===========================================================
===========================================================
ComboFix 08-01-13.1 - -mildy- 2008-01-14 9:39:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.1.1028.18.567 [GMT 8:00]
執行位置?: C:\Tools\System\ComboFix.exe
Command switches used :: C:\Tools\System\CFScript.txt
* 已建立新的還原點
FILE
C:\79F.tmp
C:\WINDOWS\system32\drivers\hldrrr.exe
.
(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\79F.tmp
C:\Documents and Settings\-mildy-\Application Data\iWin
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Fashion.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Garden.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Housewares.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Luxury.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Toys.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\AccountInformation.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\BASSSoundManager.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\CursorData.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\LevelData.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\Orbital_Window.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\TutorialEventStatus.uad
.
(((((((((((((((((((((((((((( 2007-12-14 - 2008-01-14 之間建立的檔案 )))))))))))))))))))))))))))))))))
.
2008-01-14 01:31 . 2008-01-14 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 18:08 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-13 18:08 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-13 18:08 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-13 18:08 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-13 18:08 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-13 18:08 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-13 18:07 . 2008-01-13 21:28 <DIR> d-------- C:\Program Files\AvastPro4.7
2008-01-13 18:07 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-13 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\dllcache\chkdsk.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-01-11 20:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 10:41 . 2008-01-11 10:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-11 10:41 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-11 10:36 . 2008-01-14 01:32 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-11 10:15 . 2008-01-11 10:15 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-05 22:28 . 2008-01-05 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-05 18:36 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-05 18:36 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-05 18:35 . 2008-01-05 21:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-05 18:35 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-05 18:35 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-05 18:03 . 2008-01-05 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 18:03 . 2008-01-05 18:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 17:57 . 2008-01-05 17:57 <DIR> d-------- C:\Program Files\Real Alternative
2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Program Files\RealMedia
2008-01-04 21:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ltkiuluurife.sys
2008-01-04 18:14 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-04 18:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
2008-01-04 16:59 . 2008-01-13 21:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 16:59 . 2008-01-11 16:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 16:59 . 2008-01-11 16:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 16:59 . 2008-01-11 16:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 14:36 . 2008-01-05 20:39 <DIR> d-------- C:\Documents and Settings\-mildy-\.housecall6.6
2008-01-04 02:46 . 2008-01-09 21:06 <DIR> d-------- C:\Program Files\Babysitting Mania
2008-01-04 01:07 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-04 01:02 . 2008-01-11 23:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 23:27 . 2008-01-05 22:10 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-01-03 23:27 . 2008-01-03 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 23:25 . 2008-01-03 23:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 22:36 . 2008-01-11 09:19 <DIR> d-------- C:\Program Files\MalwareScanner-HiJackThis
2008-01-03 02:06 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 01:18 . 2008-01-04 20:59 <DIR> d-------- C:\Program Files\Trojan Killer
2008-01-01 18:51 . 2003-03-19 04:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-01 13:16 . 2008-01-06 01:54 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-31 15:45 . 2008-01-02 12:54 <DIR> d-------- C:\Program Files\Farm Frenzy
2007-12-31 15:28 . 2007-12-31 15:42 <DIR> d-------- C:\Program Files\Neighbours from Hell
2007-12-30 17:00 . 2007-12-30 17:00 <DIR> d-------- C:\Program Files\Nuclear Coffee
2007-12-30 16:31 . 2007-12-30 22:58 <DIR> d-------- C:\Program Files\Brainsbreaker 4.9.105
2007-12-30 16:18 . 2007-12-30 16:29 <DIR> d-------- C:\Program Files\Playtonium Jigsaw Patterns in Nature
2007-12-30 13:27 . 2008-01-05 17:06 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-30 13:27 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-27 13:25 . 2007-12-27 17:30 <DIR> d-------- C:\Program Files\Jigsaws
2007-12-27 11:39 . 2007-12-28 11:02 <DIR> d-------- C:\Program Files\BrainsBreaker
2007-12-26 15:09 . 2008-01-05 18:32 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-12-24 14:20 . 2007-12-24 14:21 <DIR> d-------- C:\Program Files\Wedding Dash
2007-12-23 20:49 . 2007-12-23 21:14 <DIR> d-------- C:\Program Files\Pastime Puzzles
2007-12-23 17:53 . 2007-12-23 18:00 <DIR> d-------- C:\Program Files\Mystery Of Shark Island
2007-12-23 14:00 . 2007-12-23 14:01 <DIR> d-------- C:\Program Files\Lucy Q Deluxe
2007-12-23 11:39 . 2007-12-27 11:33 <DIR> d-------- C:\Program Files\Jigsaw365
2007-12-21 17:04 . 2008-01-09 20:13 <DIR> d-------- C:\Program Files\Pocket JigMake
2007-12-21 16:37 . 2007-12-21 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-21 16:37 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-21 16:37 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-21 16:36 . 2007-12-21 16:45 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-20 14:35 . 2007-12-20 14:35 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 20:01 . 2007-12-19 20:02 <DIR> d-------- C:\Program Files\Diner Dash Flo On The Go
2007-12-19 20:00 . 2007-12-23 22:52 <DIR> d-------- C:\Program Files\Diner Dash Hometown Hero
2007-12-19 19:47 . 2007-12-20 15:12 <DIR> d-------- C:\Program Files\Delivery King
2007-12-18 22:40 . 2007-12-18 22:40 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-18 15:32 . 2007-12-18 15:32 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-18 15:15 . 2007-12-18 15:31 535 --a------ C:\WINDOWS\wwwconfig.dat
2007-12-18 01:27 . 2007-12-18 15:32 <DIR> d-------- C:\Program Files\Flower Shop Big City Break
2007-12-18 01:26 . 2007-12-18 15:06 <DIR> d-------- C:\Program Files\Posh Shop
2007-12-18 01:25 . 2007-12-20 21:00 <DIR> d-------- C:\Program Files\Pizza Frenzy
2007-12-18 01:25 . 2007-12-20 22:57 <DIR> d-------- C:\Program Files\Daycare Nightmare
2007-12-18 01:24 . 2007-12-18 15:09 <DIR> d-------- C:\Program Files\Cathys Caribbean Club
2007-12-18 01:23 . 2007-12-21 23:22 <DIR> d-------- C:\Program Files\Believe In Santa
2007-12-18 01:20 . 2007-12-18 15:12 <DIR> d-------- C:\Program Files\Baby Luv
2007-12-18 01:19 . 2007-12-18 15:13 <DIR> d-------- C:\Program Files\Big Island Blends
2007-12-18 01:18 . 2007-12-25 01:29 <DIR> d-------- C:\Program Files\Fab Fashion
2007-12-18 01:15 . 2007-12-27 11:34 <DIR> d-------- C:\Program Files\Teddy Factory
2007-12-18 00:56 . 2007-12-18 15:15 <DIR> d-------- C:\Program Files\Wild West Wendy
2007-12-18 00:51 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Mystic Inn
2007-12-18 00:50 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Santas Super Friends
2007-12-18 00:48 . 2007-12-18 01:11 <DIR> d-------- C:\Program Files\Birdies
2007-12-18 00:45 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Home Sweet Home
2007-12-18 00:41 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Happy Hour
2007-12-17 23:31 . 2007-12-21 21:21 <DIR> d-------- C:\Program Files\Sallys Salon
2007-12-17 23:12 . 2007-12-18 01:13 <DIR> d-------- C:\Program Files\Delicious 2 Deluxe
2007-12-17 23:10 . 2007-12-20 21:03 <DIR> d-------- C:\Program Files\Sushi Frenzy
2007-12-17 01:53 . 2007-12-20 19:53 <DIR> d-------- C:\Program Files\Nanny Mania
2007-12-17 01:42 . 2007-12-17 01:42 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-17 01:37 . 2007-12-17 01:41 <DIR> d-------- C:\Program Files\Janes Hotel
2007-12-16 20:48 . 2007-12-16 20:48 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-16 20:39 . 2007-12-16 20:39 <DIR> d-------- C:\WINDOWS\Burger Shop
2007-12-16 20:39 . 2007-12-16 20:44 <DIR> d-------- C:\Program Files\Burger Shop
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 01:37 5,505,024 ---ha-w C:\Documents and Settings\-mildy-\NTUSER.DAT
2008-01-14 01:36 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Ditto
2008-01-14 00:57 --------- d-----w C:\Program Files\NJStar Communicator
2008-01-14 00:29 --------- d-----w C:\Program Files\BitComet
2008-01-14 00:20 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ClickOff
2008-01-13 11:50 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-12 16:00 --------- d-----w C:\Program Files\Replay AV 8
2008-01-11 12:18 --------- d-----w C:\Program Files\Crazy Browser
2008-01-08 17:00 --------- d-----w C:\Program Files\Flary Address
2008-01-08 10:27 --------- d-----w C:\Program Files\eMule
2008-01-05 14:48 --------- d-----w C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)
2008-01-05 14:48 --------- d-----w C:\Program Files\Volumouse
2008-01-05 14:47 --------- d-----w C:\Program Files\UberIcon
2008-01-05 14:46 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-05 14:46 --------- d-----w C:\Program Files\StrokeIt
2008-01-05 14:41 --------- d-----w C:\Program Files\Point-N-Click
2008-01-05 14:25 --------- d-----w C:\Program Files\Free Internet Window Washer
2008-01-05 14:23 --------- d-----w C:\Program Files\FileNote
2008-01-05 14:21 --------- d-----w C:\Program Files\EasyZip
2008-01-05 14:16 --------- d-----w C:\Program Files\CursorXP
2008-01-05 14:16 --------- d-----w C:\Program Files\CopyURL
2008-01-05 14:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-01-05 14:15 --------- d-----w C:\Program Files\ClickOff
2008-01-05 14:15 --------- d-----w C:\Program Files\Click-N-Type
2008-01-05 14:15 --------- d-----w C:\Program Files\Brightness&ColorSwapper-gapa
2008-01-05 12:31 --------- d-----w C:\Program Files\Renamer
2008-01-03 18:10 --------- d-----w C:\Program Files\Taskbar Shuffle
2008-01-02 13:21 20 ----a-w C:\sccfg.sys
2008-01-01 13:19 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\MegauploadToolbar
2008-01-01 12:28 --------- d-s---w C:\Documents and Settings\-mildy-\Application Data\Microsoft
2007-12-31 12:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PlayFirst
2007-12-21 18:22 --------- d-----w C:\Program Files\ICE Book Reader Professional Retail 76
2007-12-21 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-20 06:35 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_dctemp
2007-12-18 14:40 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-16 17:42 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-15 11:13 --------- d-----w C:\Program Files\Paradise Pet Salon
2007-12-13 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-13 09:33 --------- d-----w C:\Program Files\Thunder Network
2007-12-13 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-13 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2007-12-13 06:16 --------- d-----w C:\Program Files\The Apprentice Los Angeles
2007-12-12 10:23 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll
2007-12-09 20:58 --------- d-----w C:\Program Files\Fashion Fits
2007-12-09 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-08 14:59 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Macromedia
2007-12-08 09:19 --------- d-----w C:\Program Files\Cake Mania Back to the Bakery
2007-12-07 10:17 --------- d-----w C:\Program Files\Cake Mania 2
2007-12-06 07:36 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-05 14:57 --------- d-----w C:\Program Files\Any Media to MP3 Converter
2007-12-05 14:34 --------- d-----w C:\Program Files\Shuangs Audio Editor
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\River Past G5
2007-12-05 08:13 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2007-12-05 08:12 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-05 06:12 --------- d-----w C:\Program Files\AimOne_AlltoMP3
2007-12-05 06:10 1,307,468 ----a-w C:\WINDOWS\system32\tmp~1.exe
2007-12-04 15:27 --------- d-----w C:\Program Files\GameHouse
2007-12-04 12:15 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Big Fish Games
2007-12-04 12:10 --------- d-----w C:\Program Files\Azada
2007-12-04 09:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\GameHouse
2007-12-04 08:44 --------- d-----w C:\Program Files\Abra Academy
2007-12-03 18:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-12-03 11:06 --------- d-----w C:\Program Files\Tudou
2007-12-01 06:39 10,884,472 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-29 17:47 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PhraseExpress
2007-11-29 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PhraseExpress
2007-11-29 15:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 15:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-26 15:02 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Scan2PDF
2007-11-26 13:51 --------- d-----w C:\Program Files\Scan2PDF
2007-11-25 14:04 --------- d-----w C:\Program Files\SimpleOCR
2007-11-25 12:25 --------- d-----w C:\Program Files\ScannerU
2007-11-24 10:44 --------- d-----w C:\Program Files\InfoTag Magic 1.0
2007-11-21 05:29 --------- d-----w C:\Program Files\Paint.NET
2007-11-20 01:05 --------- d-----w C:\Program Files\Tracker Software
2007-11-14 07:27 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 699,904 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 699,904 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-07 06:46 533 ----a-w C:\Program Files\Softwares'.lnk
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:56 3,086,848 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:42 1,269,248 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,269,248 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,320,512 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 02:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2005-10-20 09:17 28,672 ----a-w C:\Program Files\CloseAll.exe
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-13_15.21.48.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 03:45:38 12,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 03:45:43 207,072 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 03:45:37 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 03:46:01 690,912 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 03:46:53 328,928 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:49:28 705,024 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 03:45:38 12,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 03:45:43 207,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 03:45:37 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 03:46:01 690,912 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 03:46:53 328,928 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2008-01-13 06:37:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 01:39:15 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 06:37:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 01:39:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 06:37:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 01:39:15 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 06:37:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 01:39:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 06:37:47 5,283,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 01:39:15 5,308,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 06:37:47 16,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 01:39:15 16,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2007-10-01 06:30:12 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-01-14 00:34:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_41c.dat
+ 2008-01-14 00:31:45 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4c8.dat
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"Kana Reminder"="C:\Tools\Tools\Reminder.exe" [2005-11-29 08:09 1185280]
"Sensiva"="C:\Program Files\Sensiva" [ ]
"Winsplit"="C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe" [2007-10-10 00:29 2627072]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 06:29 62976]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [ ]
"NetXfer"="C:\Program Files\Xi\NetXfer\NetTransport.exe" [2007-10-08 15:09 1392640]
"Mmm"="C:\Program Files\HACE\Mmm\MmmTray.exe" [2007-06-01 00:01 15872]
"Free Internet Window Washer"="C:\PROGRA~1\FREEIN~1\Clearpch.exe" [2006-12-15 21:29 1498624]
"Ditto"="C:\Tools\Processor\Ditto\Ditto.exe" [2006-08-04 12:20 618496]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 20:33 6338360]
"Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe" [2004-02-03 13:13 1216000]
"$Volumouse$"="C:\Program Files\Volumouse\volumouse.exe" [2006-05-27 11:49 26112]
"TrojanKiller"="C:\Program Files\Trojan Killer\TrojanKiller.exe" [2007-12-22 16:58 1366016]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-08 01:19 15872]
"RAM Idle Professional"="C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"NuonSoft ShellEnhancer StartupHelper"="C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe" [2006-12-16 11:46 65536]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"Aqua"="C:\Program Files\Deskperience\Aqua\wText.exe" [2005-05-06 19:33 1011712]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]
"avast!"="C:\PROGRA~1\AVASTP~1.7\ashDisp.exe" [2007-12-04 21:00 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-12 20:00 133632]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 20:00 15360]
C:\Documents and Settings\-mildy-\「開始」功能表\程式集\啟動\
a-squared Free.lnk - C:\Program Files\a-squared Free\a2free.exe [2008-01-04 01:07:57]
ActiveSyncToggle.exe.lnk - C:\Tools\Tools\ActiveSyncToggle.exe [2007-10-03 21:59:08]
Ad-Aware 2007.lnk - C:\Program Files\Ad-Aware 2007\Ad-Aware2007.exe [2007-10-31 15:18:06]
Brightness&ColorSwapper-gapa.lnk - C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe [2007-05-31 05:03:31]
Click-N-Type.LNK - C:\Program Files\Click-N-Type\Click-N-Type.exe [2007-09-27 14:43:14]
ClickOff.lnk - C:\Program Files\ClickOff\Clickoff.exe [2007-04-12 16:02:26]
Export.sxp.lnk - C:\Backup\Nec\Softwares'\StrokeIt\Export.sxp [2007-11-07 15:32:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 1 (0x1)
"NoWinKeys"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-16 13:53]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 05:10]
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28681820-917D-11d5-8177-005056FDDA4B}]
rundll32.exe C:\WINDOWS\system32\ShellExt\DafiTech\Cpy2Clip\cpy2clip.dll,CreateUserSettings
.
排程工作資料夾的內容
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 09:47:05
Windows 5.1.2600 Service Pack 2 NTFS
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
掃描完成
隱藏檔案?: 0
**************************************************************************
.
完成時間?: 2008-01-14 9:50:41
ComboFix-quarantined-files.txt 2008-01-14 01:50:36
ComboFix2.txt 2008-01-13 07:22:09
.
2008-01-14 00:24:18 --- E O F ---
===========================================================
===========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:16, on 14/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\AvastPro4.7\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\AvastPro4.7\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\NuonSoft\ShellEnhancer\ShellEnhancer.exe
c:\program files\a-squared free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
C:\PROGRA~1\AVASTP~1.7\ashDisp.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Tools\Tools\Reminder.exe
C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Xi\NetXfer\NetTransport.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\PROGRA~1\FREEIN~1\Clearpch.exe
C:\Tools\Processor\Ditto\Ditto.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AvastPro4.7\ashMaiSv.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\AvastPro4.7\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\ClickOff\Clickoff.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Point-N-Click\Point-N-Click.exe
C:\Tools\RAM Idle Professional 3.4\RAM_XP.exe
C:\Tools\Tools\ResizeEnable\ResizeEnableRunner.exe
C:\Program Files\Stardock\Object Desktop\RightClick\RightClick.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Tools\Tools\ZoomIt-DesktopZoomer.Pen.BlankScreen.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\MalwareScanner-HiJackThis\MalwareScanner-HiJackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Aqua] C:\Program Files\Deskperience\Aqua\wText.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTP~1.7\ashDisp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Kana Reminder] "C:\Tools\Tools\Reminder.exe"
O4 - HKCU\..\Run: [Sensiva] "C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [NetXfer] "C:\Program Files\Xi\NetXfer\NetTransport.exe"
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [Ditto] C:\Tools\Processor\Ditto\Ditto.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [TrojanKiller] "C:\Program Files\Trojan Killer\TrojanKiller.exe" 0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Get file size - res://C:\Program Files\Moveax InternetFileSize\IFSIEMenuStub.dll/201
O8 - Extra context menu item: Download All by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdownload/d ... psbase.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AvastPro4.7\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AvastPro4.7\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AvastPro4.7\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AvastPro4.7\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 12006 bytes
===========================================================
Thanks so very much....