Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google.com/webhp pop up


  • This topic is locked This topic is locked
25 replies to this topic

#1 Wax Luthor

Wax Luthor

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 16 June 2010 - 02:02 AM

Hello, like may others I joined this forum in need of some help. Yesterday I stumbled upon a doggy website I probably shouldn't have. Immediately I got lots of pop ups and both Avria and Spybot picked up a few threats. After scanning and deleting what was found I got a pop up with the address news-11-today.com every time I open firefox.

After updating Avria and scan it again in safe mode it picked up TR/Dldr.Mufanom.ujy. I don't get the news-11-today.com pop up after that but then out of the blue I just got a pop up with the address www.google.com/webhp and immediately Spybot picked up Win32.Agent.svc and Avria picked up WORM/Pinit.FG.6, TR/TDss.bgsn, and TR/FraudPack.axtj which made me believe the root of my problem probably is still not fixed. Spybot and Avria scans now find nothing.

I'll greatly appreciate it if somebody can help me.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 10:41:47.01 on 15/06/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.950.2.1028.18.1024.335 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\\knqe.tmp\svchost.exe
C:\Documents and Settings\Administrator\桌面\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = tw.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://tw.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ares vista] "c:\program files\ares vista\AresVista.exe" -h
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT ACR] c:\program files\common files\portrait displays\shared\DT_startup.exe -ACR
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] ctfmon.exe
dRun: [NetLogon] userint.exe
StartupFolder: c:\docume~1\admini~1\「開始~1\程式集\梃國\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\梃國\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\梃國\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\梃國\exifla~2.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\「開始~1\程式集\梃國\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {76028735-BBF1-4044-8DE2-5B90F0C7A77C}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhgax.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222215917250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222215902906
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 62.146.66.181 dl1.avgate.net
Hosts: 62.146.66.182 dl2.avgate.net
Hosts: 62.146.66.183 dl3.avgate.net
Hosts: 62.146.66.184 dl4.avgate.net

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\gqpezywq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.somethingawful.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: XULRunner: {1424AFB2-161F-4E4D-95CD-401676A888F7} - c:\documents and settings\administrator\local settings\application data\{1424afb2-161f-4e4d-95cd-401676a888f7}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-3-31 77312]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-12 11608]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-12 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-12 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-20 60936]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2010-3-11 90112]
R2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-2-26 200771]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2004-5-14 32896]

=============== Created Last 30 ================

2010-06-15 17:33:40 156160 ----a-w- c:\windows\system32\cooper.mine
2010-06-15 08:17:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-14 18:46:13 0 d-----w- c:\program files\SpywareBlaster
2010-06-14 05:07:13 92 ----a-w- c:\windows\wininit.ini
2010-06-13 09:43:56 0 ----a-w- c:\windows\Bmupazizuferosu.bin
2010-06-13 09:43:55 120 ----a-w- c:\windows\Wwuwudiwo.dat
2010-06-04 07:01:33 0 d-----w- c:\program files\UltraVPN
2010-05-24 11:14:37 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-04-06 04:25:16 61938 ----a-w- c:\windows\system32\prfc0404.dat
2010-04-06 04:25:16 213734 ----a-w- c:\windows\system32\prfh0404.dat
2007-12-02 09:07:09 5651 ----a-w- c:\program files\install.log
2003-07-31 09:53:28 147456 -c--a-w- c:\windows\inf\EL2K_XP.sys
2003-07-31 09:50:16 448768 -c--a-w- c:\windows\inf\EL2K_N64.sys
2003-07-31 09:43:00 147456 -c--a-w- c:\windows\inf\EL2K_2K.sys
2008-02-02 04:23:07 32 --sha-w- c:\windows\{5CBFC8D2-7EE6-4E23-8B67-F4C9A769ECBE}.dat
2007-02-10 03:32:05 32 -csha-w- c:\windows\{A6618059-DC4B-476D-A0D0-E845D50C5FED}.dat
2007-02-10 03:46:09 32 -csha-w- c:\windows\{AF17F733-7469-47AD-8B0C-D9A3413049AE}.dat
2006-02-10 18:37:43 32 -csha-w- c:\windows\{E7B2554F-0764-434A-8EB1-4CDE87288398}.dat
2004-09-13 00:37:53 71 -csha-w- c:\windows\system32\SYSDRVWC.SYS
2007-02-10 03:32:05 32 -csha-w- c:\windows\system32\{235CDF0D-BF0F-4891-B922-028FD7467969}.dat
2006-02-10 18:37:43 32 -csha-w- c:\windows\system32\{382D8498-6910-47B8-A245-32777093AC5A}.dat
2007-02-10 03:46:09 32 -csha-w- c:\windows\system32\{BD4DFFD1-CB39-4AFF-AB7C-7AAF7FB047A1}.dat
2008-02-02 04:23:07 32 --sha-w- c:\windows\system32\{F578A0DE-1C77-4239-A341-BBBCD2C1D1C5}.dat

============= FINISH: 10:43:04.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 16 June 2010 - 02:42 AM

Greetings

One or more of the identified infections is a Backdoor Trojan. - TDSS rootkit

This could allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
    It is a simple procedure that will only take a few moments of your time.


    Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 16 June 2010 - 12:29 PM

I disabled all of my antivirus/antispyware programs and tried to run Combofix. During the scan it asked me to reboot the computer, I did and upon Windows startup I got a blue screen with the message STOP:C0000135 Unknown Hard Error. I tried booting in Safe Mode and previous restore point and got the same result.

Also thanks for the info, my bank account and credit card history looks fine and I changed all my passwords. Just curious what does "backdoor functionality" mean? Does it mean even if I cleaned that trojan the jerk can still access my computer remotely?

Edited by Wax Luthor, 16 June 2010 - 01:11 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 16 June 2010 - 09:03 PM

Greetings

what file does it indicate?


Please do this......
  • Download OTLPE Network from either location and save it to your desktop:

    http://oldtimer.geekstogo.com/OTLPENet.exe
    http://ottools.noahdfear.net/OTLPENet.exe

  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPENet Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here

  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Copy and Paste the following code into the textbox. Do not include the word "Code"

    Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Push
  • When finished, the file will be saved in drive C:\OTL.txt
  • Please post the contents of the C:\OTL.txt file in your next reply.
  • Copy this file to your USB drive if you do not have an internet connection.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 17 June 2010 - 01:33 AM

QUOTE(gringo_pr @ Jun 16 2010, 07:03 PM) View Post
what file does it indicate?


I'm actually using Chinese Windows and the messages are in Chinese so I'll do my best translating. After Combofix finished installing the Recovery Console and made the registry backup, it said there's a rootkit change and asked me to reboot and also write down the below message which was "%~G".

And I just realized the old laptop I'm using now doesn't have a CD writer. I'll write the CD at work tomorrow and do the OTL scan later tomorrow night.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 17 June 2010 - 01:37 AM

thumbup2.gif
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 18 June 2010 - 01:45 AM

Ok here's the OTL scan log:

OTL logfile created on: 6/18/2010 12:24:43 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: 加拿大 | Language: ENC | Date Format: dd/MM/yyyy

1,024.00 Mb Total Physical Memory | 814.00 Mb Available Physical Memory | 80.00% Memory free
907.00 Mb Paging File | 849.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 7.70 Gb Free Space | 39.41% Space Free | Partition Type: NTFS
Drive D: | 27.48 Gb Total Space | 6.50 Gb Free Space | 23.65% Space Free | Partition Type: FAT32
Drive E: | 27.49 Gb Total Space | 10.38 Gb Free Space | 37.75% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/01 16:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 13:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/27 13:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/06 15:40:00 | 000,069,632 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/04 21:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2005/04/30 21:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/02/11 02:13:12 | 000,200,771 | ---- | M] (Raxco Software, Inc.) [Auto] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2004/02/11 02:12:32 | 000,434,245 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/03/01 13:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 17:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/06 15:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 15:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 15:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 15:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/05/11 15:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 13:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/26 13:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/31 18:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/06/04 21:59:50 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2007/02/09 16:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 16:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/10/22 16:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 02:08:30 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2004/08/04 02:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/05/14 14:37:10 | 000,032,896 | ---- | M] (NetGroup - Politecnico di Torino) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/02/26 20:00:00 | 000,048,570 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2004/02/26 20:00:00 | 000,048,570 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\defrag32.sys -- (Defrag32)
DRV - [2004/02/26 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/10/30 23:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)
DRV - [2003/07/31 05:53:28 | 000,147,456 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2003/07/01 16:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V4CB0115.SYS -- (FINEPIX_PCC)
DRV - [2001/10/30 16:01:50 | 000,280,782 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 17:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 02:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [1997/04/22 14:16:00 | 000,006,272 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = tw.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = tw.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 2A 49 EC C6 DD 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = tw.yahoo.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = tw.yahoo.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.somethingawful.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1424AFB2-161F-4E4D-95CD-401676A888F7}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{1424AFB2-161F-4E4D-95CD-401676A888F7}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{1424AFB2-161F-4E4D-95CD-401676A888F7}\ [2010/06/13 05:43:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 05:25:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/15 04:17:01 | 000,000,000 | ---D | M]

[2008/07/04 14:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/14 04:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\extensions
[2007/08/20 14:46:59 | 000,007,431 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\dictionarycom.xml
[2008/05/30 11:36:54 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\googlemaps.xml
[2008/06/26 04:35:32 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\IMDb.xml
[2008/06/26 04:35:32 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\wikipedia.xml
[2007/08/07 09:49:12 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\youtube-video-search.xml
[2010/06/16 04:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/15 04:17:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 20:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/02/24 15:44:23 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPinfotl.dll
[2006/03/15 20:25:21 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/06/16 05:27:05 | 000,001,147 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 62.146.66.181 dl1.avgate.net
O1 - Hosts: 62.146.66.182 dl2.avgate.net
O1 - Hosts: 62.146.66.183 dl3.avgate.net
O1 - Hosts: 62.146.66.184 dl4.avgate.net
O1 - Hosts: 80.190.143.23 dl5.avgate.net
O1 - Hosts: 80.190.143.23 dl6.avgate.net
O1 - Hosts: 62.146.66.178 dl7.avgate.net
O1 - Hosts: 62.146.66.179 dl8.avgate.net
O1 - Hosts: 80.190.143.239 dl9.avgate.net
O1 - Hosts: 80.190.143.230 dl10.avgate.net
O1 - Hosts: 127.0.0.1 new #ad
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF16323.cfx File not found
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKU\.DEFAULT..\Run: [NetLogon] File not found
O4 - HKU\Administrator_ON_C..\Run: [ares vista] C:\Program Files\Ares Vista\AresVista.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Administrator_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF16323.cfx File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Exif Launcher 2.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Exif Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00000055-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhgax.CAB (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1222215917250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1222215902906 (MUWebControl Class)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble.jp/_common/cab/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.92 64.59.144.93
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/31 08:45:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5f69f24b-5d99-11df-8afb-000ea657e392}\Shell - "" = AutoRun
O33 - MountPoints2\{5f69f24b-5d99-11df-8afb-000ea657e392}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/03/31 08:45:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - 離線瀏覽軟體
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - 進階創作
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer 說明
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer 安裝程式工具
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - 瀏覽增強元件
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN 站台存取
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web 資料夾
ActiveX: {76C19B33-F0C8-11cf-87CC-0020AFEECF20} - Chinese (Traditional) Language Support
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer 核心字型
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML 說明
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - ffdshow.ax File not found
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 05:37:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/16 05:32:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 05:32:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 05:32:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 05:32:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/16 05:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/16 05:32:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/16 05:31:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/15 04:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/15 04:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/15 04:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/06/15 04:17:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/15 04:17:01 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/15 04:17:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/15 04:17:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/14 14:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/14 05:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/13 05:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{1424AFB2-161F-4E4D-95CD-401676A888F7}
[2010/06/13 05:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/06/07 01:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/06/04 03:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVPN
[2010/05/24 07:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2004/07/09 23:01:02 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL

========== Files - Modified Within 30 Days ==========

[2010/06/16 05:58:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/16 05:40:18 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/06/16 05:40:18 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/06/16 05:40:03 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/16 05:40:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/16 05:37:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/16 05:32:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/16 05:27:05 | 000,001,147 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/16 03:19:07 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 13:33:39 | 000,156,160 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/15 13:21:14 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/15 13:19:02 | 002,243,616 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/15 13:19:00 | 000,000,505 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/15 13:19:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/15 13:19:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/14 01:17:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/14 01:08:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wwuwudiwo.dat
[2010/06/14 01:07:13 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/13 13:25:41 | 000,404,730 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-022705.backup
[2010/06/13 05:43:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bmupazizuferosu.bin

========== Files Created - No Company Name ==========

[2010/06/16 05:37:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/16 05:37:39 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/16 05:32:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 05:32:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 05:32:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 05:32:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 05:32:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/15 13:33:40 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/14 01:07:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/13 05:43:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmupazizuferosu.bin
[2010/06/13 05:43:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wwuwudiwo.dat
[2010/03/11 18:09:52 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/09/24 00:13:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2007/12/02 05:07:08 | 000,005,651 | ---- | C] () -- C:\Program Files\install.log
[2007/02/09 23:31:23 | 000,000,588 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/01/12 21:08:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/11 21:19:45 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/10/22 16:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 16:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 16:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 16:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 16:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 16:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 16:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/12 00:52:03 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\webct_upload_applet.properties
[2006/04/26 22:20:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/26 22:20:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/10 14:34:11 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Administrator\LuResult.txt
[2005/07/27 23:56:42 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/07/26 17:45:46 | 055,109,438 | ---- | C] () -- C:\Documents and Settings\Administrator\Backup_Dr.reg
[2005/05/20 03:18:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/03/05 23:45:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1U.DLL
[2005/02/15 18:33:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/25 23:57:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/01/25 23:57:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/01/25 23:57:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/01/25 23:57:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/01/25 23:57:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/12/02 14:47:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mpauth.dat
[2004/10/24 23:41:43 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2004/10/24 23:41:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2004/10/24 23:41:42 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2004/10/24 23:41:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2004/10/24 22:22:12 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\tvmcwrd.dll
[2004/09/22 22:15:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2004/09/12 20:37:55 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\SQSDRVWC.SYS
[2004/09/12 20:37:53 | 000,000,071 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRVWC.SYS
[2004/07/09 23:01:02 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/05/03 20:03:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/04/06 19:18:35 | 000,016,453 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/04/03 05:38:59 | 000,177,877 | ---- | C] () -- C:\Documents and Settings\Administrator\~
[2004/04/01 08:51:43 | 000,000,395 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/01 08:51:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/04/01 07:55:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/04/01 07:52:33 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/01 07:42:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2004/03/31 11:36:52 | 000,002,578 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/03/31 11:36:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/03/31 09:57:01 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/31 09:49:51 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2004/03/31 09:42:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2004/03/31 09:41:14 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004/03/31 09:41:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004/03/31 09:36:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2004/03/31 09:15:40 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/03/31 09:15:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/03/31 09:15:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/03/31 08:51:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/03/31 08:51:02 | 012,845,056 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/03/31 08:51:02 | 000,438,272 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2004/03/31 08:50:44 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/03/31 08:50:44 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/03/31 08:50:44 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/02/26 20:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/15 10:01:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/01/09 11:47:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2002/03/21 16:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 16:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 16:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 16:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 16:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 16:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 16:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/09/17 01:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2005/10/04 02:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
[2004/04/23 18:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2006/03/13 05:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2004/04/01 09:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreCodec
[2010/03/11 18:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayTune
[2006/12/16 21:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FUJIFILM
[2004/04/02 02:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2004/04/01 08:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
[2006/02/18 19:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lionhead Studios
[2008/10/08 20:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2008/09/25 22:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/11 03:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/11 21:23:24 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/11 21:23:24 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/02/26 20:00:00 | 010,167,372 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/11 21:23:24 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/11 21:23:24 | 018,907,918 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2004/02/26 20:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/02/26 20:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=8DB66A6145F185DDA330AAF56769817D -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/11 21:16:14 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D33069982F8DCCA36BA9B5E64188BA48 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/11 21:16:14 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D33069982F8DCCA36BA9B5E64188BA48 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/02/26 20:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=AF863EBC5DE13B881C37F449672282C9 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/11 21:16:16 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1E2BA80D8CFC0C6814E5774E42B53D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/11 21:16:16 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1E2BA80D8CFC0C6814E5774E42B53D9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/11 21:16:16 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=3294F364BA88EDA4A296A7FDD55653E9 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/11 21:16:16 | 000,171,520 | ---- | M] (Microsoft Corporation) MD5=3294F364BA88EDA4A296A7FDD55653E9 -- C:\WINDOWS\system32\scecli.dll
[2004/02/26 20:00:00 | 000,165,888 | ---- | M] (Microsoft Corporation) MD5=E5B84473ADD9812124B732FEA9C909D6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/11 21:16:24 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=55FC3F751B389187404BA70EAF989F9D -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004/08/11 21:16:24 | 000,023,552 | ---- | M] (Microsoft Corporation) MD5=55FC3F751B389187404BA70EAF989F9D -- C:\WINDOWS\system32\userinit.exe
[2004/02/26 20:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=A3D9A0A13F0C56E0ADE0E0261A74B646 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: VIASRAID.SYS >
[2003/10/30 23:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\Qoobox\32788R22FWJFW\viasraid.sys
[2003/10/30 23:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/03/31 16:36:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/03/31 16:36:28 | 000,614,400 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/03/31 16:36:28 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/11 21:16:14 | 000,148,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/11 21:16:16 | 000,260,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2004/08/11 21:16:16 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/11 21:16:18 | 001,482,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2004/08/11 21:16:18 | 008,244,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< CREATERESTOREPOINT >

========== Files - Unicode (All) ==========
[2010/06/16 05:30:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??) -- C:\Documents and Settings\Administrator\桌面
[2010/06/16 05:30:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??) -- C:\Documents and Settings\Administrator\桌面
[2010/06/16 04:47:15 | 003,712,368 | R--- | M] ()(C:\Documents and Settings\Administrator\??\ComboFix.exe) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2010/06/16 04:47:08 | 003,712,368 | R--- | C] ()(C:\Documents and Settings\Administrator\??\ComboFix.exe) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2010/06/16 04:46:40 | 000,047,123 | ---- | M] ()(C:\Documents and Settings\Administrator\??\how-to-use-combofix.htm) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix.htm
[2010/06/16 04:46:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\how-to-use-combofix_files) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix_files
[2010/06/16 04:46:39 | 000,047,123 | ---- | C] ()(C:\Documents and Settings\Administrator\??\how-to-use-combofix.htm) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix.htm
[2010/06/16 04:46:39 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\how-to-use-combofix_files) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix_files
[2010/06/16 03:50:33 | 000,002,810 | ---- | M] ()(C:\Documents and Settings\Administrator\??\fix.txt) -- C:\Documents and Settings\Administrator\桌面\fix.txt
[2010/06/16 03:50:33 | 000,002,810 | ---- | C] ()(C:\Documents and Settings\Administrator\??\fix.txt) -- C:\Documents and Settings\Administrator\桌面\fix.txt
[2010/06/16 02:45:40 | 000,030,762 | ---- | M] ()(C:\Documents and Settings\Administrator\??\ark.txt) -- C:\Documents and Settings\Administrator\桌面\ark.txt
[2010/06/16 02:45:40 | 000,030,762 | ---- | C] ()(C:\Documents and Settings\Administrator\??\ark.txt) -- C:\Documents and Settings\Administrator\桌面\ark.txt
[2010/06/15 13:45:51 | 000,293,376 | ---- | C] ()(C:\Documents and Settings\Administrator\??\gmer.exe) -- C:\Documents and Settings\Administrator\桌面\gmer.exe
[2010/06/15 13:44:20 | 000,017,535 | ---- | M] ()(C:\Documents and Settings\Administrator\??\DDS.txt) -- C:\Documents and Settings\Administrator\桌面\DDS.txt
[2010/06/15 13:44:20 | 000,017,535 | ---- | C] ()(C:\Documents and Settings\Administrator\??\DDS.txt) -- C:\Documents and Settings\Administrator\桌面\DDS.txt
[2010/06/15 13:44:09 | 000,039,278 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Attach.txt) -- C:\Documents and Settings\Administrator\桌面\Attach.txt
[2010/06/15 13:44:09 | 000,039,278 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Attach.txt) -- C:\Documents and Settings\Administrator\桌面\Attach.txt
[2010/06/15 13:40:45 | 000,284,915 | ---- | C] ()(C:\Documents and Settings\Administrator\??\gmer.zip) -- C:\Documents and Settings\Administrator\桌面\gmer.zip
[2010/06/15 13:40:43 | 000,284,915 | ---- | M] ()(C:\Documents and Settings\Administrator\??\gmer.zip) -- C:\Documents and Settings\Administrator\桌面\gmer.zip
[2010/06/15 13:39:00 | 000,525,824 | ---- | C] ()(C:\Documents and Settings\Administrator\??\dds.scr) -- C:\Documents and Settings\Administrator\桌面\dds.scr
[2010/06/15 13:38:57 | 000,525,824 | ---- | M] ()(C:\Documents and Settings\Administrator\??\dds.scr) -- C:\Documents and Settings\Administrator\桌面\dds.scr
[2010/06/14 16:12:52 | 000,444,416 | ---- | C] (OldTimer Tools)(C:\Documents and Settings\Administrator\??\TFC.exe) -- C:\Documents and Settings\Administrator\桌面\TFC.exe
[2010/06/14 16:12:51 | 000,444,416 | ---- | M] (OldTimer Tools)(C:\Documents and Settings\Administrator\??\TFC.exe) -- C:\Documents and Settings\Administrator\桌面\TFC.exe
[2010/06/14 14:46:16 | 000,000,696 | ---- | M] ()(C:\Documents and Settings\Administrator\??\SpywareBlaster.lnk) -- C:\Documents and Settings\Administrator\桌面\SpywareBlaster.lnk
[2010/06/14 14:46:16 | 000,000,696 | ---- | C] ()(C:\Documents and Settings\Administrator\??\SpywareBlaster.lnk) -- C:\Documents and Settings\Administrator\桌面\SpywareBlaster.lnk
[2010/06/14 14:44:49 | 003,103,640 | ---- | M] (Javacool Software LLC )(C:\Documents and Settings\Administrator\??\spywareblastersetup43.exe) -- C:\Documents and Settings\Administrator\桌面\spywareblastersetup43.exe
[2010/06/14 14:44:37 | 003,103,640 | ---- | C] (Javacool Software LLC )(C:\Documents and Settings\Administrator\??\spywareblastersetup43.exe) -- C:\Documents and Settings\Administrator\桌面\spywareblastersetup43.exe
[2010/06/06 13:28:04 | 000,061,440 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Chung 02311.xls) -- C:\Documents and Settings\Administrator\桌面\Chung 02311.xls
[2010/06/06 02:04:23 | 000,061,440 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Chung 02311.xls) -- C:\Documents and Settings\Administrator\桌面\Chung 02311.xls
[2010/05/30 03:56:42 | 000,002,355 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Microsoft Word.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft Word.lnk
[2010/05/25 04:30:58 | 000,107,535 | ---- | M] ()(C:\Documents and Settings\Administrator\??\43340_1.jpg) -- C:\Documents and Settings\Administrator\桌面\43340_1.jpg
[2010/05/25 04:30:58 | 000,107,535 | ---- | C] ()(C:\Documents and Settings\Administrator\??\43340_1.jpg) -- C:\Documents and Settings\Administrator\桌面\43340_1.jpg
[2010/05/16 04:30:30 | 000,322,352 | ---- | M] (BitTorrent, Inc.)(C:\Documents and Settings\Administrator\??\utorrent.exe) -- C:\Documents and Settings\Administrator\桌面\utorrent.exe
[2010/05/15 04:26:12 | 000,174,376 | ---- | M] ()(C:\Documents and Settings\Administrator\??\797px-Independence_Hall.jpg) -- C:\Documents and Settings\Administrator\桌面\797px-Independence_Hall.jpg
[2010/05/15 04:26:12 | 000,174,376 | ---- | C] ()(C:\Documents and Settings\Administrator\??\797px-Independence_Hall.jpg) -- C:\Documents and Settings\Administrator\桌面\797px-Independence_Hall.jpg
[2010/05/03 14:49:40 | 000,018,977 | ---- | M] ()(C:\Documents and Settings\Administrator\??\ticket.htm) -- C:\Documents and Settings\Administrator\桌面\ticket.htm
[2010/05/03 14:49:39 | 000,018,977 | ---- | C] ()(C:\Documents and Settings\Administrator\??\ticket.htm) -- C:\Documents and Settings\Administrator\桌面\ticket.htm
[2010/05/03 14:49:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\ticket_files) -- C:\Documents and Settings\Administrator\桌面\ticket_files
[2010/05/03 14:49:39 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\ticket_files) -- C:\Documents and Settings\Administrator\桌面\ticket_files
[2010/04/15 03:26:49 | 000,001,237 | ---- | M] ()(C:\Documents and Settings\Administrator\??\pass.txt) -- C:\Documents and Settings\Administrator\桌面\pass.txt
[2010/02/24 07:49:00 | 000,126,729 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Image028.jpg) -- C:\Documents and Settings\Administrator\桌面\Image028.jpg
[2010/02/23 11:12:56 | 000,126,729 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Image028.jpg) -- C:\Documents and Settings\Administrator\桌面\Image028.jpg
[2010/01/27 16:59:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\monica) -- C:\Documents and Settings\Administrator\桌面\monica
[2009/12/21 17:02:54 | 000,187,371 | ---- | M] ()(C:\Documents and Settings\Administrator\??\work3.jpg) -- C:\Documents and Settings\Administrator\桌面\work3.jpg
[2009/12/21 17:02:47 | 000,195,069 | ---- | M] ()(C:\Documents and Settings\Administrator\??\work2.jpg) -- C:\Documents and Settings\Administrator\桌面\work2.jpg
[2009/12/21 17:02:34 | 000,196,333 | ---- | M] ()(C:\Documents and Settings\Administrator\??\work1.jpg) -- C:\Documents and Settings\Administrator\桌面\work1.jpg
[2009/12/21 17:02:33 | 000,196,333 | ---- | C] ()(C:\Documents and Settings\Administrator\??\work1.jpg) -- C:\Documents and Settings\Administrator\桌面\work1.jpg
[2009/12/21 17:02:33 | 000,195,069 | ---- | C] ()(C:\Documents and Settings\Administrator\??\work2.jpg) -- C:\Documents and Settings\Administrator\桌面\work2.jpg
[2009/12/21 17:02:33 | 000,187,371 | ---- | C] ()(C:\Documents and Settings\Administrator\??\work3.jpg) -- C:\Documents and Settings\Administrator\桌面\work3.jpg
[2009/12/15 14:24:48 | 000,293,376 | ---- | M] ()(C:\Documents and Settings\Administrator\??\gmer.exe) -- C:\Documents and Settings\Administrator\桌面\gmer.exe
[2009/11/22 00:42:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\baubles) -- C:\Documents and Settings\Administrator\桌面\baubles
[2009/10/31 14:04:32 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\baubles) -- C:\Documents and Settings\Administrator\桌面\baubles
[2009/10/31 02:15:34 | 000,081,408 | -HS- | M] ()(C:\Documents and Settings\Administrator\??\Thumbs.db) -- C:\Documents and Settings\Administrator\桌面\Thumbs.db
[2009/10/31 02:15:30 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\pics) -- C:\Documents and Settings\Administrator\桌面\pics
[2009/09/04 02:08:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\hunt) -- C:\Documents and Settings\Administrator\桌面\hunt
[2009/08/22 00:17:16 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\pics) -- C:\Documents and Settings\Administrator\桌面\pics
[2009/08/19 04:06:46 | 000,000,939 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Spybot - Search & Destroy.lnk) -- C:\Documents and Settings\Administrator\桌面\Spybot - Search & Destroy.lnk
[2009/03/09 21:01:54 | 000,322,352 | ---- | C] (BitTorrent, Inc.)(C:\Documents and Settings\Administrator\??\utorrent.exe) -- C:\Documents and Settings\Administrator\桌面\utorrent.exe
[2008/10/15 00:19:01 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\VLC Snapshot) -- C:\Documents and Settings\Administrator\桌面\VLC Snapshot
[2008/06/12 21:26:30 | 000,000,672 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Burrrn.lnk) -- C:\Documents and Settings\Administrator\桌面\Burrrn.lnk
[2008/06/12 21:26:08 | 000,000,672 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Burrrn.lnk) -- C:\Documents and Settings\Administrator\桌面\Burrrn.lnk
[2008/01/09 20:05:22 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\hunt) -- C:\Documents and Settings\Administrator\桌面\hunt
[2007/10/08 19:00:51 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\monica) -- C:\Documents and Settings\Administrator\桌面\monica
[2007/08/29 02:33:36 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\mp3) -- C:\Documents and Settings\Administrator\桌面\mp3
[2007/08/29 02:24:27 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\mp3) -- C:\Documents and Settings\Administrator\桌面\mp3
[2007/06/30 11:14:03 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\VLC Snapshot) -- C:\Documents and Settings\Administrator\桌面\VLC Snapshot
[2006/11/25 15:01:17 | 000,002,361 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Microsoft PowerPoint.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft PowerPoint.lnk
[2005/12/19 15:43:31 | 000,000,000 | R--D | M](C:\Documents and Settings\Administrator\???????) -- C:\Documents and Settings\Administrator\「開始」功能表
[2005/12/19 15:43:31 | 000,000,000 | R--D | M](C:\Documents and Settings\Administrator\???????) -- C:\Documents and Settings\Administrator\「開始」功能表
[2005/08/19 02:21:54 | 000,001,237 | ---- | C] ()(C:\Documents and Settings\Administrator\??\pass.txt) -- C:\Documents and Settings\Administrator\桌面\pass.txt
[2005/08/10 00:55:51 | 000,000,632 | ---- | M] ()(C:\Documents and Settings\Administrator\??\mIRC.lnk) -- C:\Documents and Settings\Administrator\桌面\mIRC.lnk
[2005/08/10 00:55:51 | 000,000,632 | ---- | C] ()(C:\Documents and Settings\Administrator\??\mIRC.lnk) -- C:\Documents and Settings\Administrator\桌面\mIRC.lnk
[2005/05/28 20:51:13 | 000,081,408 | -HS- | C] ()(C:\Documents and Settings\Administrator\??\Thumbs.db) -- C:\Documents and Settings\Administrator\桌面\Thumbs.db
[2004/06/12 00:37:33 | 000,000,939 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Spybot - Search & Destroy.lnk) -- C:\Documents and Settings\Administrator\桌面\Spybot - Search & Destroy.lnk
[2004/04/04 22:28:55 | 000,001,628 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Nero Enterprise Edition.lnk) -- C:\Documents and Settings\Administrator\桌面\Nero Enterprise Edition.lnk
[2004/04/01 07:27:58 | 000,001,628 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Nero Enterprise Edition.lnk) -- C:\Documents and Settings\Administrator\桌面\Nero Enterprise Edition.lnk
[2004/04/01 07:27:10 | 000,002,361 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Microsoft PowerPoint.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft PowerPoint.lnk
[2004/04/01 07:26:47 | 000,002,355 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Microsoft Word.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft Word.lnk
[2004/04/01 07:26:16 | 000,000,744 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Outlook Express.lnk) -- C:\Documents and Settings\Administrator\桌面\Outlook Express.lnk
[2004/04/01 07:21:31 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\我已接收的檔案
[2004/04/01 07:21:31 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\我已接收的檔案
[2004/03/31 09:05:52 | 000,000,744 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Outlook Express.lnk) -- C:\Documents and Settings\Administrator\桌面\Outlook Express.lnk
[2004/03/31 09:05:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\????) -- C:\Documents and Settings\Administrator\「開始」
[2004/03/31 09:05:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\????) -- C:\Documents and Settings\Administrator\「開始」
[2004/03/31 08:51:02 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\Administrator\???????\???\??\desktop.ini) -- C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\desktop.ini
[2004/03/31 08:49:35 | 000,000,084 | -HS- | C] ()(C:\WINDOWS\system32\config\systemprofile\???????\???\??\desktop.ini) -- C:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動\desktop.ini
[2004/03/31 08:46:02 | 000,000,084 | -HS- | M] ()(C:\WINDOWS\system32\config\systemprofile\???????\???\??\desktop.ini) -- C:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動\desktop.ini
[2004/03/31 08:46:02 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\Administrator\???????\???\??\desktop.ini) -- C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\desktop.ini
[2004/02/26 20:00:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\????.scf) -- C:\WINDOWS\System32\檢視頻道.scf
[2004/02/26 20:00:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\????.scf) -- C:\WINDOWS\System32\檢視頻道.scf
(C:\Documents and Settings\Administrator\???????) -- C:\Documents and Settings\Administrator\「開始」功能表
(C:\Documents and Settings\Administrator\????) -- C:\Documents and Settings\Administrator\「開始」
(C:\Documents and Settings\Administrator\??) -- C:\Documents and Settings\Administrator\桌面
< End of report >


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 18 June 2010 - 01:56 AM

Greetings


while we are online did you try last known good in the safe boot menu? if not try it.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 18 June 2010 - 02:05 AM

Just tried both last known good and safe mode, still getting c0000135 unknown hard error.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 18 June 2010 - 02:08 AM

  • Boot the non-working computer using the boot CD we created
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Copy and Paste the following code into the textbox. Do not include the word "Code"

    Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

    CODE
    /md5start
    dmio.sys
    /md5stop

  • Push
  • When finished, the file will be saved in drive C:\OTL.txt
  • Please post the contents of the C:\OTL.txt file in your next reply.
  • Copy this file to your USB drive if you do not have an internet connection.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 18 June 2010 - 02:23 AM

Alright new log:

OTL logfile created on: 6/18/2010 2:17:57 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: 加拿大 | Language: ENC | Date Format: dd/MM/yyyy

1,024.00 Mb Total Physical Memory | 814.00 Mb Available Physical Memory | 80.00% Memory free
907.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 7.70 Gb Free Space | 39.41% Space Free | Partition Type: NTFS
Drive D: | 27.48 Gb Total Space | 6.50 Gb Free Space | 23.65% Space Free | Partition Type: FAT32
Drive E: | 27.49 Gb Total Space | 10.38 Gb Free Space | 37.75% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/01 16:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 13:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/27 13:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/06/06 15:40:00 | 000,069,632 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/04 21:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2005/04/30 21:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/02/11 02:13:12 | 000,200,771 | ---- | M] (Raxco Software, Inc.) [Auto] -- C:\Program Files\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2004/02/11 02:12:32 | 000,434,245 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/03/01 13:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 17:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/06 15:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 15:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 15:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 15:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/05/11 15:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 13:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/26 13:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/31 18:42:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/06/04 21:59:50 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2007/02/09 16:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 16:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/10/22 16:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 02:08:30 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2004/08/04 02:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/05/14 14:37:10 | 000,032,896 | ---- | M] (NetGroup - Politecnico di Torino) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/02/26 20:00:00 | 000,048,570 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2004/02/26 20:00:00 | 000,048,570 | ---- | M] (Raxco Software, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\defrag32.sys -- (Defrag32)
DRV - [2004/02/26 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/10/30 23:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid)
DRV - [2003/07/31 05:53:28 | 000,147,456 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000)
DRV - [2003/07/01 16:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001/11/24 22:11:54 | 000,081,924 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V4CB0115.SYS -- (FINEPIX_PCC)
DRV - [2001/10/30 16:01:50 | 000,280,782 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/23 15:00:00 | 000,022,400 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 17:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 02:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [1997/04/22 14:16:00 | 000,006,272 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = tw.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = tw.yahoo.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 2A 49 EC C6 DD 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data]
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = tw.yahoo.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = tw.yahoo.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.somethingawful.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1424AFB2-161F-4E4D-95CD-401676A888F7}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{1424AFB2-161F-4E4D-95CD-401676A888F7}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{1424AFB2-161F-4E4D-95CD-401676A888F7}\ [2010/06/13 05:43:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 05:25:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/15 04:17:01 | 000,000,000 | ---D | M]

[2008/07/04 14:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/14 04:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\extensions
[2007/08/20 14:46:59 | 000,007,431 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\dictionarycom.xml
[2008/05/30 11:36:54 | 000,002,180 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\googlemaps.xml
[2008/06/26 04:35:32 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\IMDb.xml
[2008/06/26 04:35:32 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\wikipedia.xml
[2007/08/07 09:49:12 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gqpezywq.default\searchplugins\youtube-video-search.xml
[2010/06/16 04:58:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/15 04:17:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 20:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/02/24 15:44:23 | 000,626,688 | ---- | M] (ebrary) -- C:\Program Files\Mozilla Firefox\plugins\NPinfotl.dll
[2006/03/15 20:25:21 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2010/06/16 05:27:05 | 000,001,147 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 62.146.66.181 dl1.avgate.net
O1 - Hosts: 62.146.66.182 dl2.avgate.net
O1 - Hosts: 62.146.66.183 dl3.avgate.net
O1 - Hosts: 62.146.66.184 dl4.avgate.net
O1 - Hosts: 80.190.143.23 dl5.avgate.net
O1 - Hosts: 80.190.143.23 dl6.avgate.net
O1 - Hosts: 62.146.66.178 dl7.avgate.net
O1 - Hosts: 62.146.66.179 dl8.avgate.net
O1 - Hosts: 80.190.143.239 dl9.avgate.net
O1 - Hosts: 80.190.143.230 dl10.avgate.net
O1 - Hosts: 127.0.0.1 new #ad
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF16323.cfx File not found
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKU\.DEFAULT..\Run: [NetLogon] File not found
O4 - HKU\Administrator_ON_C..\Run: [ares vista] C:\Program Files\Ares Vista\AresVista.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\Administrator_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Administrator_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF16323.cfx File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Reader Speed Launch.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Exif Launcher 2.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Exif Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00000055-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhgax.CAB (Reg Error: Key error.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1222215917250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1222215902906 (MUWebControl Class)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble.jp/_common/cab/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.92 64.59.144.93
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/31 08:45:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{5f69f24b-5d99-11df-8afb-000ea657e392}\Shell - "" = AutoRun
O33 - MountPoints2\{5f69f24b-5d99-11df-8afb-000ea657e392}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/16 05:37:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/16 05:32:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 05:32:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 05:32:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 05:32:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/16 05:32:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/16 05:32:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/06/16 05:31:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/15 04:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/15 04:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/15 04:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/06/15 04:17:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/15 04:17:01 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/15 04:17:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/15 04:17:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/14 14:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/06/14 05:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/13 05:43:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{1424AFB2-161F-4E4D-95CD-401676A888F7}
[2010/06/13 05:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/06/07 01:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2010/06/04 03:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVPN
[2010/05/24 07:14:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2004/07/09 23:01:02 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL

========== Files - Modified Within 30 Days ==========

[2010/06/18 04:03:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/18 00:50:21 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/16 05:40:18 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/06/16 05:40:18 | 000,524,288 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/06/16 05:40:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/16 05:37:43 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/16 05:32:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/16 05:27:05 | 000,001,147 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/16 03:19:07 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/15 13:33:39 | 000,156,160 | ---- | M] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/15 13:21:14 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/15 13:19:02 | 002,243,616 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/15 13:19:00 | 000,000,505 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/15 13:19:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/15 13:19:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/14 01:17:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/14 01:08:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wwuwudiwo.dat
[2010/06/14 01:07:13 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/13 13:25:41 | 000,404,730 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-022705.backup
[2010/06/13 05:43:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bmupazizuferosu.bin

========== Files Created - No Company Name ==========

[2010/06/16 05:37:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/16 05:37:39 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/16 05:32:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 05:32:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 05:32:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 05:32:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 05:32:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/15 13:33:40 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\cooper.mine
[2010/06/14 01:07:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/13 05:43:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bmupazizuferosu.bin
[2010/06/13 05:43:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wwuwudiwo.dat
[2010/03/11 18:09:52 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/09/24 00:13:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2007/12/02 05:07:08 | 000,005,651 | ---- | C] () -- C:\Program Files\install.log
[2007/02/09 23:31:23 | 000,000,588 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2007/01/12 21:08:29 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/11 21:19:45 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/10/22 16:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 16:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 16:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 16:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 16:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 16:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 16:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/12 00:52:03 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\webct_upload_applet.properties
[2006/04/26 22:20:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/04/26 22:20:32 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/10 14:34:11 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Administrator\LuResult.txt
[2005/07/27 23:56:42 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/07/26 17:45:46 | 055,109,438 | ---- | C] () -- C:\Documents and Settings\Administrator\Backup_Dr.reg
[2005/05/20 03:18:25 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/03/05 23:45:33 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1U.DLL
[2005/02/15 18:33:24 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/25 23:57:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2005/01/25 23:57:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2005/01/25 23:57:46 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2005/01/25 23:57:46 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2005/01/25 23:57:46 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/12/02 14:47:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mpauth.dat
[2004/10/24 23:41:43 | 000,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2004/10/24 23:41:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HDBHO.dll
[2004/10/24 23:41:42 | 000,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2004/10/24 23:41:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2004/10/24 22:22:12 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\tvmcwrd.dll
[2004/09/22 22:15:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2004/09/12 20:37:55 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\SQSDRVWC.SYS
[2004/09/12 20:37:53 | 000,000,071 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRVWC.SYS
[2004/07/09 23:01:02 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/05/03 20:03:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/04/06 19:18:35 | 000,016,453 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/04/03 05:38:59 | 000,177,877 | ---- | C] () -- C:\Documents and Settings\Administrator\~
[2004/04/01 08:51:43 | 000,000,395 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/04/01 08:51:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/04/01 07:55:12 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/04/01 07:52:33 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/01 07:42:07 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2004/03/31 11:36:52 | 000,002,578 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/03/31 11:36:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2004/03/31 09:57:01 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/03/31 09:49:51 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS
[2004/03/31 09:42:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2004/03/31 09:41:14 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2004/03/31 09:41:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004/03/31 09:36:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2004/03/31 09:15:40 | 000,000,180 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/03/31 09:15:39 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/03/31 09:15:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/03/31 08:51:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/03/31 08:51:02 | 012,845,056 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2004/03/31 08:51:02 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2004/03/31 08:50:44 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/03/31 08:50:44 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/03/31 08:50:44 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/02/26 20:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/01/15 10:01:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2004/01/09 11:47:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\avisynth_c.dll
[2002/03/21 16:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 16:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 16:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 16:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 16:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 16:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 16:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2001/09/17 01:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2001/08/23 15:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2005/10/04 02:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
[2004/04/23 18:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2006/03/13 05:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2004/04/01 09:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreCodec
[2010/03/11 18:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DisplayTune
[2006/12/16 21:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FUJIFILM
[2004/04/02 02:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2004/04/01 08:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kazaa Lite
[2006/02/18 19:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lionhead Studios
[2008/10/08 20:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2008/09/25 22:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2010/06/11 03:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: DMIO.SYS >
[2004/08/11 21:11:30 | 000,151,808 | ---- | M] () MD5=92C87E7B2C5D9FFCD448780E0E8BB5CA -- C:\Qoobox\32788R22FWJFW\dmio.sys
[2004/02/26 20:00:00 | 000,146,304 | ---- | M] (Microsoft Corp., Veritas Software) MD5=96019A94242FFC9856264A0B042813DF -- C:\WINDOWS\$NtServicePackUninstall$\dmio.sys
[2004/08/11 21:11:30 | 000,151,808 | ---- | M] (Microsoft Corp., Veritas Software) MD5=B99078C1719A26BFE2CA9AA2A50E0B10 -- C:\WINDOWS\ServicePackFiles\i386\dmio.sys
[2004/08/11 21:11:30 | 000,151,808 | ---- | M] (Microsoft Corp., Veritas Software) MD5=B99078C1719A26BFE2CA9AA2A50E0B10 -- C:\WINDOWS\system32\drivers\dmio.sys

========== Files - Unicode (All) ==========
[2010/06/16 05:30:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??) -- C:\Documents and Settings\Administrator\桌面
[2010/06/16 05:30:53 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??) -- C:\Documents and Settings\Administrator\桌面
[2010/06/16 04:47:15 | 003,712,368 | R--- | M] ()(C:\Documents and Settings\Administrator\??\ComboFix.exe) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2010/06/16 04:47:08 | 003,712,368 | R--- | C] ()(C:\Documents and Settings\Administrator\??\ComboFix.exe) -- C:\Documents and Settings\Administrator\桌面\ComboFix.exe
[2010/06/16 04:46:40 | 000,047,123 | ---- | M] ()(C:\Documents and Settings\Administrator\??\how-to-use-combofix.htm) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix.htm
[2010/06/16 04:46:40 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\how-to-use-combofix_files) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix_files
[2010/06/16 04:46:39 | 000,047,123 | ---- | C] ()(C:\Documents and Settings\Administrator\??\how-to-use-combofix.htm) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix.htm
[2010/06/16 04:46:39 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\how-to-use-combofix_files) -- C:\Documents and Settings\Administrator\桌面\how-to-use-combofix_files
[2010/06/16 03:50:33 | 000,002,810 | ---- | M] ()(C:\Documents and Settings\Administrator\??\fix.txt) -- C:\Documents and Settings\Administrator\桌面\fix.txt
[2010/06/16 03:50:33 | 000,002,810 | ---- | C] ()(C:\Documents and Settings\Administrator\??\fix.txt) -- C:\Documents and Settings\Administrator\桌面\fix.txt
[2010/06/16 02:45:40 | 000,030,762 | ---- | M] ()(C:\Documents and Settings\Administrator\??\ark.txt) -- C:\Documents and Settings\Administrator\桌面\ark.txt
[2010/06/16 02:45:40 | 000,030,762 | ---- | C] ()(C:\Documents and Settings\Administrator\??\ark.txt) -- C:\Documents and Settings\Administrator\桌面\ark.txt
[2010/06/15 13:45:51 | 000,293,376 | ---- | C] ()(C:\Documents and Settings\Administrator\??\gmer.exe) -- C:\Documents and Settings\Administrator\桌面\gmer.exe
[2010/06/15 13:44:20 | 000,017,535 | ---- | M] ()(C:\Documents and Settings\Administrator\??\DDS.txt) -- C:\Documents and Settings\Administrator\桌面\DDS.txt
[2010/06/15 13:44:20 | 000,017,535 | ---- | C] ()(C:\Documents and Settings\Administrator\??\DDS.txt) -- C:\Documents and Settings\Administrator\桌面\DDS.txt
[2010/06/15 13:44:09 | 000,039,278 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Attach.txt) -- C:\Documents and Settings\Administrator\桌面\Attach.txt
[2010/06/15 13:44:09 | 000,039,278 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Attach.txt) -- C:\Documents and Settings\Administrator\桌面\Attach.txt
[2010/06/15 13:40:45 | 000,284,915 | ---- | C] ()(C:\Documents and Settings\Administrator\??\gmer.zip) -- C:\Documents and Settings\Administrator\桌面\gmer.zip
[2010/06/15 13:40:43 | 000,284,915 | ---- | M] ()(C:\Documents and Settings\Administrator\??\gmer.zip) -- C:\Documents and Settings\Administrator\桌面\gmer.zip
[2010/06/15 13:39:00 | 000,525,824 | ---- | C] ()(C:\Documents and Settings\Administrator\??\dds.scr) -- C:\Documents and Settings\Administrator\桌面\dds.scr
[2010/06/15 13:38:57 | 000,525,824 | ---- | M] ()(C:\Documents and Settings\Administrator\??\dds.scr) -- C:\Documents and Settings\Administrator\桌面\dds.scr
[2010/06/14 16:12:52 | 000,444,416 | ---- | C] (OldTimer Tools)(C:\Documents and Settings\Administrator\??\TFC.exe) -- C:\Documents and Settings\Administrator\桌面\TFC.exe
[2010/06/14 16:12:51 | 000,444,416 | ---- | M] (OldTimer Tools)(C:\Documents and Settings\Administrator\??\TFC.exe) -- C:\Documents and Settings\Administrator\桌面\TFC.exe
[2010/06/14 14:46:16 | 000,000,696 | ---- | M] ()(C:\Documents and Settings\Administrator\??\SpywareBlaster.lnk) -- C:\Documents and Settings\Administrator\桌面\SpywareBlaster.lnk
[2010/06/14 14:46:16 | 000,000,696 | ---- | C] ()(C:\Documents and Settings\Administrator\??\SpywareBlaster.lnk) -- C:\Documents and Settings\Administrator\桌面\SpywareBlaster.lnk
[2010/06/14 14:44:49 | 003,103,640 | ---- | M] (Javacool Software LLC )(C:\Documents and Settings\Administrator\??\spywareblastersetup43.exe) -- C:\Documents and Settings\Administrator\桌面\spywareblastersetup43.exe
[2010/06/14 14:44:37 | 003,103,640 | ---- | C] (Javacool Software LLC )(C:\Documents and Settings\Administrator\??\spywareblastersetup43.exe) -- C:\Documents and Settings\Administrator\桌面\spywareblastersetup43.exe
[2010/06/06 13:28:04 | 000,061,440 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Chung 02311.xls) -- C:\Documents and Settings\Administrator\桌面\Chung 02311.xls
[2010/06/06 02:04:23 | 000,061,440 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Chung 02311.xls) -- C:\Documents and Settings\Administrator\桌面\Chung 02311.xls
[2010/05/30 03:56:42 | 000,002,355 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Microsoft Word.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft Word.lnk
[2010/05/25 04:30:58 | 000,107,535 | ---- | M] ()(C:\Documents and Settings\Administrator\??\43340_1.jpg) -- C:\Documents and Settings\Administrator\桌面\43340_1.jpg
[2010/05/25 04:30:58 | 000,107,535 | ---- | C] ()(C:\Documents and Settings\Administrator\??\43340_1.jpg) -- C:\Documents and Settings\Administrator\桌面\43340_1.jpg
[2010/05/16 04:30:30 | 000,322,352 | ---- | M] (BitTorrent, Inc.)(C:\Documents and Settings\Administrator\??\utorrent.exe) -- C:\Documents and Settings\Administrator\桌面\utorrent.exe
[2010/05/15 04:26:12 | 000,174,376 | ---- | M] ()(C:\Documents and Settings\Administrator\??\797px-Independence_Hall.jpg) -- C:\Documents and Settings\Administrator\桌面\797px-Independence_Hall.jpg
[2010/05/15 04:26:12 | 000,174,376 | ---- | C] ()(C:\Documents and Settings\Administrator\??\797px-Independence_Hall.jpg) -- C:\Documents and Settings\Administrator\桌面\797px-Independence_Hall.jpg
[2010/05/03 14:49:40 | 000,018,977 | ---- | M] ()(C:\Documents and Settings\Administrator\??\ticket.htm) -- C:\Documents and Settings\Administrator\桌面\ticket.htm
[2010/05/03 14:49:39 | 000,018,977 | ---- | C] ()(C:\Documents and Settings\Administrator\??\ticket.htm) -- C:\Documents and Settings\Administrator\桌面\ticket.htm
[2010/05/03 14:49:39 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\ticket_files) -- C:\Documents and Settings\Administrator\桌面\ticket_files
[2010/05/03 14:49:39 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\ticket_files) -- C:\Documents and Settings\Administrator\桌面\ticket_files
[2010/04/15 03:26:49 | 000,001,237 | ---- | M] ()(C:\Documents and Settings\Administrator\??\pass.txt) -- C:\Documents and Settings\Administrator\桌面\pass.txt
[2010/02/24 07:49:00 | 000,126,729 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Image028.jpg) -- C:\Documents and Settings\Administrator\桌面\Image028.jpg
[2010/02/23 11:12:56 | 000,126,729 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Image028.jpg) -- C:\Documents and Settings\Administrator\桌面\Image028.jpg
[2010/01/27 16:59:06 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\monica) -- C:\Documents and Settings\Administrator\桌面\monica
[2009/12/21 17:02:54 | 000,187,371 | ---- | M] ()(C:\Documents and Settings\Administrator\??\work3.jpg) -- C:\Documents and Settings\Administrator\桌面\work3.jpg
[2009/12/21 17:02:47 | 000,195,069 | ---- | M] ()(C:\Documents and Settings\Administrator\??\work2.jpg) -- C:\Documents and Settings\Administrator\桌面\work2.jpg
[2009/12/21 17:02:34 | 000,196,333 | ---- | M] ()(C:\Documents and Settings\Administrator\??\work1.jpg) -- C:\Documents and Settings\Administrator\桌面\work1.jpg
[2009/12/21 17:02:33 | 000,196,333 | ---- | C] ()(C:\Documents and Settings\Administrator\??\work1.jpg) -- C:\Documents and Settings\Administrator\桌面\work1.jpg
[2009/12/21 17:02:33 | 000,195,069 | ---- | C] ()(C:\Documents and Settings\Administrator\??\work2.jpg) -- C:\Documents and Settings\Administrator\桌面\work2.jpg
[2009/12/21 17:02:33 | 000,187,371 | ---- | C] ()(C:\Documents and Settings\Administrator\??\work3.jpg) -- C:\Documents and Settings\Administrator\桌面\work3.jpg
[2009/12/15 14:24:48 | 000,293,376 | ---- | M] ()(C:\Documents and Settings\Administrator\??\gmer.exe) -- C:\Documents and Settings\Administrator\桌面\gmer.exe
[2009/11/22 00:42:23 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\baubles) -- C:\Documents and Settings\Administrator\桌面\baubles
[2009/10/31 14:04:32 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\baubles) -- C:\Documents and Settings\Administrator\桌面\baubles
[2009/10/31 02:15:34 | 000,081,408 | -HS- | M] ()(C:\Documents and Settings\Administrator\??\Thumbs.db) -- C:\Documents and Settings\Administrator\桌面\Thumbs.db
[2009/10/31 02:15:30 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\pics) -- C:\Documents and Settings\Administrator\桌面\pics
[2009/09/04 02:08:20 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\hunt) -- C:\Documents and Settings\Administrator\桌面\hunt
[2009/08/22 00:17:16 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\pics) -- C:\Documents and Settings\Administrator\桌面\pics
[2009/08/19 04:06:46 | 000,000,939 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Spybot - Search & Destroy.lnk) -- C:\Documents and Settings\Administrator\桌面\Spybot - Search & Destroy.lnk
[2009/03/09 21:01:54 | 000,322,352 | ---- | C] (BitTorrent, Inc.)(C:\Documents and Settings\Administrator\??\utorrent.exe) -- C:\Documents and Settings\Administrator\桌面\utorrent.exe
[2008/10/15 00:19:01 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\VLC Snapshot) -- C:\Documents and Settings\Administrator\桌面\VLC Snapshot
[2008/06/12 21:26:30 | 000,000,672 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Burrrn.lnk) -- C:\Documents and Settings\Administrator\桌面\Burrrn.lnk
[2008/06/12 21:26:08 | 000,000,672 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Burrrn.lnk) -- C:\Documents and Settings\Administrator\桌面\Burrrn.lnk
[2008/01/09 20:05:22 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\hunt) -- C:\Documents and Settings\Administrator\桌面\hunt
[2007/10/08 19:00:51 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\monica) -- C:\Documents and Settings\Administrator\桌面\monica
[2007/08/29 02:33:36 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\??\mp3) -- C:\Documents and Settings\Administrator\桌面\mp3
[2007/08/29 02:24:27 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\mp3) -- C:\Documents and Settings\Administrator\桌面\mp3
[2007/06/30 11:14:03 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\??\VLC Snapshot) -- C:\Documents and Settings\Administrator\桌面\VLC Snapshot
[2006/11/25 15:01:17 | 000,002,361 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Microsoft PowerPoint.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft PowerPoint.lnk
[2005/12/19 15:43:31 | 000,000,000 | R--D | M](C:\Documents and Settings\Administrator\???????) -- C:\Documents and Settings\Administrator\「開始」功能表
[2005/12/19 15:43:31 | 000,000,000 | R--D | M](C:\Documents and Settings\Administrator\???????) -- C:\Documents and Settings\Administrator\「開始」功能表
[2005/08/19 02:21:54 | 000,001,237 | ---- | C] ()(C:\Documents and Settings\Administrator\??\pass.txt) -- C:\Documents and Settings\Administrator\桌面\pass.txt
[2005/08/10 00:55:51 | 000,000,632 | ---- | M] ()(C:\Documents and Settings\Administrator\??\mIRC.lnk) -- C:\Documents and Settings\Administrator\桌面\mIRC.lnk
[2005/08/10 00:55:51 | 000,000,632 | ---- | C] ()(C:\Documents and Settings\Administrator\??\mIRC.lnk) -- C:\Documents and Settings\Administrator\桌面\mIRC.lnk
[2005/05/28 20:51:13 | 000,081,408 | -HS- | C] ()(C:\Documents and Settings\Administrator\??\Thumbs.db) -- C:\Documents and Settings\Administrator\桌面\Thumbs.db
[2004/06/12 00:37:33 | 000,000,939 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Spybot - Search & Destroy.lnk) -- C:\Documents and Settings\Administrator\桌面\Spybot - Search & Destroy.lnk
[2004/04/04 22:28:55 | 000,001,628 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Nero Enterprise Edition.lnk) -- C:\Documents and Settings\Administrator\桌面\Nero Enterprise Edition.lnk
[2004/04/01 07:27:58 | 000,001,628 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Nero Enterprise Edition.lnk) -- C:\Documents and Settings\Administrator\桌面\Nero Enterprise Edition.lnk
[2004/04/01 07:27:10 | 000,002,361 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Microsoft PowerPoint.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft PowerPoint.lnk
[2004/04/01 07:26:47 | 000,002,355 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Microsoft Word.lnk) -- C:\Documents and Settings\Administrator\桌面\Microsoft Word.lnk
[2004/04/01 07:26:16 | 000,000,744 | ---- | C] ()(C:\Documents and Settings\Administrator\??\Outlook Express.lnk) -- C:\Documents and Settings\Administrator\桌面\Outlook Express.lnk
[2004/04/01 07:21:31 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\我已接收的檔案
[2004/04/01 07:21:31 | 000,000,000 | ---D | C](C:\Documents and Settings\Administrator\My Documents\???????) -- C:\Documents and Settings\Administrator\My Documents\我已接收的檔案
[2004/03/31 09:05:52 | 000,000,744 | ---- | M] ()(C:\Documents and Settings\Administrator\??\Outlook Express.lnk) -- C:\Documents and Settings\Administrator\桌面\Outlook Express.lnk
[2004/03/31 09:05:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\????) -- C:\Documents and Settings\Administrator\「開始」
[2004/03/31 09:05:32 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\????) -- C:\Documents and Settings\Administrator\「開始」
[2004/03/31 08:51:02 | 000,000,084 | -HS- | C] ()(C:\Documents and Settings\Administrator\???????\???\??\desktop.ini) -- C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\desktop.ini
[2004/03/31 08:49:35 | 000,000,084 | -HS- | C] ()(C:\WINDOWS\system32\config\systemprofile\???????\???\??\desktop.ini) -- C:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動\desktop.ini
[2004/03/31 08:46:02 | 000,000,084 | -HS- | M] ()(C:\WINDOWS\system32\config\systemprofile\???????\???\??\desktop.ini) -- C:\WINDOWS\system32\config\systemprofile\「開始」功能表\程式集\啟動\desktop.ini
[2004/03/31 08:46:02 | 000,000,084 | -HS- | M] ()(C:\Documents and Settings\Administrator\???????\???\??\desktop.ini) -- C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\desktop.ini
[2004/02/26 20:00:00 | 000,000,075 | ---- | M] ()(C:\WINDOWS\System32\????.scf) -- C:\WINDOWS\System32\檢視頻道.scf
[2004/02/26 20:00:00 | 000,000,075 | ---- | C] ()(C:\WINDOWS\System32\????.scf) -- C:\WINDOWS\System32\檢視頻道.scf
(C:\Documents and Settings\Administrator\???????) -- C:\Documents and Settings\Administrator\「開始」功能表
(C:\Documents and Settings\Administrator\????) -- C:\Documents and Settings\Administrator\「開始」
(C:\Documents and Settings\Administrator\??) -- C:\Documents and Settings\Administrator\桌面
< End of report >


#12 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 18 June 2010 - 02:28 AM

Still getting unknown hard error booting with last known good.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 18 June 2010 - 03:01 AM

Greetings

ok while in the pe envirment navigate to C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe double click on erdnt.exe

and then try to reboot the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Wax Luthor

Wax Luthor
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:07 AM

Posted 18 June 2010 - 03:28 AM

Still unknown hard error in both regular and last known good. sad.gif

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:07 AM

Posted 18 June 2010 - 03:39 AM

The unknown hard error should give an indication of the file that is causing it - can you let me know what file that is


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users