - [2007/03/01 18:21:52 | 00,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Running])
SRV - [2009/07/25 13:44:13 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/02/13 20:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/04/27 08:05:00 | 02,870,429 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/10/20 20:20:12 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/03/30 02:26:52 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2007/07/24 15:45:20 | 00,328,824 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\acedrv10.sys -- (acedrv10 [Auto | Running])
DRV - [2007/07/11 16:20:26 | 00,201,848 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\acehlp10.sys -- (acehlp10 [Auto | Running])
DRV - [2007/07/05 21:35:34 | 00,546,112 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2008/03/30 02:35:49 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/03/30 02:35:21 | 00,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2008/03/30 02:29:08 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2008/03/30 02:31:34 | 00,075,856 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/03/30 02:27:33 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/05/30 20:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
DRV - [2007/05/30 20:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Running])
DRV - [2007/10/22 16:24:14 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/01/20 14:42:38 | 00,017,408 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2004/07/19 13:10:00 | 00,004,096 | ---- | M] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-psd.sys -- (EpmPsd [Auto | Running])
DRV - [2005/04/07 18:08:46 | 00,078,208 | ---- | M] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-shd.sys -- (EpmShd [Auto | Running])
DRV - [2008/02/13 20:30:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2008/02/13 20:30:00 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/03/17 11:03:46 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2009/01/21 11:42:56 | 06,278,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2007/09/30 06:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2007/12/10 17:59:34 | 00,014,120 | ---- | M] (Acer, Inc.) -- C:\WINDOWS\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2007/10/05 15:21:30 | 04,613,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/05/28 15:54:40 | 00,012,800 | ---- | M] (HiTRUST) -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter [On_Demand | Running])
DRV - [2007/05/28 15:55:20 | 00,060,416 | ---- | M] (HiTRUST) -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk [On_Demand | Running])
DRV - [2008/02/13 20:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/07 00:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/02/13 20:30:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/08/02 15:17:26 | 01,749,376 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2009/09/19 09:04:29 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/04/29 10:15:44 | 00,023,552 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys -- (tap0801 [On_Demand | Running])
DRV - [2003/10/02 08:57:32 | 00,054,488 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\System32\TE3CLPT.SYS -- (TE3CLPT [Auto | Stopped])
DRV - [2007/12/10 17:59:36 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2005/10/21 09:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2007/12/10 17:59:36 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport [Auto | Running])
DRV - [2007/09/19 21:37:48 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\S-1-5-21-515967899-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\S-1-5-21-515967899-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = asimov.fdn.uq.edu.au:3128

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.autoconfig_url: "http://www.fdn.uq.edu.au/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/19 00:06:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/02 16:56:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/02 16:58:37 | 00,000,000 | ---D | M]

[2009/07/30 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lemon\Application Data\mozilla\Extensions
[2009/07/30 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lemon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/30 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lemon\Application Data\mozilla\Firefox\Profiles\paagl593.default\extensions
[2009/09/14 19:08:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 18:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/06 09:20:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/14 18:53:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 18:53:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/06 09:20:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/14 18:53:51 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/16 02:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/16 02:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/16 02:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/16 02:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/16 02:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/16 02:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/16 02:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (251763 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wad.adbasket.net
O1 - Hosts: 127.0.0.1 a.analytics.yahoo.com
O1 - Hosts: 127.0.0.1 analytics.gameforge.de
O1 - Hosts: 127.0.0.1 analytics.live.com
O1 - Hosts: 127.0.0.1 analytics.msn.com
O1 - Hosts: 127.0.0.1 analytics.r.msn.com
O1 - Hosts: 127.0.0.1 analytics.spreadshirt.com
O1 - Hosts: 127.0.0.1 proc1.devanalytics.com
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 ad.ch.doubleclick.net
O1 - Hosts: 8767 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Dr.eye WebPage Translation) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll ()
O3 - HKU\S-1-5-21-515967899-115176313-839522115-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\amabama.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe ()
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername: = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: 蹲 Microsoft Office Excel(&X) - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-515967899-115176313-839522115-1005\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/08 10:42:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3a44fdbf-a00d-11de-badd-001d720d2257}\Shell\AutoRun\command - "" = H:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{3a44fdbf-a00d-11de-badd-001d720d2257}\Shell\explore\command - "" = H:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{3a44fdbf-a00d-11de-badd-001d720d2257}\Shell\open\command - "" = H:\winamp_cache_0001\ehthumbs.exe -- File not found
O33 - MountPoints2\{5d009f4c-8674-11de-baac-001d720d2257}\Shell - "" = AutoRun
O33 - MountPoints2\{5d009f4c-8674-11de-baac-001d720d2257}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/02 16:55:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/09/19 09:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/09/12 17:00:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/13 22:53:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/02 17:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\Application Data\Apple Computer
[2009/09/12 17:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\Application Data\Malwarebytes
[2009/10/02 16:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/09/19 09:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2009/09/19 09:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/09/30 23:16:50 | 00,000,000 | ---D | C] -- C:\Program Files\Heroes of Might and Magic V
[2009/10/02 16:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/12 17:00:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/19 17:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\MP4 Player
[2009/09/13 22:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\ProcessScanner
[2009/10/01 21:51:55 | 00,000,000 | ---D | C] -- C:\Program Files\Rune Gold Edition
[2009/09/12 15:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\SpeederXP
[2009/09/13 22:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Spyfot - Search & Destroy
[2009/09/14 18:54:47 | 00,000,000 | -H-D | C] -- C:\Program Files\複製 -Mozilla Firefox
[2009/10/06 17:22:55 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/06 17:19:15 | 00,000,000 | ---D | C] -- C:\eruntback
[2009/10/06 17:17:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\erunt
[2009/10/01 20:26:21 | 53,573,6558 | ---- | C] (HumanHead ) -- C:\Setup.exe
[2009/10/01 20:14:35 | 00,000,000 | ---D | C] -- C:\Quake III Arena
[2009/10/01 20:13:59 | 00,000,000 | ---D | C] -- C:\q3a
[2009/09/30 23:34:13 | 00,000,000 | ---D | C] -- C:\alien vs predator
[2009/09/27 14:54:03 | 00,000,000 | ---D | C] -- C:\hannibal's stuff
[2009/09/19 20:00:37 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/09/19 09:13:40 | 00,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0411.exe
[2009/09/15 12:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\Laptop_Setup
[2009/09/14 12:53:16 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\複製 (2) -explorer.exe
[2009/09/13 21:50:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\hij
[2009/09/13 21:35:10 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/09/12 22:56:22 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/09/12 17:46:53 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\複製 -explorer.exe
[2009/09/12 17:00:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/12 17:00:42 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/05/08 16:51:12 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/05/08 16:51:12 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/05/08 15:38:14 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[2009/10/06 17:26:30 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\lemon\My Documents\我的共用資料夾.lnk
[2009/10/06 17:25:43 | 00,000,668 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/06 17:24:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 17:24:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/06 17:24:11 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/06 16:20:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/05 22:13:59 | 02,110,362 | -H-- | M] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\IconCache.db
[2009/10/05 14:55:01 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/04 18:00:01 | 00,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for r.job
[2009/10/03 22:50:43 | 02,475,775 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\MagnaMundiPlatinum.pdf
[2009/10/02 16:56:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\QuickTime Player.lnk
[2009/10/02 14:11:18 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 21:53:41 | 00,000,816 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\Rune Gold Edition.lnk
[2009/09/30 23:47:46 | 53,477,4272 | -HS- | M] () -- C:\eDS_PSD_drive.vmdf
[2009/09/30 23:10:13 | 53,573,6674 | ---- | M] () -- C:\RuneGoldEdition1.08c-2.zip
[2009/09/30 21:29:02 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/30 17:26:13 | 56,207,159 | ---- | M] () -- C:\OpenLieroX_0.57_beta8.win32.zip
[2009/09/30 16:28:56 | 00,005,702 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\DDS.zip
[2009/09/29 15:03:01 | 00,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2009/09/29 09:01:12 | 00,000,128 | ---- | M] () -- C:\Documents and Settings\lemon\My Documents\Download Here.url
[2009/09/29 09:00:05 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Europa Universalis III.lnk
[2009/09/27 14:59:46 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Half-Life.lnk
[2009/09/27 14:59:45 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Counter-Strike 1.6.lnk
[2009/09/24 17:14:13 | 00,051,872 | ---- | M] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/24 17:14:00 | 00,008,224 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/09/24 17:12:54 | 02,110,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/24 17:10:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/24 16:09:51 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\Spybot - Search & Destroy.lnk
[2009/09/24 16:09:51 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/09/24 16:09:51 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\ProcessScanner.lnk
[2009/09/24 16:09:35 | 00,496,882 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\ckbasetaxmapnd2.jpg
[2009/09/24 16:09:32 | 00,385,280 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\BaseIncomeMapDV21b.gif
[2009/09/19 20:01:45 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/09/19 20:01:45 | 00,036,789 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2009/09/19 20:01:45 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2009/09/19 17:49:38 | 00,251,763 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/19 17:42:41 | 00,000,036 | -H-- | M] () -- C:\Documents and Settings\lemon\Application Data\swk.ini
[2009/09/19 09:12:31 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\DAEMON Tools Lite.lnk
[2009/09/19 09:04:29 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/18 21:03:25 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Crusader Kings.lnk
[2009/09/13 22:56:39 | 00,251,740 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts a
[2009/09/13 13:24:40 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/09/12 17:59:52 | 00,002,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090913-225639.backup
[2009/09/12 15:26:33 | 00,000,066 | ---- | M] () -- C:\WINDOWS\SpeederXP.INI
[2009/09/12 15:26:22 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\SpeederXP.lnk
[2009/09/11 19:07:04 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/09/10 18:11:57 | 00,057,842 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\ruling-over-your-breakfast-with-an-iron-fist.jpg
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 23:29:38 | 12,467,483 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\389456_hbrpgthr.swf
[2009/09/09 23:12:18 | 15,009,904 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\510279_dadgame.swf
[2009/09/08 19:50:52 | 00,001,151 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\economics[1].doc.LNK

========== Files - No Company Name ==========
[2009/10/03 22:50:28 | 02,475,775 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\MagnaMundiPlatinum.pdf
[2009/10/02 16:56:23 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\QuickTime Player.lnk
[2009/10/01 21:53:40 | 00,000,816 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\Rune Gold Edition.lnk
[2009/10/01 20:14:17 | 56,207,159 | ---- | C] () -- C:\OpenLieroX_0.57_beta8.win32.zip
[2009/10/01 20:13:38 | 53,573,6674 | ---- | C] () -- C:\RuneGoldEdition1.08c-2.zip
[2009/09/30 21:29:24 | 53,477,4272 | -HS- | C] () -- C:\eDS_PSD_drive.vmdf
[2009/09/30 21:29:02 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/30 16:28:51 | 00,005,702 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\DDS.zip
[2009/09/29 09:01:12 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\lemon\My Documents\Download Here.url
[2009/09/29 08:52:49 | 00,000,941 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Europa Universalis III.lnk
[2009/09/27 14:59:46 | 00,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Half-Life.lnk
[2009/09/27 14:59:45 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Counter-Strike 1.6.lnk
[2009/09/26 10:24:05 | 35,350,2643 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\american pie2.rmvb
[2009/09/24 17:14:08 | 00,051,872 | ---- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/24 16:09:35 | 00,496,882 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\ckbasetaxmapnd2.jpg
[2009/09/24 16:09:30 | 00,385,280 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\BaseIncomeMapDV21b.gif
[2009/09/19 20:00:38 | 00,036,789 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2009/09/19 20:00:38 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2009/09/19 17:42:41 | 00,000,036 | -H-- | C] () -- C:\Documents and Settings\lemon\Application Data\swk.ini
[2009/09/19 09:12:31 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\DAEMON Tools Lite.lnk
[2009/09/18 21:03:25 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Crusader Kings.lnk
[2009/09/14 09:10:12 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/13 22:53:54 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\Spybot - Search & Destroy.lnk
[2009/09/13 22:24:24 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\ProcessScanner.lnk
[2009/09/12 17:00:46 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/09/12 15:26:31 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\winio.vxd
[2009/09/12 15:26:31 | 00,000,066 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2009/09/12 15:26:22 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\SpeederXP.lnk
[2009/09/10 18:11:56 | 00,057,842 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\ruling-over-your-breakfast-with-an-iron-fist.jpg
[2009/09/09 23:29:37 | 12,467,483 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\389456_hbrpgthr.swf
[2009/09/09 23:12:13 | 15,009,904 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\510279_dadgame.swf
[2009/09/08 19:56:11 | 00,001,151 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\economics[1].doc.LNK
[2009/09/04 19:11:57 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/08/17 22:10:22 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\lemon\Application Data\AutoGK.ini
[2009/08/09 13:31:21 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/09 13:31:21 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/09 13:31:21 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/07/26 18:51:25 | 00,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/07/22 20:08:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/07/17 11:35:38 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/07/13 02:14:33 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/12 20:17:36 | 02,110,362 | -H-- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\IconCache.db
[2009/07/12 13:59:03 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\lemon\Application Data\$_hpcst$.hpc
[2009/07/10 15:28:53 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\fusioncache.dat
[2009/07/10 01:05:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\lemon\Application Data\desktop.ini
[2009/07/05 15:20:24 | 00,003,013 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/07/05 15:20:24 | 00,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/07/05 15:18:34 | 00,000,624 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/05 15:16:41 | 00,159,744 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/07/05 15:15:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ute3.dll
[2009/07/05 15:15:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2009/01/26 05:10:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 07:01:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/19 00:50:36 | 00,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/11/11 19:30:47 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/07 00:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/07 00:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/07 00:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/07 00:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/04 07:07:10 | 03,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll
[2008/09/29 01:33:01 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2008/08/28 19:20:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2008/08/28 19:17:22 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2008/08/28 19:17:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/05/08 17:59:57 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/08 16:59:49 | 01,749,376 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2008/05/08 16:59:49 | 00,028,032 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2008/05/08 16:59:49 | 00,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2008/05/08 16:51:13 | 00,000,131 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/05/08 16:51:12 | 01,749,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/05/08 16:51:12 | 00,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/05/08 16:21:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/05/08 16:04:16 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/05/08 15:38:14 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/05/08 11:46:26 | 00,080,896 | ---- | C] () -- C:\WINDOWS\System32\LDPLAY.DLL
[2008/05/08 11:46:26 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Voice.dll
[2008/05/08 11:46:20 | 00,192,000 | ---- | C] () -- C:\WINDOWS\System32\MTDLL32.DLL
[2008/05/08 11:46:20 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\mttrans.dll
[2008/05/08 11:46:20 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\Tran.dll
[2008/05/08 11:35:14 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\drwss.dll
[2008/05/08 11:35:14 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\AddToNote.dll
[2008/05/08 11:35:14 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\DreyeDBW.dll
[2008/05/08 11:35:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\DreyeDBU.dll
[2008/05/08 11:35:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ClientProc.dll
[2008/05/08 11:35:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Text32.dll
[2008/05/08 11:35:14 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DictInfo.dll
[2008/05/08 11:35:14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ITToolTip.dll
[2008/05/08 11:35:14 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\LevelApi.dll
[2008/05/08 11:35:13 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\DreyeSkinCtrls80U.dll
[2008/05/08 11:35:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\exeProc.dll
[2008/05/08 11:35:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DreyeMT.dll
[2008/05/08 11:25:17 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/08 11:25:17 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/08 11:25:09 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/08 10:39:56 | 00,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008/05/08 10:21:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/08 10:15:41 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/08 10:15:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/05/08 10:15:41 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/13 20:30:00 | 00,000,668 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/02/13 20:30:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/05/28 15:56:14 | 01,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 15:55:06 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 15:54:32 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/01/04 15:10:22 | 00,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/11/07 03:30:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/06 20:17:30 | 00,004,881 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 06:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
< End of report >

My OTL extra log:
OTL Extras logfile created on: 10/6/2009 9:37:13 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\lemon\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 215.20 Mb Available Physical Memory | 21.21% Memory free
2.38 Gb Paging File | 1.53 Gb Available in Paging File | 64.41% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 15.83 Gb Free Space | 22.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.64 Gb Total Space | 5.18 Gb Free Space | 7.44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BANANANA
Current User Name: lemon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"19102:TCP" = 19102:TCP:*:Enabled:Foxy (119.77.242.229:19102) 19102 TCP
"19102:UDP" = 19102:UDP:*:Enabled:Foxy (119.77.242.229:19102) 19102 UDP
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Foxy\Foxy.exe" = C:\Program Files\Foxy\Foxy.exe:*:Enabled:Foxy -- (Foxy, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"\\192.210.160.10\工具\Drive\印表機\HP Color LaserJet 2600n\setup.exe" = \\192.210.160.10\工具\Drive\印表機\HP Color LaserJet 2600n\setup.exe:*:Enabled:setup.exe
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Disabled:Flash.exe -- (Adobe Systems Incorporated.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\lemon\My Documents\Downloads\aoe\age2_x1.exe" = C:\Documents and Settings\lemon\My Documents\Downloads\aoe\age2_x1.exe:*:Disabled:Age of Empires II Expansion -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin" = C:\Program Files\Softnyx\RakionIS\Bin\rakion.bin:*:Enabled:rakion -- File not found
"E:\Warcraft III\lancraft.exe" = E:\Warcraft III\lancraft.exe:*:Enabled:lancraft -- File not found
"C:\Documents and Settings\lemon\My Documents\Downloads\aoe\empires2.exe" = C:\Documents and Settings\lemon\My Documents\Downloads\aoe\empires2.exe:*:Enabled:Age of Empires II -- File not found
"E:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe" = E:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm -- File not found
"E:\Program Files\Starcraft\StarCraft.exe" = E:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Quake III Arena\Quake3\quake3.exe" = C:\Quake III Arena\Quake3\quake3.exe:*:Enabled:quake3 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC206AB-10FB-43A9-B6F1-66EB8E6BBB7D}" = MY-IPTV Anywhere Client
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39833F1F-E56B-4A2C-93F1-E5F6C1D7C107}" = Conquer 2.0
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{5458F49E-F39F-4C2E-BF61-B02950F368DA}" = MY-IPTV Anywhere Client
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6560D90C-5223-49A3-B78C-A48C31EAEC56}" = Windows Live Messenger
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}" = Europa Universalis - Rome
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90110404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91057632-CA70-413C-B628-2D3CDBBB906B}" = Macromedia Flash Player 8 Plugin
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1028-7B44-A81000000003}" = Adobe Reader 8.1.0 - Chinese Traditional
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D6B8ED44-CA4A-4702-924D-34596E5450DB}" = Crusader Kings
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E156350B-E9C9-49E9-AD7D-DE5E9101FB84}" = Dr.eye 8.0 Pro
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AutoGK" = Auto Gordian Knot 2.55
"avast!" = avast! Antivirus
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"AviSynth" = AviSynth 2.5
"Blaze Media Pro" = Blaze Media Pro
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Counter-Strike 1.6" = Counter-Strike 1.6
"Crazy Browser 2.0.1_is1" = Crazy Browser version 2.0.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Diamond Caves 3" = Diamond Caves 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fallout 2 Restoration Project_is1" = FO2 Expansion Pack 1.2
"Fallout 2 Unofficial Patch_is1" = Fallout 2 Unofficial Patch 1.02.25
"Fallout2" = Fallout2
"Flash Movie Player" = Flash Movie Player 1.5
"FlashGet" = FlashGet 1.9.6.1073
"Foxy_is1" = Foxy v1.9.8
"GoldWave v5.06" = GoldWave v5.06
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"In Nomine_is1" = In Nomine 3.1
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4088
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Full
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MP4 Player" = MP4 Player
"Nero8Lite_is1" = Nero 8 Micro 8.2.8.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"Optus Wireless Broadband" = Optus Wireless Broadband
"ProcessScanner_is1" = Uniblue ProcessScanner
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealPlayer 6.0" = RealPlayer
"Rune Gold Edition 1.08c-1" = Rune Gold Edition 1.08c-1
"SpeederXP_is1" = SpeederXP v2.32
"Starcraft" = Starcraft
"SystemRequirementsLab" = System Requirements Lab
"Unlocker" = Unlocker 1.8.7
"VobSub" = VobSub v2.23 (Remove Only)
"Wandering Hamster_is1" = Wandering Hamster (xocolatl+) 20081003
"WIC" = Windows Imaging Component
"WinRAR archiver" = WinRAR 壓縮工具
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"キャッスルファンタジア聖魔大戦" = キャッスルファンタジア聖魔大戦

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/6/2009 4:40:22 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\甲醇.doc failed, 00000005.


Error - 7/6/2009 4:40:22 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\瞬間接著劑1.doc failed, 00000005.


Error - 7/6/2009 4:40:22 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\調合漆.doc failed, 00000005.


Error - 7/6/2009 4:40:22 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\助焊劑.doc failed, 00000005.


Error - 7/6/2009 4:40:23 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\去漬油.doc failed, 00000005.


Error - 7/6/2009 4:40:23 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\噴射漆.doc failed, 00000005.


Error - 7/6/2009 4:40:23 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\柴油.doc failed, 00000005.


Error - 7/6/2009 4:40:23 AM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\192.210.160.10\資料\@主電腦-全\廠商-雇主\A004鷗美\翻譯\980527印尼翻譯\水性塗料.doc failed, 00000005.


Error - 7/7/2009 8:53:11 PM | Computer Name = RUBYNB-8C18930F | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\R\APPLICATION DATA\MICROSOFT\TEMPLATES\NORMAL.DOT failed,
00000005.

Error - 8/10/2009 2:15:09 AM | Computer Name = RUBYLALALA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
H:\StudentPhotos Feb 2009\ARATO001.JPG failed, 0000001E.

[ Application Events ]
Error - 9/18/2009 11:35:09 PM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 ntdll.dll,版本 5.1.2600.2180,錯誤位址
0x0003426d。

Error - 9/18/2009 11:42:27 PM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 ntdll.dll,版本 5.1.2600.2180,錯誤位址
0x0003426d。

Error - 9/18/2009 11:52:34 PM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 ntdll.dll,版本 5.1.2600.2180,錯誤位址
0x00011639。

Error - 9/18/2009 11:54:26 PM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 cf2r.exe,版本 0.0.0.0,錯誤位址 0x0000abb1。

Error - 9/19/2009 12:02:00 AM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 ntdll.dll,版本 5.1.2600.2180,錯誤位址
0x000342ce。

Error - 9/19/2009 12:02:53 AM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 ntdll.dll,版本 5.1.2600.2180,錯誤位址
0x00011430。

Error - 9/19/2009 12:24:50 AM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 ntdll.dll,版本 5.1.2600.2180,錯誤位址
0x00010c27。

Error - 9/20/2009 9:14:34 AM | Computer Name = RUBYLALALA | Source = Microsoft Management Console | ID = 1000
Description =

Error - 9/23/2009 7:13:56 AM | Computer Name = RUBYLALALA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 cf2r.exe,版本 0.0.0.0,失敗的模組 cf2r.exe,版本 0.0.0.0,錯誤位址 0x0000abb1。

Error - 9/28/2009 11:48:40 PM | Computer Name = BANANANA | Source = Application Error | ID = 1000
Description = 失敗的應用程式 eu3game.exe,版本 0.0.0.0,失敗的模組 unknown,版本 0.0.0.0,錯誤位址 0x1a63c805。

[ System Events ]
Error - 10/6/2009 5:22:57 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7034
Description = Cyberlink RichVideo Service(CRVS) 服務意外地終止。已經發生 1 次。

Error - 10/6/2009 5:22:57 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7034
Description = AVG Anti-Spyware Guard 服務意外地終止。已經發生 1 次。

Error - 10/6/2009 5:22:57 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7034
Description = User Profile Hive Cleanup 服務意外地終止。已經發生 1 次。

Error - 10/6/2009 5:22:57 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7034
Description = eLock Service 服務意外地終止。已經發生 1 次。

Error - 10/6/2009 5:22:57 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7034
Description = Messenger Sharing Folders USN Journal Reader service 服務意外地終止。已經發生
1 次。

Error - 10/6/2009 5:24:33 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7000
Description = adfs 服務無法啟動,因為發生下列錯誤: %%2

Error - 10/6/2009 5:24:33 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7000
Description = DU Meter Service 服務無法啟動,因為發生下列錯誤: %%2

Error - 10/6/2009 5:24:33 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7000
Description = Java Quick Starter 服務無法啟動,因為發生下列錯誤: %%3

Error - 10/6/2009 5:24:33 AM | Computer Name = BANANANA | Source = Service Control Manager | ID = 7000
Description = TE3CLPT 服務無法啟動,因為發生下列錯誤: %%20

Error - 10/6/2009 5:24:34 AM | Computer Name = BANANANA | Source = TE3CLPT | ID = 458755
Description =


< End of report >


Thanks for your help.

Edited by Savo, 06 October 2009 - 09:17 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 PM

Posted 06 October 2009 - 06:27 PM

Ok, I dont know why this happened but the websites started working on this computer again


I'm hoping this is due to the malware we targeted. :(

Let's try and remove the rest of it now.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it combo-fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 07 October 2009 - 04:49 AM

OK. I was unable to access websites combofix finished scanning. It started working again after I disabled and enabled lan connection multiple times. Certain websites (such as malwarebytes.org) are still inaccessible.I think this is because of the malware we're targetting. :(


Some parts of combofix seems to be in Chinese. I tried my best to translate it and added the translated word to the very right.

EDIT: Hey, my TCP/IP settings was set as Dynamic before and I noticed that every time it connects, it connects to 85.255.112.20. I googled this and found that this was a 'suspicious Ukraine DNS' which is strange since I'm in Australia. I tried reconfiguring the router and I noticed that the router has the DNS set to 85.255.112.20. I changed it to dynamic so it auto-searches for the DNS and I lost the ability to go on any websites (My house mates still seem to get on fine). I had to changed my TCP/IP settings to static and used the DNS server the router now have and it seems to work fine now (I can go on malware bytes, spybot websites etc and my AV can update now). This is very peculiar...

ComboFix 09-10-06.03 - lemon 7/2009 Wed 17:18.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.1014.433 [GMT 8:00]
執行位置: c:\documents and settings\lemon\桌面\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 091006-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET 個人防火牆 *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* 成功創造新還原點
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) Deleted Files
.

C:\setup.exe
c:\windows\system32\winio.vxd

.
((((((((((((((((((((((((( 2009-09-07 至 2009-10-07 的新的檔案 ))))))))))))))))))))))))))))))) 2009-09-07 to 2009-10-07 New files
.

2009-10-06 09:22 . 2009-10-06 09:22 -------- d-----w- C:\_OTM
2009-10-06 09:19 . 2009-10-06 09:19 -------- d-----w- C:\eruntback
2009-10-02 09:00 . 2009-10-02 09:00 -------- d-----w- c:\documents and settings\lemon\Application Data\Apple Computer
2009-10-02 08:55 . 2009-10-02 08:55 -------- d-----w- c:\program files\Java
2009-10-02 08:55 . 2009-10-02 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-02 08:55 . 2009-10-02 08:55 -------- d-----w- c:\program files\Common Files\Apple
2009-10-01 13:51 . 2009-10-02 04:17 -------- d-----w- c:\program files\Rune Gold Edition
2009-10-01 12:14 . 2009-10-01 12:15 -------- d-----w- C:\Quake III Arena
2009-10-01 12:14 . 2009-09-30 09:26 56207159 ----a-w- C:\OpenLieroX_0.57_beta8.win32.zip
2009-10-01 12:13 . 2009-10-01 12:13 -------- d-----w- C:\q3a
2009-10-01 12:13 . 2009-09-30 15:10 535736674 ----a-w- C:\RuneGoldEdition1.08c-2.zip
2009-09-30 15:34 . 2009-10-01 14:56 -------- d-----w- C:\alien vs predator
2009-09-30 15:16 . 2009-09-30 15:16 -------- d-----w- c:\program files\Heroes of Might and Magic V
2009-09-30 13:29 . 2009-09-30 13:29 188 ----a-w- c:\windows\system32\eDataSecurity.dat
2009-09-27 06:54 . 2009-09-27 06:54 -------- d-----w- C:\hannibal's stuff
2009-09-24 09:14 . 2009-09-24 09:14 51872 ----a-w- c:\documents and settings\lemon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 12:00 . 2009-09-19 12:01 967 ----a-w- c:\windows\ScUnin.pif
2009-09-19 12:00 . 2009-09-19 12:01 36789 ----a-w- c:\windows\scunin.dat
2009-09-19 12:00 . 2009-09-19 12:01 94208 ----a-w- c:\windows\ScUnin.exe
2009-09-19 12:00 . 2009-09-19 12:00 -------- d-----w- c:\documents and settings\All Users\「開始」功能
2009-09-19 12:00 . 2009-09-19 12:00 -------- d-----w- c:\documents and settings\All Users\「開始」功
2009-09-19 09:42 . 2009-09-19 09:42 -------- d-----w- c:\program files\MP4 Player
2009-09-19 01:13 . 1998-01-14 14:06 304128 ----a-w- c:\windows\IsUn0411.exe
2009-09-19 01:12 . 2009-09-19 01:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-19 01:09 . 2009-09-19 01:10 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-09-19 01:09 . 2009-09-19 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-09-14 10:54 . 2009-09-14 10:55 -------- dc-h--w- c:\program files\複製 -Mozilla Firefox
2009-09-14 09:45 . 2009-09-14 09:45 0 ----a-w- c:\documents and settings\lemon\settings.dat
2009-09-14 04:53 . 2008-02-13 12:30 977920 ----a-w- c:\windows\複製 (2) -explorer.exe
2009-09-13 14:53 . 2009-09-13 15:07 -------- d-----w- c:\program files\Spyfot - Search & Destroy
2009-09-13 14:53 . 2009-09-13 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-13 14:24 . 2009-09-13 14:24 -------- d-----w- c:\program files\ProcessScanner
2009-09-12 14:56 . 2009-09-12 14:56 -------- d-----w- C:\ERDNT
2009-09-12 09:48 . 2008-05-08 02:21 -------- d-----r- c:\documents and settings\r.RUBYLALALA\「開始」功能表
2009-09-12 09:48 . 2009-09-12 09:48 -------- d-----w- c:\documents and settings\r.RUBYLALALA
2009-09-12 09:46 . 2008-02-13 12:30 977920 ----a-w- c:\windows\複製 -explorer.exe
2009-09-12 09:00 . 2009-09-12 09:00 -------- d-----w- c:\documents and settings\lemon\Application Data\Malwarebytes
2009-09-12 09:00 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 09:00 . 2009-09-12 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-12 09:00 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-12 09:00 . 2009-09-13 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 07:26 . 2009-09-12 07:26 -------- d-----w- c:\program files\SpeederXP

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) Changed files in 3 months?
.
2009-10-02 12:42 . 2009-07-09 17:51 -------- d-----w- c:\documents and settings\lemon\Application Data\BitTorrent
2009-10-02 08:56 . 2009-01-06 10:00 -------- d-----w- c:\program files\QuickTime
2009-09-30 13:34 . 2008-05-08 03:52 -------- d-----w- c:\program files\Launch Manager
2009-09-29 07:03 . 2009-08-16 10:48 52736 ----a-w- c:\windows\ipuninst.exe
2009-09-29 01:05 . 2009-07-25 11:50 -------- d-----w- c:\program files\FlashGet
2009-09-29 00:51 . 2008-05-08 03:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-28 04:15 . 2008-12-14 11:56 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-24 09:14 . 2008-12-15 01:16 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-19 01:13 . 2009-07-09 17:27 -------- d-----w- c:\documents and settings\lemon\Application Data\DAEMON Tools Lite
2009-09-19 01:12 . 2008-05-08 03:40 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-19 01:04 . 2008-05-08 03:25 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-13 14:09 . 2008-05-08 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-13 13:58 . 2008-05-08 03:26 -------- d-----w- c:\program files\Google
2009-09-12 09:49 . 2009-09-12 09:49 135 ----a-w- c:\documents and settings\r.RUBYLALALA\Local Settings\Application Data\fusioncache.dat
2009-09-12 02:07 . 2009-09-06 04:45 -------- d-----w- c:\program files\Conquer 2.0
2009-09-11 11:07 . 2009-07-22 12:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-06 07:57 . 2009-08-14 09:50 -------- d-----w- c:\program files\WolfQuest
2009-09-06 04:44 . 2009-09-06 04:44 -------- d-----w- c:\documents and settings\lemon\Application Data\InstallShield
2009-09-06 01:24 . 2009-09-06 01:24 -------- d-----w- c:\program files\Hamster Republic
2009-09-06 01:20 . 2009-09-06 01:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-06 01:20 . 2008-11-11 23:36 -------- d-----w- c:\program files\Javaaa
2009-09-04 23:53 . 2009-09-04 23:53 -------- d-----w- c:\documents and settings\lemon\Application Data\Leadertech
2009-09-04 23:46 . 2009-09-04 23:46 0 ----a-w- c:\windows\PowerReg.dat
2009-09-03 13:20 . 2009-09-03 13:18 222 ----a-w- C:\savegame.dat
2009-09-03 10:58 . 2009-08-23 13:39 -------- d-----w- c:\program files\Portal
2009-08-30 08:42 . 2008-05-08 03:20 -------- d-----w- c:\program files\Windows Live
2009-08-27 08:11 . 2009-08-27 08:11 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2009-08-23 13:39 . 2009-08-23 13:39 -------- d-----w- c:\program files\Common Files\Borland Shared
2009-08-19 16:04 . 2009-08-19 16:04 -------- d-----w- c:\program files\Flash Movie Player
2009-08-18 11:40 . 2009-08-18 11:39 -------- d-----w- c:\documents and settings\lemon\Application Data\vlc
2009-08-18 11:36 . 2009-08-18 11:36 -------- d-----w- c:\documents and settings\Guest\Application Data\Grisoft
2009-08-18 11:36 . 2009-04-07 04:01 51872 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 11:36 . 2009-08-18 11:36 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-08-17 14:02 . 2009-08-12 15:29 -------- d-----w- c:\program files\X-Setup
2009-08-17 13:59 . 2009-08-17 13:59 -------- d-----w- c:\program files\AutoGK
2009-08-17 13:59 . 2009-08-17 13:59 -------- d-----w- c:\program files\XviD
2009-08-17 13:59 . 2009-08-17 13:59 -------- d-----w- c:\program files\AviSynth 2.5
2009-08-17 13:59 . 2009-08-17 13:59 -------- d-----w- c:\program files\Gabest
2009-08-17 13:46 . 2009-08-17 13:39 -------- d-----w- c:\program files\Blaze Media Pro
2009-08-17 13:39 . 2009-08-17 13:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{5AC06A7F-E1C7-46A4-BA28-5A4B25F3BB23}
2009-08-17 13:33 . 2009-08-17 13:33 -------- d-----w- c:\program files\4U Computing
2009-08-16 04:07 . 2009-08-16 04:07 -------- d-----w- c:\program files\Softnyx
2009-08-15 04:03 . 2009-08-15 04:03 -------- d-----w- c:\program files\DebugMode
2009-08-15 03:59 . 2009-08-15 03:59 -------- d-----w- c:\documents and settings\lemon\Application Data\Blender Foundation
2009-08-14 06:42 . 2009-08-14 06:42 -------- d-----w- c:\program files\OfficeRecovery
2009-08-14 06:42 . 2009-08-14 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\OfficeRecovery
2009-08-12 15:31 . 2009-02-24 04:37 -------- d-----w- c:\program files\Norton Security Scan
2009-08-12 15:11 . 2009-08-12 14:33 -------- d-----w- c:\documents and settings\lemon\Application Data\IObit
2009-08-12 15:09 . 2009-08-12 15:09 -------- d-----w- c:\program files\Lavalys
2009-08-12 14:32 . 2009-08-12 14:32 -------- d-----w- c:\program files\IObit
2009-08-10 08:05 . 2009-08-09 05:31 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-10 08:05 . 2009-08-09 05:31 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-10 08:05 . 2009-08-09 05:31 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-10 06:15 . 2009-08-10 06:10 -------- d-----w- c:\program files\Adobe Photoshop
2009-08-10 06:13 . 2008-05-08 03:21 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-08 12:24 . 2009-08-08 12:21 -------- d-----w- c:\program files\Unlocker
2009-07-30 09:40 . 2009-07-30 09:40 0 ----a-w- c:\windows\nsreg.dat
2009-07-21 09:47 . 2009-07-21 09:46 1228304 ----a-w- C:\ADBEFLPRCS4Win_LS1.exe
2009-07-13 05:52 . 2009-07-13 05:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-10 07:28 . 2009-07-10 07:28 128 ----a-w- c:\documents and settings\lemon\Local Settings\Application Data\fusioncache.dat
2009-07-10 07:28 . 2008-02-13 12:30 99456 ----a-w- c:\windows\system32\prfc0404.dat
2009-07-10 07:28 . 2008-02-13 12:30 320358 ----a-w- c:\windows\system32\prfh0404.dat
.

------- Sigcheck -------

[-] 2008-04-14 . 56571CD222D18F389A0D836A3F5F2229 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\browser.dll
[-] 2008-02-13 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll
[-] 2008-02-13 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . A4CBB0DD65651C1CA34D2A31A39A00CF . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\cryptsvc.dll
[-] 2008-02-13 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll
[-] 2008-02-13 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\dllcache\cryptsvc.dll

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . C949AAD942F3004F4A76A38A578FD19C . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\tcpip.sys
[7] 2008-02-13 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 120A5EDA269BE21BCAEC0ECD53EC3FAE . 1156096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\kernel32.dll
[-] 2008-02-13 . E24A2BF7B98507E9B81B24CA7A4DE4C6 . 989184 . . [5.1.2600.3243] . . c:\windows\system32\kernel32.dll
[-] 2008-02-13 . E24A2BF7B98507E9B81B24CA7A4DE4C6 . 989184 . . [5.1.2600.3243] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 . 58EFE73219C79CAA4B4121334C75C9A7 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\netlogon.dll
[-] 2008-02-13 . 5FD8684F1C5DD26509383F6CCDAEE3A3 . 407040 . . [5.1.2600.3175] . . c:\windows\system32\netlogon.dll
[-] 2008-02-13 . 5FD8684F1C5DD26509383F6CCDAEE3A3 . 407040 . . [5.1.2600.3175] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 51F615C1E8F407125FC7C96DF1AF817B . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\eventlog.dll
[-] 2008-02-13 . 56E7D7261A4BE548B784760896375D8A . 56320 . . [5.1.2600.3227] . . c:\windows\system32\eventlog.dll
[-] 2008-02-13 . 56E7D7261A4BE548B784760896375D8A . 56320 . . [5.1.2600.3227] . . c:\windows\system32\dllcache\eventlog.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-05_13.36.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 08:35 . 2009-10-07 08:35 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-10-07 08:36 . 2009-10-07 08:36 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat
- 2009-09-04 11:12 . 2009-01-21 03:43 57344 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxprd32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:34 57344 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxprd32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 52224 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxsrvc.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 24576 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxexps.dll
+ 2009-09-06 01:17 . 2008-12-12 02:34 57344 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igxprd32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 52224 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxsrvc.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 24576 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxexps.dll
+ 2009-07-22 11:35 . 2009-09-14 11:09 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-09 18:06 . 2009-02-12 00:27 65536 c:\windows\system32\Lang\HDMI\CHT\HDMICHT.dll
+ 2008-05-08 02:15 . 2009-01-21 03:43 57344 c:\windows\system32\igxprd32.dll
- 2008-05-08 02:15 . 2008-12-12 02:34 57344 c:\windows\system32\igxprd32.dll
+ 2008-05-08 02:15 . 2009-01-21 03:18 51712 c:\windows\system32\igfxsrvc.dll
+ 2008-05-08 02:15 . 2009-01-21 03:20 23552 c:\windows\system32\igfxexps.dll
+ 2008-05-08 02:15 . 2009-01-21 03:17 93696 c:\windows\system32\hccutils.dll
+ 2009-09-28 04:15 . 2009-09-28 04:15 20992 c:\windows\Installer\212dea.msi
+ 2009-09-06 01:17 . 2008-12-12 02:34 181760 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxpgd32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:40 147456 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxpco32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 143360 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxtray.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 249856 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxsrvc.exe
- 2009-09-04 11:12 . 2009-01-21 03:18 199168 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxpph.dll
+ 2009-09-06 01:17 . 2009-01-21 03:18 199168 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxpph.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 143360 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxpers.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 172032 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxext.exe
+ 2009-09-06 01:17 . 2009-01-21 03:18 130048 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxdo.dll
- 2009-09-04 11:12 . 2009-01-21 03:18 130048 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxdo.dll
+ 2009-09-06 01:17 . 2008-12-12 02:04 217088 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxdev.dll
+ 2009-09-06 01:17 . 2009-01-21 03:20 645632 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxcfg.exe
- 2009-09-04 11:12 . 2009-01-21 03:20 645632 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxcfg.exe
+ 2009-09-06 01:17 . 2008-12-12 02:06 172032 c:\windows\system32\ReinstallBackups\0004\DriverFiles\hkcmd.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 106496 c:\windows\system32\ReinstallBackups\0004\DriverFiles\hccutils.dll
+ 2009-09-06 01:17 . 2008-12-12 02:34 181760 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igxpgd32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:40 147456 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igxpco32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 143360 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxtray.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 249856 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxsrvc.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 212992 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxpph.dll
+ 2009-09-06 01:17 . 2008-12-12 02:05 143360 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxpers.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 172032 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxext.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 135168 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxdo.dll
+ 2009-09-06 01:17 . 2008-12-12 02:04 217088 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxdev.dll
+ 2009-09-06 01:17 . 2008-12-12 02:07 651264 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxcfg.exe
+ 2009-09-06 01:17 . 2008-12-12 02:06 172032 c:\windows\system32\ReinstallBackups\0003\DriverFiles\hkcmd.exe
+ 2009-09-06 01:17 . 2008-12-12 02:05 106496 c:\windows\system32\ReinstallBackups\0003\DriverFiles\hccutils.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-06 01:20 . 2009-09-06 01:20 149280 c:\windows\system32\javaws.exe
+ 2009-09-06 01:20 . 2009-09-06 01:20 145184 c:\windows\system32\javaw.exe
+ 2009-09-06 01:20 . 2009-09-06 01:20 145184 c:\windows\system32\java.exe
+ 2008-05-08 02:28 . 2009-02-12 00:27 993816 c:\windows\system32\igxpun.exe
+ 2008-05-08 02:15 . 2009-01-21 03:43 183808 c:\windows\system32\igxpgd32.dll
+ 2008-05-08 02:16 . 2009-01-21 03:20 134656 c:\windows\system32\igfxtray.exe
+ 2008-05-08 02:16 . 2009-01-21 03:18 243712 c:\windows\system32\igfxsrvc.exe
+ 2008-05-08 02:15 . 2009-01-21 03:18 199168 c:\windows\system32\igfxpph.dll
+ 2008-05-08 02:16 . 2009-01-21 03:18 134656 c:\windows\system32\igfxpers.exe
+ 2008-05-08 02:16 . 2009-01-21 03:20 165888 c:\windows\system32\igfxext.exe
+ 2008-05-08 02:15 . 2009-01-21 03:18 130048 c:\windows\system32\igfxdo.dll
+ 2008-05-08 02:15 . 2009-01-21 03:17 205824 c:\windows\system32\igfxdev.dll
+ 2008-05-08 02:16 . 2009-01-21 03:20 645632 c:\windows\system32\igfxcfg.exe
+ 2008-05-08 02:16 . 2009-01-21 03:20 166912 c:\windows\system32\hkcmd.exe
+ 2009-09-11 11:27 . 2009-07-09 16:12 191644 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1028.dat
+ 2009-09-06 01:20 . 2009-09-06 01:20 537600 c:\windows\Installer\784f4.msi
+ 2009-10-02 08:55 . 2009-10-02 08:55 694272 c:\windows\Installer\296fde.msi
+ 2008-02-13 12:30 . 2008-02-13 12:30 977920 c:\windows\explorer3.exe
- 2009-09-04 11:12 . 2009-01-21 03:42 6278560 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxpmp32.sys
+ 2009-09-06 01:17 . 2009-01-21 03:42 6278560 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxpmp32.sys
+ 2009-09-06 01:17 . 2008-12-12 02:35 3398656 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxpdx32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:34 2350368 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igxpdv32.dll
- 2009-09-04 11:12 . 2009-01-21 03:43 1498560 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igkrng400.bin
+ 2009-09-06 01:17 . 2009-01-21 03:43 1498560 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igkrng400.bin
+ 2009-09-06 01:17 . 2008-12-12 02:04 5672960 c:\windows\system32\ReinstallBackups\0004\DriverFiles\igfxress.dll
+ 2009-09-06 01:17 . 2009-01-21 03:28 4112384 c:\windows\system32\ReinstallBackups\0004\DriverFiles\ig4icd32.dll
- 2009-09-04 11:12 . 2009-01-21 03:28 4112384 c:\windows\system32\ReinstallBackups\0004\DriverFiles\ig4icd32.dll
- 2009-09-04 11:12 . 2009-01-21 03:32 2600960 c:\windows\system32\ReinstallBackups\0004\DriverFiles\ig4dev32.dll
+ 2009-09-06 01:17 . 2009-01-21 03:32 2600960 c:\windows\system32\ReinstallBackups\0004\DriverFiles\ig4dev32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:33 6048768 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igxpmp32.sys
+ 2009-09-06 01:17 . 2008-12-12 02:35 3398656 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igxpdx32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:34 2350368 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igxpdv32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:34 1481884 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igkrng400.bin
+ 2009-09-06 01:17 . 2008-12-12 02:04 5672960 c:\windows\system32\ReinstallBackups\0003\DriverFiles\igfxress.dll
+ 2009-09-06 01:17 . 2008-12-12 02:17 3895296 c:\windows\system32\ReinstallBackups\0003\DriverFiles\ig4icd32.dll
+ 2009-09-06 01:17 . 2008-12-12 02:24 2281472 c:\windows\system32\ReinstallBackups\0003\DriverFiles\ig4dev32.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-05-08 02:15 . 2009-01-21 03:44 3773440 c:\windows\system32\igxpdx32.dll
+ 2008-05-08 02:15 . 2009-01-21 03:44 2686368 c:\windows\system32\igxpdv32.dll
+ 2009-07-09 18:06 . 2009-01-21 03:43 1498560 c:\windows\system32\igkrng400.bin
+ 2008-05-08 02:15 . 2009-01-21 03:17 5702656 c:\windows\system32\igfxress.dll
+ 2008-05-08 02:15 . 2009-01-21 03:28 4112384 c:\windows\system32\ig4icd32.dll
+ 2008-05-08 02:15 . 2009-01-21 03:32 2600960 c:\windows\system32\ig4dev32.dll
+ 2008-05-08 02:12 . 2009-09-24 09:12 2110432 c:\windows\system32\FNTCACHE.DAT
- 2008-05-08 02:12 . 2009-08-10 07:38 2110432 c:\windows\system32\FNTCACHE.DAT
+ 2008-05-08 02:16 . 2009-01-21 03:42 6278560 c:\windows\system32\drivers\igxpmp32.sys
+ 2009-10-02 08:56 . 2009-10-02 08:56 9013760 c:\windows\Installer\296fe2.msi
+ 2009-10-03 04:56 . 2009-10-03 04:56 4390912 c:\windows\Installer\1fb736.msi
.
-- 快照技術重新設置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) Relogging point?
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-02-13 208952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-03 834056]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2003-07-14 63040]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2003-07-14 95296]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\amabama.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-05 16844288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-02-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-12-20 124928]

c:\documents and settings\All Users\「開始」功能表\程式集\啟動\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-5-8 45056]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-5-8 535336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Foxy\\Foxy.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"\\\\192.210.160.10\\工具\\Drive\\印表機\\HP Color LaserJet 2600n\\setup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Quake III Arena\\Quake3\\quake3.exe"=
"\\\\192.210.160.10\\?u‥a\\Drive\\|Lai?÷\\HP Color LaserJet 2600n\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19102:TCP"= 19102:TCP:Foxy (119.77.242.229:19102) 19102 TCP
"19102:UDP"= 19102:UDP:Foxy (119.77.242.229:19102) 19102 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/10/2008 7:02 PM 75856]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [7/24/2007 3:45 PM 328824]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [7/11/2007 4:20 PM 201848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2008 7:02 PM 20560]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [11/12/2008 7:37 AM 23552]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService --> c:\program files\DU Meter\DUMeterSvc.exe [?]
S2 TE3CLPT;TE3CLPT;c:\windows\system32\TE3CLPT.SYS [7/5/2009 3:16 PM 54488]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
‘計劃任務’ 文件夾 裡的內容

2009-10-04 c:\windows\Tasks\Norton Security Scan for r.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-18 20:18]
.
.
------- 而外的掃描 ------- External Scanning?
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = asimov.fdn.uq.edu.au:3128
IE: &使用 FlashGet 下載 - c:\program files\FlashGet\jc_link.htm
IE: &全部使用 FlashGet 下載 - c:\program files\FlashGet\jc_all.htm
IE: 蹲 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
FF - ProfilePath - c:\documents and settings\lemon\Application Data\Mozilla\Firefox\Profiles\paagl593.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-HijackThis - c:\documents and settings\lemon\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 17:25
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...


c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\ 7077888 bytes
c:\documents and settings\lemon\ 1024 bytes
c:\documents and settings\lemon\ 278 bytes
c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\ 0 bytes
c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\c:\documents and settings\lemon\
c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\

掃描完成
被隱藏的檔案: 30

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\餱嘓o`uP?*\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\suspic.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\餱嘓o`uP?*\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\suspic.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\峮 ?W!|f(u? 沄b?cN
N\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\hover.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\峮 ?W!|f(u? 沄b?cN
N\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\hover.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\ z_?*悐\.Current]
@=""

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\ z_?*悐\.Modified]
@=""

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\!|f(u?*沄b?c?*\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\press.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\!|f(u?*沄b?c?*\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\press.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\?悐 *V*P*S* *灀送\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Avast\?悐 *V*P*S* *灀送\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\餱嘓o`uP?*\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\suspic.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\餱嘓o`uP?*\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\suspic.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\峮 ?W!|f(u? 沄b?cN
N\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\hover.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\峮 ?W!|f(u? 沄b?cN
N\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\hover.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\ z_?*悐\.Current]
@=""

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\ z_?*悐\.Modified]
@=""

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\!|f(u?*沄b?c?*\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\press.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\!|f(u?*沄b?c?*\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\press.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\?悐 *V*P*S* *灀送\.Current]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_USERS\S-1-5-21-515967899-115176313-839522115-1005\AppEvents\Schemes\Apps\Avast\?悐 *V*P*S* *灀送\.Modified]
@="c:\\Program Files\\Alwil Software\\Avast4\\ChineseT\\vpsupd.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\netlogon.dll
c:\windows\system32\scecli.dll
.
完成時間: 2009-10-07 17:28
ComboFix-quarantined-files.txt 2009-10-07 09:28
ComboFix2.txt 2009-09-05 13:37

Pre-Run: 16,912,134,144 bytes free
Post-Run: 17,604,157,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,
438 --- E O F --- 2009-07-05 06:42


Thanks again for all your help :(

Edited by Savo, 07 October 2009 - 06:18 AM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 PM

Posted 07 October 2009 - 01:05 PM

Hey, my TCP/IP settings was set as Dynamic before and I noticed that every time it connects, it connects to 85.255.112.20. I googled this and found that this was a 'suspicious Ukraine DNS' which is strange since I'm in Australia. I tried reconfiguring the router and I noticed that the router has the DNS set to 85.255.112.20. I changed it to dynamic so it auto-searches for the DNS and I lost the ability to go on any websites (My house mates still seem to get on fine). I had to changed my TCP/IP settings to static and used the DNS server the router now have and it seems to work fine now (I can go on malware bytes, spybot websites etc and my AV can update now). This is very peculiar...


Hi savo,

This is what a hijack does. The malware alters your DNS to their own server where you can be redirected to their websites. If you attempt to break this, as we did, it breaks the chain and stops connection to the internet. You have already changed your settings so I don't need to ask you to run a fix for this symptom. Good work :(


Combofix has broken the chain and your PC should be fairly close to being fixed.

We must run two more things to check.

Firstly, please rerun MBAM on Quick Scan


Then

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :(
Posted Image
m0le is a proud member of UNITE

#9 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 09 October 2009 - 12:03 PM

ESET Onlinescan did not show Posted Image and I'm assuming this is because no infected files were found? :(

EDIT: Forgot to mention that MBAM showed an error during the scan. It's not the first time it has done this.
The error is: 'An error occured. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error code: 731 (0, 6)'

This is my mbam log, once again, thank you for your time.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

10/10/2009 12:58:59 AM
mbam-log-2009-10-10 (00-58-59).txt

Scan type: Quick Scan
Objects scanned: 142515
Time elapsed: 6 hour(s), 40 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Savo, 09 October 2009 - 12:08 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 PM

Posted 09 October 2009 - 02:07 PM

The error is: 'An error occured. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error code: 731 (0, 6)'


This just means that you need to boot your PC. Thanks for passing it on though. :(


Your logs are looking clean now, savo.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Please also post a new OTL log.
Posted Image
m0le is a proud member of UNITE

#11 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 10 October 2009 - 05:32 AM

Yay they're clean. :D

Security check log:
Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

avast! Antivirus
AVG Anti-Spyware 7.5
ESET Online Scanner v3
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

AVG Anti-Spyware 7.5
Java™ 6 Update 15
Adobe Flash Player 10
Adobe Reader 8.1.0 - Chinese Traditional
Korean Fonts Support For Adobe Reader 8
Japanese Fonts Support For Adobe Reader 8
``````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


OTL log:
OTL logfile created on: 10/10/2009 6:27:21 PM - Run 2
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\lemon\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 578.92 Mb Available Physical Memory | 57.07% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.65 Gb Total Space | 12.62 Gb Free Space | 18.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 69.64 Gb Total Space | 6.32 Gb Free Space | 9.07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BANANANA
Current User Name: lemon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/03/30 02:11:18 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/03/30 02:37:02 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007/10/20 20:20:12 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2007/03/01 18:21:52 | 00,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2008/03/30 02:30:47 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/02/13 20:30:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/02/13 20:30:00 | 00,977,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/07/03 19:08:30 | 00,834,056 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/10/05 14:11:12 | 16,844,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/07/04 11:44:00 | 00,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/05/28 15:56:16 | 00,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007/03/02 11:25:08 | 00,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2008/03/30 02:37:13 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/06/11 17:25:42 | 06,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2008/05/02 12:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/01/21 11:20:30 | 00,134,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2009/01/21 11:20:12 | 00,166,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2009/01/21 11:20:18 | 00,165,888 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
PRC - [2009/01/21 11:18:28 | 00,134,656 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2009/01/21 11:18:02 | 00,243,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/12/19 00:06:37 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2004/10/14 00:21:24 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/04/23 21:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/02/06 17:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/10/08 15:29:55 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\lemon\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009/02/06 17:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/02/13 20:30:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
PRC - [2009/09/14 18:53:51 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/02/13 20:30:00 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2008/02/13 20:30:00 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/10/06 17:28:11 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lemon\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/03/30 02:11:18 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/03/30 02:37:02 | 00,144,760 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2008/03/30 02:36:22 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2008/03/30 02:30:47 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DUMeterSvc [Auto | Stopped])
SRV - [2007/03/01 18:21:52 | 00,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService [Auto | Running])
SRV - [2009/07/25 13:44:13 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/02/13 20:30:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - File not found -- -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/04/27 08:05:00 | 02,870,429 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/10/20 20:20:12 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2005/04/27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/03/30 02:26:52 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2007/07/24 15:45:20 | 00,328,824 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\acedrv10.sys -- (acedrv10 [Auto | Running])
DRV - [2007/07/11 16:20:26 | 00,201,848 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\acehlp10.sys -- (acehlp10 [Auto | Running])
DRV - [2007/07/05 21:35:34 | 00,546,112 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2008/03/30 02:35:49 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2008/03/30 02:35:21 | 00,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2008/03/30 02:29:08 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2008/03/30 02:31:34 | 00,075,856 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2008/03/30 02:27:33 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/05/30 20:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
DRV - [2007/05/30 20:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys -- (AvgAsCln [System | Running])
DRV - [2007/10/22 16:24:14 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/01/20 14:42:38 | 00,017,408 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2004/07/19 13:10:00 | 00,004,096 | ---- | M] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-psd.sys -- (EpmPsd [Auto | Running])
DRV - [2005/04/07 18:08:46 | 00,078,208 | ---- | M] (Acer Value Labs, USA) -- C:\WINDOWS\System32\drivers\epm-shd.sys -- (EpmShd [Auto | Running])
DRV - [2008/02/13 20:30:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2008/02/13 20:30:00 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/03/17 11:03:46 | 00,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2009/01/21 11:42:56 | 06,278,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2007/09/30 06:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor [Boot | Running])
DRV - [2007/12/10 17:59:34 | 00,014,120 | ---- | M] (Acer, Inc.) -- C:\WINDOWS\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2007/10/05 15:21:30 | 04,613,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/05/28 15:54:40 | 00,012,800 | ---- | M] (HiTRUST) -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter [On_Demand | Running])
DRV - [2007/05/28 15:55:20 | 00,060,416 | ---- | M] (HiTRUST) -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk [On_Demand | Running])
DRV - [2008/02/13 20:30:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/07 00:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/02/13 20:30:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/08/02 15:17:26 | 01,749,376 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2uvc.sys -- (SNP2UVC [On_Demand | Running])
DRV - [2009/09/19 09:04:29 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/04/29 10:15:44 | 00,023,552 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\System32\DRIVERS\tap0801.sys -- (tap0801 [On_Demand | Running])
DRV - [2003/10/02 08:57:32 | 00,054,488 | ---- | M] (Sharp Corporation) -- C:\WINDOWS\System32\TE3CLPT.SYS -- (TE3CLPT [Auto | Stopped])
DRV - [2007/12/10 17:59:36 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2005/10/21 09:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2007/12/10 17:59:36 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport [Auto | Running])
DRV - [2007/09/19 21:37:48 | 00,041,456 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\S-1-5-21-515967899-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-515967899-115176313-839522115-1005\S-1-5-21-515967899-115176313-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = asimov.fdn.uq.edu.au:3128

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.autoconfig_url: "http://www.fdn.uq.edu.au/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "asimov.fdn.uq.edu.au"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/19 00:06:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/09 13:57:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/02 16:56:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/09 18:34:08 | 00,000,000 | ---D | M]

[2009/07/30 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lemon\Application Data\mozilla\Extensions
[2009/07/30 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lemon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/30 17:40:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lemon\Application Data\mozilla\Firefox\Profiles\paagl593.default\extensions
[2009/10/09 14:04:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/14 18:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/06 09:20:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/14 18:53:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/14 18:53:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/06 09:20:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/14 18:53:51 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/02 16:58:37 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/16 02:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/16 02:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/16 02:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/16 02:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/16 02:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/16 02:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/16 02:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (251763 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wad.adbasket.net
O1 - Hosts: 127.0.0.1 a.analytics.yahoo.com
O1 - Hosts: 127.0.0.1 analytics.gameforge.de
O1 - Hosts: 127.0.0.1 analytics.live.com
O1 - Hosts: 127.0.0.1 analytics.msn.com
O1 - Hosts: 127.0.0.1 analytics.r.msn.com
O1 - Hosts: 127.0.0.1 analytics.spreadshirt.com
O1 - Hosts: 127.0.0.1 proc1.devanalytics.com
O1 - Hosts: 127.0.0.1 www.google-analytics.com
O1 - Hosts: 127.0.0.1 ad.ch.doubleclick.net
O1 - Hosts: 8767 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Dr.eye WebPage Translation) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll ()
O3 - HKU\S-1-5-21-515967899-115176313-839522115-1005\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\amabama.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [MP4 Player] C:\Program Files\MP4 Player\mp4Player.exe File not found
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-515967899-115176313-839522115-1005..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername: = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-515967899-115176313-839522115-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 蹲 Microsoft Office Excel(&X) - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-515967899-115176313-839522115-1005\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/08 10:42:52 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/02 16:55:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/09/19 09:09:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/09/12 17:00:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/09 18:15:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/13 22:53:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/02 17:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\Application Data\Apple Computer
[2009/09/12 17:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\Application Data\Malwarebytes
[2009/10/09 18:15:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\Local Settings\Application Data\Microsoft Help
[2009/10/02 16:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/09 18:31:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/09/19 17:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\asdf
[2009/09/19 09:09:18 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2009/09/19 09:12:32 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/10/08 15:55:43 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/30 23:16:50 | 00,000,000 | ---D | C] -- C:\Program Files\Heroes of Might and Magic V
[2009/10/02 16:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/12 17:00:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/09 18:31:59 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/10/09 18:16:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/09 18:34:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/09 18:29:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/09 13:51:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/09/13 22:24:23 | 00,000,000 | ---D | C] -- C:\Program Files\ProcessScanner
[2009/10/01 21:51:55 | 00,000,000 | ---D | C] -- C:\Program Files\Rune Gold Edition
[2009/09/12 15:26:20 | 00,000,000 | ---D | C] -- C:\Program Files\SpeederXP
[2009/09/13 22:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Spyfot - Search & Destroy
[2009/09/14 18:54:47 | 00,000,000 | -H-D | C] -- C:\Program Files\複製 -Mozilla Firefox
[2009/10/09 18:40:04 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/10/09 18:14:09 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/10/09 14:43:03 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/09 14:42:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/09 14:42:05 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/09 14:42:04 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/09 14:41:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/09 14:04:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/09 14:02:53 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\dllhost.exe
[2009/10/09 13:54:32 | 00,000,000 | ---D | C] -- C:\ee7526beb42b2ac6bc131dee07a269
[2009/10/08 00:37:01 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2009/10/08 00:37:01 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2009/10/08 00:37:01 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2009/10/07 17:35:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/07 17:17:34 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/07 17:15:57 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/06 22:45:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\music
[2009/10/06 17:22:55 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/10/06 17:19:15 | 00,000,000 | ---D | C] -- C:\eruntback
[2009/10/06 17:17:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\erunt
[2009/10/01 20:14:35 | 00,000,000 | ---D | C] -- C:\Quake III Arena
[2009/10/01 20:13:59 | 00,000,000 | ---D | C] -- C:\q3a
[2009/09/30 23:34:13 | 00,000,000 | ---D | C] -- C:\alien vs predator
[2009/09/27 14:54:03 | 00,000,000 | ---D | C] -- C:\hannibal's stuff
[2009/09/19 20:00:37 | 00,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/09/19 09:13:40 | 00,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0411.exe
[2009/09/15 12:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\Laptop_Setup
[2009/09/14 12:53:16 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\複製 (2) -explorer.exe
[2009/09/13 21:50:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lemon\桌面\hij
[2009/09/13 21:35:10 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/09/12 22:56:22 | 00,000,000 | ---D | C] -- C:\ERDNT
[2009/09/12 17:46:53 | 00,977,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\複製 -explorer.exe
[2009/09/12 17:00:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/12 17:00:42 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/05/08 16:51:12 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/05/08 16:51:12 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008/05/08 15:38:14 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/10/10 12:23:43 | 00,443,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/10 12:23:43 | 00,351,346 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/10/10 12:23:43 | 00,128,182 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/10/10 12:23:43 | 00,072,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/10 12:22:45 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\lemon\My Documents\我的共用資料夾.lnk
[2009/10/10 12:21:42 | 00,000,647 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/10 11:44:46 | 02,187,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/10 11:44:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/10 11:44:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/10 11:44:26 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/10 01:10:41 | 01,013,038 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/10 01:09:43 | 13,345,472 | -H-- | M] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\IconCache.db
[2009/10/09 19:14:58 | 00,077,376 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/10/09 18:00:01 | 00,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for r.job
[2009/10/09 14:43:02 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/09 13:59:40 | 00,008,224 | ---- | M] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/08 15:55:34 | 00,063,414 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\superman.bmp
[2009/10/07 17:26:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/07 17:17:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/07 17:14:01 | 03,327,765 | R--- | M] () -- C:\Documents and Settings\lemon\桌面\ComboFix.exe
[2009/10/06 16:20:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/05 14:55:01 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/03 22:50:43 | 02,475,775 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\MagnaMundiPlatinum.pdf
[2009/10/02 16:56:23 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\QuickTime Player.lnk
[2009/10/02 14:11:18 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 21:53:41 | 00,000,816 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\Rune Gold Edition.lnk
[2009/09/30 23:47:46 | 53,477,4272 | -HS- | M] () -- C:\eDS_PSD_drive.vmdf
[2009/09/30 23:10:13 | 53,573,6674 | ---- | M] () -- C:\RuneGoldEdition1.08c-2.zip
[2009/09/30 21:29:02 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/30 17:26:13 | 56,207,159 | ---- | M] () -- C:\OpenLieroX_0.57_beta8.win32.zip
[2009/09/30 16:28:56 | 00,005,702 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\DDS.zip
[2009/09/29 15:03:01 | 00,052,736 | ---- | M] (Interplay Productions) -- C:\WINDOWS\ipuninst.exe
[2009/09/29 09:01:12 | 00,000,128 | ---- | M] () -- C:\Documents and Settings\lemon\My Documents\Download Here.url
[2009/09/29 09:00:05 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Europa Universalis III.lnk
[2009/09/27 14:59:46 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Half-Life.lnk
[2009/09/27 14:59:45 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Counter-Strike 1.6.lnk
[2009/09/24 16:09:51 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\Spybot - Search & Destroy.lnk
[2009/09/24 16:09:51 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/09/24 16:09:51 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\ProcessScanner.lnk
[2009/09/24 16:09:35 | 00,496,882 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\ckbasetaxmapnd2.jpg
[2009/09/24 16:09:32 | 00,385,280 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\BaseIncomeMapDV21b.gif
[2009/09/19 20:01:45 | 00,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2009/09/19 20:01:45 | 00,036,789 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2009/09/19 20:01:45 | 00,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2009/09/19 17:49:38 | 00,251,763 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\複製 -hosts
[2009/09/19 17:49:38 | 00,251,763 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/19 17:42:41 | 00,000,036 | -H-- | M] () -- C:\Documents and Settings\lemon\Application Data\swk.ini
[2009/09/19 09:12:31 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\DAEMON Tools Lite.lnk
[2009/09/19 09:04:29 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/09/18 21:03:25 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Crusader Kings.lnk
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 22:56:39 | 00,251,740 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts a
[2009/09/13 13:24:40 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/09/12 17:59:52 | 00,002,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090913-225639.backup
[2009/09/12 15:26:33 | 00,000,066 | ---- | M] () -- C:\WINDOWS\SpeederXP.INI
[2009/09/12 15:26:22 | 00,000,640 | ---- | M] () -- C:\Documents and Settings\lemon\桌面\SpeederXP.lnk
[2009/09/11 19:07:04 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll

========== Files - No Company Name ==========
[2009/10/08 15:55:34 | 00,063,414 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\superman.bmp
[2009/10/07 17:17:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/07 17:17:39 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/07 17:13:42 | 03,327,765 | R--- | C] () -- C:\Documents and Settings\lemon\桌面\ComboFix.exe
[2009/10/03 22:50:28 | 02,475,775 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\MagnaMundiPlatinum.pdf
[2009/10/02 16:56:23 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\QuickTime Player.lnk
[2009/10/01 21:53:40 | 00,000,816 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\Rune Gold Edition.lnk
[2009/10/01 20:14:17 | 56,207,159 | ---- | C] () -- C:\OpenLieroX_0.57_beta8.win32.zip
[2009/10/01 20:13:38 | 53,573,6674 | ---- | C] () -- C:\RuneGoldEdition1.08c-2.zip
[2009/09/30 21:29:24 | 53,477,4272 | -HS- | C] () -- C:\eDS_PSD_drive.vmdf
[2009/09/30 21:29:02 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/30 16:28:51 | 00,005,702 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\DDS.zip
[2009/09/29 09:01:12 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\lemon\My Documents\Download Here.url
[2009/09/29 08:52:49 | 00,000,941 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Europa Universalis III.lnk
[2009/09/27 14:59:46 | 00,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Half-Life.lnk
[2009/09/27 14:59:45 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Counter-Strike 1.6.lnk
[2009/09/26 10:24:05 | 35,350,2643 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\american pie2.rmvb
[2009/09/24 17:14:08 | 00,008,224 | ---- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/24 16:09:35 | 00,496,882 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\ckbasetaxmapnd2.jpg
[2009/09/24 16:09:30 | 00,385,280 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\BaseIncomeMapDV21b.gif
[2009/09/19 20:00:38 | 00,036,789 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2009/09/19 20:00:38 | 00,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2009/09/19 17:42:41 | 00,000,036 | -H-- | C] () -- C:\Documents and Settings\lemon\Application Data\swk.ini
[2009/09/19 09:12:31 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\DAEMON Tools Lite.lnk
[2009/09/18 21:03:25 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Crusader Kings.lnk
[2009/09/14 09:10:12 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/13 22:53:54 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\Spybot - Search & Destroy.lnk
[2009/09/13 22:24:24 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\ProcessScanner.lnk
[2009/09/12 17:00:46 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/09/12 15:26:31 | 00,000,066 | ---- | C] () -- C:\WINDOWS\SpeederXP.INI
[2009/09/12 15:26:22 | 00,000,640 | ---- | C] () -- C:\Documents and Settings\lemon\桌面\SpeederXP.lnk
[2009/09/04 19:11:57 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/08/17 22:10:22 | 00,000,546 | ---- | C] () -- C:\Documents and Settings\lemon\Application Data\AutoGK.ini
[2009/08/09 13:31:21 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/09 13:31:21 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/09 13:31:21 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/07/26 18:51:25 | 00,000,032 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/07/22 20:08:25 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/07/17 11:35:38 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/07/13 02:14:33 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/12 20:17:36 | 13,345,472 | -H-- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\IconCache.db
[2009/07/12 13:59:03 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\lemon\Application Data\$_hpcst$.hpc
[2009/07/10 15:28:53 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\lemon\Local Settings\Application Data\fusioncache.dat
[2009/07/10 01:05:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\lemon\Application Data\desktop.ini
[2009/07/05 15:20:24 | 00,003,013 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/07/05 15:20:24 | 00,000,135 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/07/05 15:18:34 | 00,000,624 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/05 15:16:41 | 00,159,744 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/07/05 15:15:17 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ute3.dll
[2009/07/05 15:15:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\_isusr2k.dll
[2009/01/26 05:10:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 07:01:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/19 00:50:36 | 00,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/11/11 19:30:47 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/07 00:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/07 00:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/07 00:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/07 00:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/04 07:07:10 | 03,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll
[2008/09/29 01:33:01 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2008/08/28 19:20:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2008/08/28 19:17:22 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2008/08/28 19:17:20 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008/05/08 17:59:57 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/08 16:59:49 | 01,749,376 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2008/05/08 16:59:49 | 00,028,032 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2008/05/08 16:59:49 | 00,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2008/05/08 16:51:13 | 00,000,131 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/05/08 16:51:12 | 01,749,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/05/08 16:51:12 | 00,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/05/08 16:21:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008/05/08 16:04:16 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008/05/08 15:38:14 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008/05/08 11:46:26 | 00,080,896 | ---- | C] () -- C:\WINDOWS\System32\LDPLAY.DLL
[2008/05/08 11:46:26 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\Voice.dll
[2008/05/08 11:46:20 | 00,192,000 | ---- | C] () -- C:\WINDOWS\System32\MTDLL32.DLL
[2008/05/08 11:46:20 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\mttrans.dll
[2008/05/08 11:46:20 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\Tran.dll
[2008/05/08 11:35:14 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\drwss.dll
[2008/05/08 11:35:14 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\AddToNote.dll
[2008/05/08 11:35:14 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\DreyeDBW.dll
[2008/05/08 11:35:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\DreyeDBU.dll
[2008/05/08 11:35:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ClientProc.dll
[2008/05/08 11:35:14 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Text32.dll
[2008/05/08 11:35:14 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DictInfo.dll
[2008/05/08 11:35:14 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\ITToolTip.dll
[2008/05/08 11:35:14 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\LevelApi.dll
[2008/05/08 11:35:13 | 00,294,912 | ---- | C] () -- C:\WINDOWS\System32\DreyeSkinCtrls80U.dll
[2008/05/08 11:35:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\exeProc.dll
[2008/05/08 11:35:13 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\DreyeMT.dll
[2008/05/08 11:25:17 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/08 11:25:17 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/05/08 11:25:09 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/05/08 10:39:56 | 00,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008/05/08 10:21:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/08 10:15:41 | 01,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/08 10:15:41 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/05/08 10:15:41 | 00,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/02/13 20:30:00 | 00,000,647 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/02/13 20:30:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/05/28 15:56:14 | 01,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007/05/28 15:55:06 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007/05/28 15:54:32 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007/01/04 15:10:22 | 00,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006/11/07 03:30:38 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/10/16 06:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 PM

Posted 10 October 2009 - 11:31 AM

Hi savo,

Just one question:

C:\Program Files\Spyfot - Search & Destroy


Spyfot? I've heard of Spybot...Is that a typo or the actual name of the program?


We'll continue the update once I know
Posted Image
m0le is a proud member of UNITE

#13 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 10 October 2009 - 10:37 PM

Oh, interesting. I never noticed that myself. I believe when I installed spybot s&d, i left it as the default name so it should of been Spybot not Spyfot.

I went into the folder and noticed that SpybotSDa.exe, TeaTimer.exe and SDUpdate.exe was set as hidden and read only. I do not recall doing this, is this how it is by default? Strangely, my shortcut on my startmenu for Spybot search and destroy links to "C:\Program Files\Spyfot - Search & Destroy\SpybotSD.exe" making the shortcut ineffective. Could it be possible that some sort of malicious programs renamed SpybotSD.exe to SpybotSDa.exe then changed a couple of files to hidden then also change name of the folder?

If they could do that, I can't imagine what else they could also do or could have done :(

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:25 PM

Posted 11 October 2009 - 04:17 AM

Could it be possible that some sort of malicious programs renamed SpybotSD.exe to SpybotSDa.exe then changed a couple of files to hidden then also change name of the folder?


Yes. Malware doesn't just invade these days they can change settings and files/folders (amongst other things).

Renaming it again should fix the problem.


In the meantime we have cleaned your PC so we need to clean up and update to stop this happening again.

Your PC is clean. Good stuff! :(

Let's do some clearing up


Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet are a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.


Old versions of Java are big doors to malware. JavaRa removes them and updates your version to the most current.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Delete ComboFix and Clean Up

Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it savo, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 Savo

Savo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 11 October 2009 - 10:10 AM

Thanks for all your help man.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users