Free Malware Removal Forum

by **wealthluck** » September 16th, 2009, 7:00 am

Hi there,

I'm seriously and cordially calling for help of yours, the respectable and generous experts out here please! The problem I've got is before, I thnk for about 2 weeks, every now and then I could still start Windows in normal mode, most of the time after the running of the Windows Logo, what comes up would only be a blue screen, the later the worse. Until now I can't boot into normal mode at all, except for safe mode where I'm now in.

I've always admired the enormous IT knowledge you guys have and your greatness of willingness to help, and with my Hijackthis Log as below, I'll be longing to hear from you and for your kind assistance!

My sincerest regards and heartiest thanks to you great guys!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:44, on 16/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Tools\StrokeIt\strokeit.exe
C:\Tools\ShellEnhancer\ShellEnhancer.exe
C:\Tools\Symbol Commander Pro\Sensiva.exe
C:\Tools\TaskSwitchXP2011\TaskSwitchXP.exe
C:\Tools\Crazy Browser\Crazy Browser.exe
C:\Tools\ccCleaner223\CCleaner.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Tools\NetTransport2.80.441\FTPTransport.exe
C:\Program Files\BitComet\BitComet.exe
C:\Tools\eMule0.49c\emule.exe
C:\Program Files\a-squared Free\a2free.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\ExpressMenuBullzip\exmenu.exe
C:\Tools\Ditto\Ditto.exe
C:\Tools\WinSplit Revolution\WinSplit.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Tools\ZoomIt.exe
C:\Program Files\GridService\peeradapter.exe
C:\Program Files\GridService\peer.exe
C:\Tools\RightClick\RightClick.exe
C:\Program Files\Avast4\ashSimp2.exe
C:\Program Files\ClocX\ClocX.exe
E:\~Sundries-Nec\~ToPutIntoCd\E-Installers\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\USE\Application Data\FlashGetBHO\FlashGetBHO3.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CHotkey] C:\APPS\Chicony\chicony.bat
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [BtnMovie] 1152 x 864 @ 1Hz 32bit colors
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [AutoShutdown] C:\WINDOWS\zenotib\zenotib.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\Program Files\Free Internet Window Washer\Clearpch.exe -Start
O4 - HKCU\..\Run: [Sensiva] "C:\Tools\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Tools\WinSplit Revolution\WinSplit.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\MmmHACE\Mmm.exe"
O4 - HKCU\..\Run: [DW6] "C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [FontLoader] C:\Program Files\ShellToolsMoonSoftware\FontLoaderSysTray.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Tools\VolumeMouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Wallpaper Manager] C:\Program Files\WallpaperChangerAdolix\AWC.exe -startup
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ccleaner] "C:\Tools\ccCleaner223\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm
O8 - Extra context menu item: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZC
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥窒蟈諉 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_burger ... yer_v4.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9147 bytes

by **Jack&Jill** » September 20th, 2009, 12:47 pm

Hello wealthluck,

Sorry for the delay.

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules.
As I am currently training at Malware Removal, it will take some time for me to go through your logs, please be patient with me.
Be assured that any recommendations to you will be done as soon as possible and will be approved by an expert.
Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
If you have any doubts or problems during the fix, please stop and ask.
If you need to be away for a while during the fix, please let me know.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
Do not use or run any tools without supervision as they may cause more harm if improperly used.
If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly

. We may begin.
I am working on your log now and will be back the soonest.

At the mean time, please post an Uninstall list

Open HijackThis.
Go to Open the Misc Tools section by clicking on the box.
Under the Systems tools, look for Open Uninstall Manager and click on it.
Click Save list... and save the text file in a convenient location.
Copy and paste the Uninstall list contents in your reply.

Please minimize your exposure to the Internet when in Safe Mode.

by **wealthluck** » September 21st, 2009, 3:35 am

Hi Jack&Jill,
So very glad indeed to see your kind reply and learn that my log is being reviewed, thanks so so much indeed for offering help!! Hope my problem can eventually be soved!

I've read every word of yours carefully and understand it well, everything stated is just fine. Thanks very much also for your kind advices and I'll follow them tightly not to worsen the problem.

My hyjackthis saved uninstall list is as below. It's really kind and generous of you!

Many thanks again for your great effort offering, will remain ready for your next instruction..

-------------------------------------------------------------------------------------------------------
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.7 - Chinese Traditional
Adobe Shockwave Player 11.5
Adolix Wallpaper Changer 2.2
AimOne All to MP3 Converter 1.61
a-squared Free 4.0
Atheros Communications Inc.(R) L2 Fast Ethernet Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoHotkey 1.0.48.01
AutoShutdown
avast! Antivirus
AXPDF Converter
Beach Party Craze
Big Island Blends
BitComet 1.10
Boilsoft Video Splitter 5.16
Bullzip Express Menu 2.0.3186.20544
Burger Island
Burger Island 2
Burger Shop
Cake Mania 2
Cake Mania 3
Catalyst Control Center - Branding
Cathys Caribbean Club
ClickOff version 1.82
ClocX (1.5b2)
Cooking Dash
Cool Timer 3.6
Copy2Clip 1.0.7
CursorFX
CursorFX
CursorXP
CyberLink Live Codec Pack
Daycare Nightmare Mini Monsters
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
Delicious 2 Deluxe
Diaper Dash
Diner Dash Flo On The Go
Diner Dash Flo Through Time
Diner Dash Hometown Hero
Diner Dash Seasonal Snack Pack
Doggie Dash
Dress Shop Hop
Dress Up Rush
EPSON Printer Software
Fashion Boutique
Fashion Craze
Fashion Dash
Fashion Fits
FileNote (Remove Only)
Fitness Dash
Flower Shop Big City Break
Fomine NetSend (remove only)
Free Internet Window Washer
Gourmania
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICE Book Reader Professional Retail
Ice Cream Craze Tycoon Takeover
Ice Cream Mania
InfoTag Magic 1.0
Intel(R) Graphics Media Accelerator Driver
iSiloX
iWisoft Flash SWF Downloader 1.8
Janes Hotel
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 16
Jewelleria
KB898458：Step by Step Interactive Training 筆記本檢視器安全性更新
KB923723：Step by Step Interactive Training 筆記本檢視器安全性更新
K-Lite Codec Pack 5.0.0 (Full)
Lakeridge Software WisBar Advance 3 for WM6 v3.0.0.2
Livestation
Macromedia Flash Player 8
Macromedia Shockwave Player
MediaInfo 0.7.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Miriel The Magical Merchant
MKVtoolnix 2.7.0
Multilingual Speaking Clock ver 2.6
Multimedia Keyboard Driver Ver1.0 (KB-0108)
Mystic Emporium
Nero 9.0.9.4 Lite
NJStar Communicator
OpenAL
OpenOffice.org 2.4
Party Down
Piky Basket 2.0
PowerCinema
Purrfect Pet Shop
QuickTime Alternative 2.9.2
RAM Idle LE
RaySource 2.1.10.8366
Realtek High Definition Audio Driver
RealWorld Change Cursor
Replay AV 8
Replay Converter 2.8
Resco Explorer
RollerCoaster Tycoon 3 Demo
Shapez 3.0 Freeware
Shell Tools
Shuangs Audio Joiner 1.2
Sonic MyDVD LE
Sonic RecordNow!
Spb Pocket Plus
Sprouts Adventure
Spybot - Search & Destroy
SpywareBlaster 4.2
Squeaky Clean
Stand O Food 2
Stardock Central
Supermarket Mania
The Weather Channel Desktop 6
UberIcon 1.0.4
Ulead GIF Animator 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Video Cutter 1.0
VLC media player 0.9.9
WinAVI Video Converter
WindowBlinds
Windows Driver Package - Intel hdc (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel hdc (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/13/2007 8.3.0.1008)
Windows Driver Package - Intel System (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/22/2006 8.1.0.1002)
Windows Driver Package - Intel System (02/28/2007 8.3.0.1013)
Windows Driver Package - Intel System (03/09/2006 7.3.0.1013)
Windows Driver Package - Intel System (03/10/2005 7.0.0.1019)
Windows Driver Package - Intel System (03/25/2004 5.1.0.1009)
Windows Driver Package - Intel System (04/10/2006 8.0.0.1008)
Windows Driver Package - Intel System (05/23/2005 7.1.0.1011)
Windows Driver Package - Intel System (05/26/2004 6.1.0.1008)
Windows Driver Package - Intel System (08/25/2003 5.1.0.1006)
Windows Driver Package - Intel System (09/13/2005 7.2.2.1001)
Windows Driver Package - Intel System (10/11/2002 4.20.1007)
Windows Driver Package - Intel System (12/06/2006 8.2.0.1002)
Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel USB (05/15/2006 7.4.0.1005)
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 安全性更新 (KB936782)
Windows Media Player 安全性更新 (KB952069)
Windows Media Player 安全性更新 (KB973540)
Windows XP Hotfix (KB952287)
Windows XP Hotfix (KB961118)
Windows XP Hotfix (KB970653-v3)
Windows XP Service Pack 3
Windows XP 安全性更新 (KB923561)
Windows XP 安全性更新 (KB938464-v2)
Windows XP 安全性更新 (KB941569)
Windows XP 安全性更新 (KB946648)
Windows XP 安全性更新 (KB950760)
Windows XP 安全性更新 (KB950762)
Windows XP 安全性更新 (KB950974)
Windows XP 安全性更新 (KB951066)
Windows XP 安全性更新 (KB951376-v2)
Windows XP 安全性更新 (KB951748)
Windows XP 安全性更新 (KB952004)
Windows XP 安全性更新 (KB952954)
Windows XP 安全性更新 (KB954459)
Windows XP 安全性更新 (KB956572)
Windows XP 安全性更新 (KB956744)
Windows XP 安全性更新 (KB956802)
Windows XP 安全性更新 (KB956803)
Windows XP 安全性更新 (KB956844)
Windows XP 安全性更新 (KB957097)
Windows XP 安全性更新 (KB958644)
Windows XP 安全性更新 (KB958687)
Windows XP 安全性更新 (KB958690)
Windows XP 安全性更新 (KB959426)
Windows XP 安全性更新 (KB960225)
Windows XP 安全性更新 (KB960715)
Windows XP 安全性更新 (KB960803)
Windows XP 安全性更新 (KB960859)
Windows XP 安全性更新 (KB961371)
Windows XP 安全性更新 (KB961373)
Windows XP 安全性更新 (KB961501)
Windows XP 安全性更新 (KB963027)
Windows XP 安全性更新 (KB968537)
Windows XP 安全性更新 (KB969897)
Windows XP 安全性更新 (KB969898)
Windows XP 安全性更新 (KB970238)
Windows XP 安全性更新 (KB971557)
Windows XP 安全性更新 (KB971633)
Windows XP 安全性更新 (KB971657)
Windows XP 安全性更新 (KB971961)
Windows XP 安全性更新 (KB972260)
Windows XP 安全性更新 (KB973346)
Windows XP 安全性更新 (KB973354)
Windows XP 安全性更新 (KB973507)
Windows XP 安全性更新 (KB973869)
Windows XP 更新 (KB951978)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB967715)
Windows XP 更新 (KB968389)
Windows XP 更新 (KB973815)
WinPcap 4.0.2
World of Warcraft FREE Trial
XnView 1.96
XnView Shell Extension 2.6.0
yBook
蚥蹄 i蹄
辦陬(FlashGet)3.0 淏宒唳
---- End ----

by **Jack&Jill** » September 23rd, 2009, 8:11 pm

Hello wealthluck

,

Remove P2P software

IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet
eMule0.49c
Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
Please remove them before we continue with fixing your computer.

Please post back:
1. new HijackThis log
2. new uninstall list

by **wealthluck** » September 24th, 2009, 11:57 am

Hi Jack&Jill,

Thank you very much for your further reply and assistance, so happy indeed to hear from you again!!!!

I've uninstalled Bitcomet and the folder of the portable emule has been entirely removed. The new logs are hereunder quoted.

Thanks a billion, cheers....

=======================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:17, on 24/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Tools\StrokeIt\strokeit.exe
C:\Tools\ShellEnhancer\ShellEnhancer.exe
C:\Tools\Symbol Commander Pro\Sensiva.exe
C:\Tools\TaskSwitchXP2011\TaskSwitchXP.exe
C:\Tools\ccCleaner223\CCleaner.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Tools\NetTransport2.80.441\FTPTransport.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\ExpressMenuBullzip\exmenu.exe
C:\Tools\Ditto\Ditto.exe
C:\Tools\WinSplit Revolution\WinSplit.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Tools\ZoomIt.exe
C:\Tools\Reminder.exe
C:\Program Files\Speaking Clock\spclock.exe
C:\Program Files\NamiRobot\DUTool.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Tools\RightClick\RightClick.exe
C:\Program Files\GridService\peeradapter.exe
C:\Program Files\GridService\peer.exe
C:\Tools\Crazy Browser\Crazy Browser.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Tools\PlayerClassicMedia\mplayerc.exe
C:\Documents and Settings\USE\Application Data\Microsoft\Internet Explorer\Quick Launch\Antis\HijackThis.exe
C:\Program Files\UberIcon\UberIcon Manager.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\USE\Application Data\FlashGetBHO\FlashGetBHO3.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CHotkey] C:\APPS\Chicony\chicony.bat
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PostOOBE] C:\WINDOWS\system32\wscript.exe C:\DRIVERS\POSTOOBE.NEC //E:VBS
O4 - HKLM\..\Run: [BtnMovie] 1152 x 864 @ 1Hz 32bit colors
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [AutoShutdown] C:\WINDOWS\zenotib\zenotib.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\Program Files\Free Internet Window Washer\Clearpch.exe -Start
O4 - HKCU\..\Run: [Sensiva] "C:\Tools\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Tools\WinSplit Revolution\WinSplit.exe
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\MmmHACE\Mmm.exe"
O4 - HKCU\..\Run: [DW6] "C:\PROGRA~1\THEWEA~1\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [FontLoader] C:\Program Files\ShellToolsMoonSoftware\FontLoaderSysTray.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Tools\VolumeMouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Wallpaper Manager] C:\Program Files\WallpaperChangerAdolix\AWC.exe -startup
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ccleaner] "C:\Tools\ccCleaner223\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Kana Reminder] "C:\Tools\Reminder.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Dictionary - http://files.db3nf.com/scripts/ie.htm
O8 - Extra context menu item: &Encyclopedia - http://files.db3nf.com/scripts/ie-e.htm
O8 - Extra context menu item: &Search - ?p=ZC
O8 - Extra context menu item: &U妏蚚馨譙儂狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: 妏蚚辦陬3狟婥窒蟈諉 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_burger ... yer_v4.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 9739 bytes
=======================================================

New Uninstall List as below :-

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.7 - Chinese Traditional
Adobe Shockwave Player 11.5
Adolix Wallpaper Changer 2.2
AimOne All to MP3 Converter 1.61
a-squared Free 4.0
Atheros Communications Inc.(R) L2 Fast Ethernet Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoHotkey 1.0.48.01
AutoShutdown
avast! Antivirus
AXPDF Converter
Beach Party Craze
Big Island Blends
Boilsoft Video Splitter 5.16
Bullzip Express Menu 2.0.3186.20544
Burger Island
Burger Island 2
Burger Shop
Cake Mania 3
Catalyst Control Center - Branding
ClickOff version 1.82
ClocX (1.5b2)
Cooking Dash
Cool Timer 3.6
Copy2Clip 1.0.7
CursorFX
CursorFX
CursorXP
CyberLink Live Codec Pack
Daycare Nightmare Mini Monsters
dBpoweramp FLAC Codec
dBpoweramp Music Converter
dBpowerAMP WMA V9.1 Codec
Diaper Dash
Diner Dash Flo On The Go
Diner Dash Flo Through Time
Diner Dash Hometown Hero
Diner Dash Seasonal Snack Pack
dMC Power Pack
Doggie Dash
Dress Shop Hop
Dress Up Rush
EPSON Printer Software
Fashion Boutique
Fashion Craze
Fashion Dash
Fashion Fits
FileNote (Remove Only)
Fitness Dash
Flower Shop Big City Break
Fomine NetSend (remove only)
Free Internet Window Washer
Gourmania
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICE Book Reader Professional Retail
Ice Cream Craze Tycoon Takeover
Ice Cream Mania
InfoTag Magic 1.0
Intel(R) Graphics Media Accelerator Driver
iSiloX
iWisoft Flash SWF Downloader 1.8
Janes Hotel
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 16
Jewelleria
KB898458：Step by Step Interactive Training 筆記本檢視器安全性更新
KB923723：Step by Step Interactive Training 筆記本檢視器安全性更新
K-Lite Codec Pack 5.0.0 (Full)
Lakeridge Software WisBar Advance 3 for WM6 v3.0.0.2
Livestation
Macromedia Flash Player 8
Macromedia Shockwave Player
MediaInfo 0.7.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Miriel The Magical Merchant
Multilingual Speaking Clock ver 2.6
Multimedia Keyboard Driver Ver1.0 (KB-0108)
Mystic Emporium
Nero 9.0.9.4 Lite
NJStar Communicator
OpenAL
OpenOffice.org 2.4
Party Down
Piky Basket 2.0
PowerCinema
Purrfect Pet Shop
QuickTime Alternative 2.9.2
RAM Idle LE
RaySource 2.1.10.8366
Realtek High Definition Audio Driver
RealWorld Change Cursor
Replay AV 8
Replay Converter 2.8
Resco Explorer
RollerCoaster Tycoon 3 Demo
Shapez 3.0 Freeware
Shell Tools
Shuangs Audio Joiner 1.2
Sonic MyDVD LE
Sonic RecordNow!
Spb Pocket Plus
Sprouts Adventure
Spybot - Search & Destroy
SpywareBlaster 4.2
Squeaky Clean
Stand O Food 2
Stardock Central
Supermarket Mania
The Weather Channel Desktop 6
Total Video Converter 3.50
UberIcon 1.0.4
Ulead GIF Animator 5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Video Cutter 1.0
VLC media player 0.9.9
WinAVI Video Converter
WindowBlinds
Windows Driver Package - Intel hdc (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel hdc (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
Windows Driver Package - Intel System (01/13/2007 8.3.0.1008)
Windows Driver Package - Intel System (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
Windows Driver Package - Intel System (02/22/2006 8.1.0.1002)
Windows Driver Package - Intel System (02/28/2007 8.3.0.1013)
Windows Driver Package - Intel System (03/09/2006 7.3.0.1013)
Windows Driver Package - Intel System (03/10/2005 7.0.0.1019)
Windows Driver Package - Intel System (03/25/2004 5.1.0.1009)
Windows Driver Package - Intel System (04/10/2006 8.0.0.1008)
Windows Driver Package - Intel System (05/23/2005 7.1.0.1011)
Windows Driver Package - Intel System (05/26/2004 6.1.0.1008)
Windows Driver Package - Intel System (08/25/2003 5.1.0.1006)
Windows Driver Package - Intel System (09/13/2005 7.2.2.1001)
Windows Driver Package - Intel System (10/11/2002 4.20.1007)
Windows Driver Package - Intel System (12/06/2006 8.2.0.1002)
Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
Windows Driver Package - Intel USB (05/15/2006 7.4.0.1005)
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 安全性更新 (KB936782)
Windows Media Player 安全性更新 (KB952069)
Windows Media Player 安全性更新 (KB973540)
Windows XP Hotfix (KB952287)
Windows XP Hotfix (KB961118)
Windows XP Hotfix (KB970653-v3)
Windows XP Service Pack 3
Windows XP 安全性更新 (KB923561)
Windows XP 安全性更新 (KB938464-v2)
Windows XP 安全性更新 (KB941569)
Windows XP 安全性更新 (KB946648)
Windows XP 安全性更新 (KB950760)
Windows XP 安全性更新 (KB950762)
Windows XP 安全性更新 (KB950974)
Windows XP 安全性更新 (KB951066)
Windows XP 安全性更新 (KB951376-v2)
Windows XP 安全性更新 (KB951748)
Windows XP 安全性更新 (KB952004)
Windows XP 安全性更新 (KB952954)
Windows XP 安全性更新 (KB954459)
Windows XP 安全性更新 (KB956572)
Windows XP 安全性更新 (KB956744)
Windows XP 安全性更新 (KB956802)
Windows XP 安全性更新 (KB956803)
Windows XP 安全性更新 (KB956844)
Windows XP 安全性更新 (KB957097)
Windows XP 安全性更新 (KB958644)
Windows XP 安全性更新 (KB958687)
Windows XP 安全性更新 (KB958690)
Windows XP 安全性更新 (KB959426)
Windows XP 安全性更新 (KB960225)
Windows XP 安全性更新 (KB960715)
Windows XP 安全性更新 (KB960803)
Windows XP 安全性更新 (KB960859)
Windows XP 安全性更新 (KB961371)
Windows XP 安全性更新 (KB961373)
Windows XP 安全性更新 (KB961501)
Windows XP 安全性更新 (KB963027)
Windows XP 安全性更新 (KB968537)
Windows XP 安全性更新 (KB969897)
Windows XP 安全性更新 (KB969898)
Windows XP 安全性更新 (KB970238)
Windows XP 安全性更新 (KB971557)
Windows XP 安全性更新 (KB971633)
Windows XP 安全性更新 (KB971657)
Windows XP 安全性更新 (KB971961)
Windows XP 安全性更新 (KB972260)
Windows XP 安全性更新 (KB973346)
Windows XP 安全性更新 (KB973354)
Windows XP 安全性更新 (KB973507)
Windows XP 安全性更新 (KB973869)
Windows XP 更新 (KB951978)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB967715)
Windows XP 更新 (KB968389)
Windows XP 更新 (KB973815)
WinPcap 4.0.2
World of Warcraft FREE Trial
XnView 1.96
XnView Shell Extension 2.6.0
蚥蹄 i蹄
辦陬(FlashGet)3.0 淏宒唳
======== End ========

by **Jack&Jill** » September 25th, 2009, 7:20 am

Hello wealthluck

,

Thank you very much for your further reply and assistance, so happy indeed to hear from you again!!!!

I've uninstalled Bitcomet and the folder of the portable emule has been entirely removed. The new logs are hereunder quoted.

You are welcome. Well done with the P2P removal.

Please download OTL© by OldTimer and save it to your desktop. Click here.

Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are five of them.
Check Scan All Users.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please download GMER and save it to your desktop. Click here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
In the right panel, you will see several boxes that have been checked (ticked). Uncheck the following:
- Sections
- IAT/EAT
- All other Drives/Partitions except Systemdrive, typically C:\ (leave C:\ checked)
- Show All (don't miss this one)
Then click the Scan button and wait for it to finish.
Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

Do not run any other programs while GMER is running.

Any luck going into booting up in normal mode? If you can boot up in normal mode, run the above tools in normal mode. Else, continue in safe mode. If you get A BSOD, take down the error message details and post it back here.

Please post back:
1. the OTL reports (OTL.txt and Extras.txt)
2. GMER result
3. BSOD error message details

by **wealthluck** » September 25th, 2009, 2:25 pm

Hi Jack&Jill,
I just had to run the scans in safe mode, I haven't been able to boot into normal mode at all ever since a while back before I put up this SOS thread. Up until I checked out your latest reply, I tried again to see if I can luckily do the scans in nomal mode but still no luck. The 4 required logs are respectively hereunder and on the next 3 replies.
Thanks a great deal....
-------------------------------------------------------------------------------------------------------

1) OTL :-
=======================================================
OTL logfile created on: 25/9/2009 21:53:24 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\USE\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1023.17 Mb Total Physical Memory | 713.91 Mb Available Physical Memory | 69.77% Memory free
2.40 Gb Paging File | 2.22 Gb Available in Paging File | 92.52% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 172.56 Gb Total Space | 127.75 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 11.73 Gb Free Space | 2.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNNECCAP
Current User Name: USE
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/05/10 12:31:22 | 00,241,664 | ---- | M] (Stardock) -- C:\Program Files\Common Files\Stardock\SDMCP.exe
PRC - [2008/04/15 18:54:48 | 00,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/02/18 03:13:10 | 00,021,504 | ---- | M] () -- C:\Tools\StrokeIt\strokeit.exe
PRC - [2009/03/17 10:39:50 | 01,541,120 | ---- | M] () -- C:\Program Files\Free Internet Window Washer\Clearpch.exe
PRC - [2008/04/04 20:56:12 | 00,436,736 | ---- | M] (www.CrazyBrowser.com) -- C:\Tools\Crazy Browser\Crazy Browser.exe
PRC - [2009/08/26 12:53:30 | 01,681,208 | ---- | M] (Piriform Ltd) -- C:\Tools\ccCleaner223\CCleaner.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
PRC - [2009/04/17 01:03:27 | 00,368,640 | ---- | M] () -- C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe
PRC - [2008/06/05 04:41:18 | 03,825,152 | ---- | M] () -- C:\Tools\WinSplit Revolution\WinSplit.exe
PRC - [2002/04/05 17:18:52 | 02,203,648 | ---- | M] (Sensiva, Inc.) -- C:\Tools\Symbol Commander Pro\Sensiva.exe
PRC - [2005/01/19 16:44:22 | 00,140,288 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2009/09/25 21:06:13 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USE\桌面\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/15 03:53:01 | 01,852,488 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/06 05:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])
SRV - [2009/02/26 05:27:41 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2009/02/25 15:15:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/02/06 05:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])
SRV - [2009/02/06 05:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/02/06 05:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2007/03/02 17:55:30 | 00,278,608 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/02 17:55:30 | 00,110,677 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/09/03 11:51:46 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2008/04/15 18:54:36 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/05 16:06:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/03/02 17:56:10 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Stopped])
SRV - [2007/11/07 04:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2007/11/30 19:18:51 | 00,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe -- (spupdsvc [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/04/16 13:53:00 | 02,825,088 | ---- | M] (ASUSTek) -- C:\WINDOWS\System32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Stopped])
DRV - [2009/02/06 05:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/14 02:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/11/29 14:46:24 | 00,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2009/02/06 05:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])
DRV - [2009/02/06 05:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])
DRV - [2009/02/06 05:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])
DRV - [2009/02/06 05:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Stopped])
DRV - [2009/02/06 05:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/10/17 20:12:00 | 00,030,720 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\l251x86.sys -- (AtcL002 [On_Demand | Running])
DRV - [2009/02/26 06:58:57 | 03,565,568 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2004/10/08 16:58:00 | 00,751,104 | ---- | M] (Asus) -- C:\WINDOWS\System32\DRIVERS\Cap713x.sys -- (Cap713x [On_Demand | Stopped])
DRV - [2001/08/31 19:16:32 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/08/12 20:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys -- (FsVga [System | Running])
DRV - [2008/04/14 00:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/04/16 14:16:26 | 05,760,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Stopped])
DRV - [2007/06/14 16:41:00 | 04,429,312 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Stopped])
DRV - [2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Stopped])
DRV - [2003/12/17 09:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Stopped])
DRV - [2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Stopped])
DRV - [2008/04/14 02:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/13 10:56:20 | 00,005,810 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2008/04/14 02:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/11/07 04:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2002/03/19 10:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\drivers\pclepci.sys -- (PCLEPCI [System | Stopped])
DRV - [1998/12/24 07:10:00 | 00,013,440 | ---- | M] (PenPower Tech LTD.) -- C:\WINDOWS\System32\DRIVERS\ppen.sys -- (PPEN [System | Stopped])
DRV - [2004/08/12 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2006/01/18 18:41:58 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2008/04/14 00:39:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/14 02:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2005/10/21 09:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Running])
DRV - [2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2009/09/25 17:09:50 | 00,035,363 | ---- | M] () -- C:\WINDOWS\System32\windrvNT.sys -- (windrvNT [Auto | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com
IE - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 10:30:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/05 16:06:46 | 00,000,000 | ---D | M]

O1 HOSTS File: (335225 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11488 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\USE\Application Data\FlashGetBHO\FlashGetBHO3.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\..\Toolbar\WebBrowser: (no name) - {CB789373-04D5-4EF4-9C16-871463FD0830} - No CLSID value found.
O4 - HKLM..\Run: [AutoShutdown] C:\WINDOWS\zenotib\zenotib.exe (Barefoot Productions, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BtnMovie] File not found
O4 - HKLM..\Run: [CHotkey] C:\APPS\Chicony\chicony.bat ()
O4 - HKLM..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [$Volumouse$] C:\Tools\VolumeMouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [ccleaner] C:\Tools\ccCleaner223\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [FontLoader] C:\Program Files\ShellToolsMoonSoftware\FontLoaderSysTray.exe (Moon Software)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [Free Internet Window Washer] C:\Program Files\Free Internet Window Washer\Clearpch.exe ()
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [Kana Reminder] C:\Tools\Reminder.exe (Kana Solution)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [Mmm] C:\Program Files\MmmHACE\Mmm.exe ()
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [Sensiva] C:\Tools\Symbol Commander Pro\Sensiva.exe (Sensiva, Inc.)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe ()
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [Wallpaper Manager] C:\Program Files\WallpaperChangerAdolix\AWC.exe ()
O4 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006..\Run: [Winsplit] C:\Tools\WinSplit Revolution\WinSplit.exe ()
O4 - HKLM..\RunOnce: [RealHideIPunstall] File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\#Megaupload下不了.url ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\a-squared Free.lnk = C:\Program Files\a-squared Free\a2free.exe (Emsi Software GmbH)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Acapella-MoreCompleteCollection2009(HHIR) [2009/09/25 10:41:02 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Acapellas [2009/09/25 10:41:02 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\AutoHotkeyDateIndicator(ByTic).lnk = C:\Tools\AutoHotkeyDateIndicator(ByTic).ahk ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\AvastScanner.lnk = C:\Program Files\Avast4\ashSimp2.exe (ALWIL Software)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Brightness&ColorSwapper-gapa.lnk = C:\Tools\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe (Tomasz Porosi?ski)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Bullzip Express Menu.lnk = C:\Program Files\ExpressMenuBullzip\exmenu.exe (Bullzip)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Clickoff.exe.lnk = C:\Program Files\ClickOff\Clickoff.exe ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\ComboFix.url ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\CursorFX [2009/09/25 16:58:07 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Ditto.exe.lnk = C:\Tools\Ditto\Ditto.exe ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Downloads [2009/05/18 09:11:28 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Downloads(E).lnk = E:\Downloads [2009/08/29 00:14:58 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\E-Installers - HijackThis.lnk = E:\~Sundries-Nec\~ToPutIntoCd\E-Installers [2009/08/30 09:28:02 | 00,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\FTPTransport.exe.lnk = C:\Tools\NetTransport2.80.441\FTPTransport.exe (Xi)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\JDownloader 0.8.lnk = C:\Tools\JDownloader 0.8\JDownloader.exe (AppWork UG (haftungsbeschrankt))
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Livestation [2009/09/24 17:05:17 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Munich1999MJ&FriendsConcert(FmMjsunnyFtp) [2009/09/24 20:34:52 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\RaySource.lnk = C:\Program Files\RaySource\RaySource.exe ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\RightClick.exe.lnk = C:\Tools\RightClick\RightClick.exe (Stardock.net)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\ShellEnhancer.exe.lnk = C:\Tools\ShellEnhancer\ShellEnhancer.exe (NuonSoft)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Spybot - Search & Destroy.lnk = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\strokeit.lnk = C:\Tools\StrokeIt\strokeit.exe ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\TaskSwitchXP.lnk = C:\Tools\TaskSwitchXP2011\TaskSwitchXP.exe (Alexander Avdonin)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\UnlockerPortable.exe.lnk = C:\Tools\UnlockerPortable\UnlockerPortable.exe (PortableAppZ.blogspot.com)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\volumouse.exe.lnk = C:\Tools\VolumeMouse\volumouse.exe (NirSoft)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\ZoomIt.lnk = C:\Tools\ZoomIt.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~Music(AllDoneButToMakeSureIfAllSpareCopiesToDelete) [2009/09/24 16:49:18 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~Ppc [2009/09/25 02:03:24 | 00,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~neverland122（布拉格_史巡演） - _ - 优酷_ - 在_看 - _克_杰克_ michael Jackson File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~Ray-Thriller25thBookletAnniversaryMemorial File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~~~~~~Flv-《Thriller》未曝光的拍_面！20090923 - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz! File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~好想把你抱走~11_可_小_再次更新~~12_新增_血大_系列~ - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz! File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\乾艘弝畦溫.lnk = C:\Program Files\56.comPlayer\isee.exe (?看)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\化_K的Fb上_于的（_勿_） - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url ()
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - CCleaner.exe.lnk = C:\Tools\ccCleaner223\CCleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - CursorXP.lnk = C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - DUTool.exe.lnk = C:\Program Files\NamiRobot\DUTool.exe ()
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - NetTransport.exe.lnk = C:\Tools\NetTransport2.80.441\NetTransport.exe (Xi)
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: File not found
O4 - Startup: File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Dictionary - File not found
O8 - Extra context menu item: &Encyclopedia - File not found
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &U妏蚚馨譙儂狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html ()
O8 - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8 - Extra context menu item: &U使用米人下载并收藏 - C:\Program Files\NamiRobot\Data\du.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm File not found
O8 - Extra context menu item: 妏蚚辦陬3狟婥 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetUrl.htm File not found
O8 - Extra context menu item: 妏蚚辦陬3狟婥窒蟈諉 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm File not found
O8 - Extra context menu item: 使用 Mega 管理器下??接... - Reg Error: Value error. File not found
O8 - Extra context menu item: 使用 Mega 管理器下载链接... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm File not found
O8 - Extra context menu item: 使用快?3下? - Reg Error: Value error. File not found
O8 - Extra context menu item: 使用快?3下?全部?接 - Reg Error: Value error. File not found
O8 - Extra context menu item: 使用快车3下载 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetUrl.htm File not found
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Documents and Settings\USE\Application Data\FlashGetBHO\GetAllUrl.htm File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1192798999-1536786436-3313207897-1006\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://zone.msn.com/binGame/ZAxRcMgr.cab (ZoneAxRcMgr Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://games.bigfishgames.com/en_burger ... yer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab (Java Plug-in 1.4.2_05)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\MCPClient: DllName - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll - C:\Program Files\Common Files\Stardock\MCPStub.dll (Stardock)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\Stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/09/25 21:06:50 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\USE\桌面\31mxp7db.exe
[2009/09/25 21:06:13 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\USE\桌面\OTL.exe
[2009/09/25 17:49:28 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\乾艘弝畦溫.lnk
[2009/09/25 17:49:26 | 00,000,000 | ---D | C] -- C:\Program Files\56.comPlayer
[2009/09/25 16:58:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\CursorFX
[2009/09/25 09:51:04 | 00,000,000 | ---- | C] () -- C:\Program Files\VideoConverterOJOsoftTotal
[2009/09/25 09:51:04 | 00,000,000 | ---- | C] () -- C:\Program Files\VideoConverterOJOsoftTotal
[2009/09/25 02:03:24 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~Ppc
[2009/09/25 02:01:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Acapella-MoreCompleteCollection2009(HHIR)
[2009/09/25 02:00:44 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Acapellas
[2009/09/24 17:05:17 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Livestation
[2009/09/24 16:50:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - ~Childhood - ToFind'MaMaChaCha'&AddToPlaylist&Ppc
[2009/09/24 16:49:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~Music(AllDoneButToMakeSureIfAllSpareCopiesToDelete)
[2009/09/24 12:56:10 | 00,000,186 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\IMATION (E).lnk
[2009/09/23 13:10:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Munich1999MJ&FriendsConcert(FmMjsunnyFtp)
[2009/09/23 04:41:53 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~~~~~~Flv-《Thriller》未曝光的拍_面！20090923 - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url
[2009/09/23 04:32:23 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~好想把你抱走~11_可_小_再次更新~~12_新增_血大_系列~ - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url
[2009/09/23 04:27:56 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\My Documents\My Music
[2009/09/23 04:25:15 | 00,000,164 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\化_K的Fb上_于的（_勿_） - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url
[2009/09/23 01:46:45 | 00,000,000 | ---D | C] -- C:\Program Files\Total Video Converter
[2009/09/22 18:12:36 | 00,000,467 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~~~~GasReading.lnk
[2009/09/22 04:08:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Mpeg
[2009/09/22 02:11:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\My Documents\OJOsoft Corporation
[2009/09/22 02:10:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2009/09/22 02:06:55 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - ~Childhood
[2009/09/21 19:08:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - LiveInConcertFlac-OneNightInJapanYokohama
[2009/09/21 19:05:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/09/21 19:05:36 | 00,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
[2009/09/21 19:05:36 | 00,003,400 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2009/09/21 16:10:20 | 00,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
[2009/09/21 16:10:20 | 00,002,989 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2009/09/21 16:09:53 | 00,027,958 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC Power Pack.bmp
[2009/09/21 16:09:53 | 00,010,840 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dMC Power Pack.dat
[2009/09/21 15:58:18 | 00,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/09/21 15:58:18 | 00,013,015 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/09/21 15:50:13 | 00,000,000 | ---D | C] -- C:\Program Files\Illustrate
[2009/09/21 02:31:57 | 00,000,185 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~Ray-Thriller25thBookletAnniversaryMemorial.url
[2009/09/20 18:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Application Data\RealHideIP
[2009/09/20 18:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealHideIP
[2009/09/20 03:41:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Application Data\Zcom4158515
[2009/09/18 18:42:43 | 00,162,816 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\WINDOWS\System32\fmod.dll
[2009/09/18 12:05:26 | 00,000,156 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~neverland122（布拉格_史巡演） - _ - 优酷_ - 在_看 - _克_杰克_ michael Jackson.url
[2009/09/18 11:20:09 | 00,000,705 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - DUTool.exe.lnk
[2009/09/18 03:24:29 | 00,000,951 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Spybot - Search & Destroy.lnk
[2009/09/17 22:03:11 | 00,003,482 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~~Wallpapers.awc
[2009/09/17 21:35:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - PreHistory-TheLostSteeltownRecordings
[2009/09/17 18:06:22 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\SpywareBlaster.lnk
[2009/09/17 17:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/09/17 16:16:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Application Data\Kana Solution
[2009/09/17 14:10:23 | 00,000,000 | ---D | C] -- C:\InstallersFmCd(AntisScanned&Free)
[2009/09/17 03:52:41 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/09/17 03:52:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/09/16 21:28:15 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - DestinyTour1979DVD
[2009/09/16 19:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/16 19:58:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/09/16 13:19:43 | 03,318,656 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\ComboFix.exe
[2009/09/16 13:04:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/16 13:02:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/16 12:51:20 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/16 12:51:20 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/16 12:51:20 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/16 12:51:20 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/16 12:51:20 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/16 12:51:20 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/16 12:51:20 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/16 12:51:20 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/16 12:51:15 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/09/16 12:50:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/16 02:20:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - OFF_THE_WALL
[2009/09/15 16:03:59 | 00,006,344 | ---- | C] () -- C:\WINDOWS\System32\gafilter.sti
[2009/09/15 16:03:57 | 00,010,208 | ---- | C] () -- C:\WINDOWS\System32\gaeffect.sti
[2009/09/15 16:01:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Ulead.dat
[2009/09/15 16:01:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Noslip
[2009/09/15 16:01:28 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2009/09/15 15:59:43 | 00,000,409 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/09/15 15:59:38 | 01,056,768 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2009/09/15 15:59:37 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2009/09/15 15:59:30 | 00,000,000 | ---D | C] -- C:\Program Files\UleadGifAnimator5.6FullFX
[2009/09/15 12:45:04 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - HIStory美版首版-Whether2OnesNotDownloadedYet
[2009/09/15 03:03:17 | 00,000,517 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~~YouKu.lnk
[2009/09/15 03:02:56 | 00,000,517 | ---- | C] () -- C:\~~YouKu.lnk
[2009/09/14 22:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Local Settings\Application Data\Apple Computer
[2009/09/14 04:18:38 | 00,000,199 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\#Megaupload下不了.url
[2009/09/13 22:40:16 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\JDownloader 0.8.lnk
[2009/09/13 18:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Application Data\gtk-2.0
[2009/09/13 18:51:38 | 00,000,000 | ---D | C] -- C:\Program Files\Megaupload,Etc-ManagerTucan
[2009/09/13 11:42:20 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\E-Installers - HijackThis.lnk
[2009/09/13 09:59:07 | 00,000,292 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\NgohDeiGeh.lnk
[2009/09/13 09:58:39 | 00,000,292 | ---- | C] () -- C:\捷徑 - NgohDeiGeh.lnk
[2009/09/13 03:32:47 | 00,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2009/09/12 19:39:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/12 18:50:35 | 00,000,291 | ---- | C] () -- C:\捷徑 - ~~MichaelJackson(E).lnk
[2009/09/12 17:46:16 | 00,010,487 | ---- | C] () -- C:\qqfile.php
[2009/09/12 17:42:48 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2009/09/12 09:02:10 | 00,000,023 | ---- | C] () -- C:\WINDOWS\DownloadStudio.INI
[2009/09/11 09:48:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - 啟動
[2009/09/10 19:32:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/09/10 19:32:11 | 00,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/09/10 19:32:11 | 00,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/09/10 19:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/09/10 13:39:26 | 00,017,408 | ---- | C] () -- C:\WINDOWS\Shortcut.exe
[2009/09/10 13:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\RAM Idle LE
[2009/09/10 10:08:05 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - CCleaner.exe.lnk
[2009/09/10 09:46:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/09/10 09:15:59 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2009/09/10 09:15:58 | 00,135,168 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\DSKernel2.dll
[2009/09/10 09:11:05 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Converter
[2009/09/10 09:07:02 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/09/10 09:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\Replay AV 8
[2009/09/10 08:36:56 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/08 11:33:14 | 00,000,000 | ---D | C] -- C:\Program Files\AudioJoinerShuangs
[2009/09/07 20:10:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Local Settings\Application Data\yBook
[2009/09/07 20:09:40 | 00,240,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHED.DLL
[2009/09/07 13:08:53 | 00,000,261 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\Downloads(E).lnk
[2009/09/06 12:10:54 | 00,000,503 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\Sounds(Misc).lnk
[2009/09/05 18:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Local Settings\Application Data\Thinstall
[2009/09/05 18:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Application Data\Thinstall
[2009/09/05 16:08:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/05 16:08:04 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/05 16:08:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/05 16:08:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/03 14:31:57 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\RaySource.lnk
[2009/09/01 14:03:13 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\FTPTransport.exe.lnk
[2009/09/01 08:49:34 | 00,000,732 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - NetTransport.exe.lnk
[2009/09/01 07:50:19 | 00,000,527 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\E-Installers.lnk
[2009/09/01 07:36:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~捷徑 - Documents and Settings & FoldersToWorkWith
[2009/09/01 07:05:53 | 00,000,370 | ---- | C] () -- C:\捷徑 - ~Playlists.lnk
[2009/09/01 07:05:53 | 00,000,367 | ---- | C] () -- C:\~Pictures.lnk
[2009/08/31 18:42:04 | 00,000,253 | ---- | C] () -- C:\捷徑 - ~Backup.lnk
[2009/08/31 18:41:36 | 00,000,527 | ---- | C] () -- C:\捷徑 - E-Installers.lnk
[2009/08/31 18:40:07 | 00,000,291 | ---- | C] () -- C:\~~MichaelJackson(E).lnk
[2009/08/31 04:03:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/31 02:21:49 | 00,000,367 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~Pictures.lnk
[2009/08/31 02:21:26 | 00,000,291 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~~MichaelJackson(E).lnk
[2009/08/30 16:53:20 | 00,000,370 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~Playlists.lnk
[2009/08/30 14:23:21 | 00,000,253 | ---- | C] () -- C:\Documents and Settings\USE\My Documents\~Backup.lnk
[2009/08/30 10:51:29 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/08/30 09:33:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\USE\Application Data\Megaupload
[2009/08/29 10:52:46 | 00,000,261 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Downloads(E).lnk
[2009/08/29 10:11:27 | 00,000,182 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\ComboFix.url
[2009/08/29 01:10:23 | 00,000,000 | ---D | C] -- C:\Program Files\NamiRobot
[2009/08/28 19:55:26 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\AvastScanner.lnk
[2009/08/22 09:41:10 | 00,000,033 | ---- | C] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI
[2009/08/02 09:21:03 | 00,000,132 | ---- | C] () -- C:\WINDOWS\pdf2html.INI
[2009/07/26 02:27:15 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/26 02:27:12 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/07/26 02:27:12 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/30 11:36:08 | 00,000,115 | ---- | C] () -- C:\WINDOWS\TrayServerData.ini
[2009/05/28 11:42:46 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/06 10:51:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ViDown.INI
[2009/04/26 14:07:55 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\ppword.dll
[2009/04/25 17:40:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ANNOTATE.INI
[2009/04/25 15:23:54 | 00,001,053 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009/04/22 22:25:01 | 00,000,917 | ---- | C] () -- C:\WINDOWS\System32\CLWatson.ini
[2009/04/21 10:06:39 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2009/04/21 10:06:39 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2009/04/17 12:36:26 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/17 12:36:17 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/17 12:36:15 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/17 12:36:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/17 02:13:20 | 00,000,081 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/04/16 23:44:41 | 00,000,378 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2009/04/16 12:44:21 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SDAddressBox16a5ed0525716.ini
[2009/03/24 11:39:28 | 00,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/03/24 11:38:47 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/11/07 04:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/09 16:12:32 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2006/08/07 14:49:40 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/07 14:32:32 | 00,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/07 14:29:51 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/08/07 14:29:51 | 00,000,491 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2006/08/07 14:29:03 | 00,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/08/07 14:17:18 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/07 14:15:21 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2005/08/03 10:49:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/05/13 08:20:52 | 00,001,982 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/18 08:55:38 | 00,000,797 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/01/18 08:31:07 | 00,000,808 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/18 08:31:02 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/18 07:44:29 | 01,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/01/07 00:48:20 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\adultpdf_Decrypt_reg.ini
[2004/01/07 00:47:06 | 00,000,076 | ---- | C] () -- C:\WINDOWS\System32\adultreg.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/09/25 21:32:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/25 21:19:16 | 00,000,027 | ---- | M] () -- C:\WINDOWS\SDAddressBox16a5ed0525716.ini
[2009/09/25 21:06:55 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\USE\桌面\31mxp7db.exe
[2009/09/25 21:06:13 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\USE\桌面\OTL.exe
[2009/09/25 17:49:28 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\乾艘弝畦溫.lnk
[2009/09/25 17:09:50 | 00,035,363 | ---- | M] () -- C:\WINDOWS\System32\windrvNT.sys
[2009/09/25 17:04:22 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/25 09:51:04 | 00,000,000 | ---- | M] () -- C:\Program Files\VideoConverterOJOsoftTotal
[2009/09/25 08:40:52 | 03,397,456 | -H-- | M] () -- C:\Documents and Settings\USE\Local Settings\Application Data\IconCache.db
[2009/09/25 08:39:50 | 03,318,656 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\ComboFix.exe
[2009/09/24 19:54:32 | 00,335,225 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/24 12:56:10 | 00,000,186 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\IMATION (E).lnk
[2009/09/24 02:30:00 | 00,112,128 | ---- | M] () -- C:\Documents and Settings\USE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 04:41:22 | 00,000,164 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~~~~~~Flv-《Thriller》未曝光的拍_面！20090923 - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url
[2009/09/23 04:31:20 | 00,000,164 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~好想把你抱走~11_可_小_再次更新~~12_新增_血大_系列~ - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url
[2009/09/23 04:25:15 | 00,000,164 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\化_K的Fb上_于的（_勿_） - 我_的_王我_的偶像 - Our King, Our Icon - _克_·杰克_中_网 - 歌迷_ Michael Jackson Chinese Fanclub - Powered by Discuz!.url
[2009/09/23 00:32:04 | 00,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/22 18:12:36 | 00,000,467 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~~~~GasReading.lnk
[2009/09/22 17:38:47 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~~~~GasReading.rtf.lnk
[2009/09/22 05:07:53 | 00,060,256 | ---- | M] () -- C:\Documents and Settings\USE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/21 21:03:58 | 00,002,989 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2009/09/21 21:03:20 | 00,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
[2009/09/21 21:00:22 | 00,515,760 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009/09/21 19:05:36 | 00,003,400 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2009/09/21 19:05:27 | 00,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
[2009/09/21 16:10:50 | 00,010,840 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dMC Power Pack.dat
[2009/09/21 16:10:46 | 00,027,958 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dMC Power Pack.bmp
[2009/09/21 16:07:42 | 00,013,015 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009/09/21 16:07:20 | 00,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2009/09/21 01:53:00 | 00,000,185 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~Ray-Thriller25thBookletAnniversaryMemorial.url
[2009/09/18 18:52:18 | 00,162,816 | ---- | M] (Firelight Technologies Pty, Ltd) -- C:\WINDOWS\System32\fmod.dll
[2009/09/18 12:05:26 | 00,000,156 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\~~~~neverland122（布拉格_史巡演） - _ - 优酷_ - 在_看 - _克_杰克_ michael Jackson.url
[2009/09/18 00:04:52 | 00,000,705 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - DUTool.exe.lnk
[2009/09/17 22:05:15 | 01,440,054 | ---- | M] () -- C:\WINDOWS\WPCWallpaper.bmp
[2009/09/17 22:03:17 | 00,003,482 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~~Wallpapers.awc
[2009/09/17 18:06:22 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\SpywareBlaster.lnk
[2009/09/16 20:06:42 | 00,331,165 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090924-195432.backup
[2009/09/16 19:58:42 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Spybot - Search & Destroy.lnk
[2009/09/16 13:00:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/16 11:17:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/15 16:29:02 | 00,000,409 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2009/09/15 16:03:59 | 00,006,344 | ---- | M] () -- C:\WINDOWS\System32\gafilter.sti
[2009/09/15 16:03:57 | 00,010,208 | ---- | M] () -- C:\WINDOWS\System32\gaeffect.sti
[2009/09/15 16:01:54 | 00,000,102 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/09/14 04:18:38 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\#Megaupload下不了.url
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 09:58:40 | 00,000,292 | ---- | M] () -- C:\捷徑 - NgohDeiGeh.lnk
[2009/09/13 09:58:40 | 00,000,292 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\NgohDeiGeh.lnk
[2009/09/13 03:32:47 | 00,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI
[2009/09/13 03:26:20 | 00,001,477 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2009/09/12 18:50:35 | 00,000,291 | ---- | M] () -- C:\捷徑 - ~~MichaelJackson(E).lnk
[2009/09/12 17:46:16 | 00,010,487 | ---- | M] () -- C:\qqfile.php
[2009/09/12 09:02:10 | 00,000,023 | ---- | M] () -- C:\WINDOWS\DownloadStudio.INI
[2009/09/12 08:56:22 | 00,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2009/09/10 09:11:02 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/09/06 12:10:26 | 00,000,503 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\Sounds(Misc).lnk
[2009/09/05 21:00:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\JDownloader 0.8.lnk
[2009/09/05 16:06:38 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/09/05 16:06:38 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/09/05 16:06:38 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/05 16:06:38 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/09/05 16:06:37 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/09/05 12:19:44 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090916-200642.backup
[2009/09/03 09:12:57 | 00,000,132 | ---- | M] () -- C:\WINDOWS\pdf2html.INI
[2009/09/03 08:35:16 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\捷徑 - CCleaner.exe.lnk
[2009/08/31 18:41:38 | 00,000,527 | ---- | M] () -- C:\捷徑 - E-Installers.lnk
[2009/08/31 18:41:38 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\E-Installers.lnk
[2009/08/31 18:41:38 | 00,000,527 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\E-Installers - HijackThis.lnk
[2009/08/31 18:39:52 | 00,000,409 | ---- | M] () -- C:\捷徑 - ~~MichaelJackson.lnk
[2009/08/31 02:21:49 | 00,000,367 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~Pictures.lnk
[2009/08/31 02:21:49 | 00,000,367 | ---- | M] () -- C:\~Pictures.lnk
[2009/08/31 02:21:26 | 00,000,291 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~~MichaelJackson(E).lnk
[2009/08/31 02:21:26 | 00,000,291 | ---- | M] () -- C:\~~MichaelJackson(E).lnk
[2009/08/30 16:53:20 | 00,000,370 | ---- | M] () -- C:\捷徑 - ~Playlists.lnk
[2009/08/30 16:53:20 | 00,000,370 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~Playlists.lnk
[2009/08/30 14:23:21 | 00,000,253 | ---- | M] () -- C:\捷徑 - ~Backup.lnk
[2009/08/30 14:23:21 | 00,000,253 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\~Backup.lnk
[2009/08/29 10:20:07 | 00,000,261 | ---- | M] () -- C:\Documents and Settings\USE\My Documents\Downloads(E).lnk
[2009/08/29 10:20:07 | 00,000,261 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\Downloads(E).lnk
[2009/08/29 05:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/28 15:16:32 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\AvastScanner.lnk
[2009/08/28 14:59:05 | 00,000,182 | ---- | M] () -- C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\ComboFix.url
[2009/08/27 07:56:56 | 00,000,033 | ---- | M] () -- C:\WINDOWS\DownloadStudioScheduleMonitor.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:3BF63E4A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:57EE48CA
< End of report >

by **wealthluck** » September 25th, 2009, 2:27 pm

2) Extras :-
=======================================================

OTL Extras logfile created on: 25/9/2009 21:53:24 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\USE\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

1023.17 Mb Total Physical Memory | 713.91 Mb Available Physical Memory | 69.77% Memory free
2.40 Gb Paging File | 2.22 Gb Available in Paging File | 92.52% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 172.56 Gb Total Space | 127.75 Gb Free Space | 74.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.65 Gb Total Space | 11.73 Gb Free Space | 2.52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNNECCAP
Current User Name: USE
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"27695:TCP" = 27695:TCP:*:Enabled:BitComet 27695 TCP
"27695:UDP" = 27695:UDP:*:Enabled:BitComet 27695 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Tools\itudou\iTudou.exe" = C:\Tools\itudou\iTudou.exe:*:Enabled:iTudou -- (土豆网)
"C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe" = C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobile - My Mobiler -- ()
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe" = C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Tools\NetTransport2.80.441\NetTransport.exe" = C:\Tools\NetTransport2.80.441\NetTransport.exe:*:Enabled:NetXfer Download Manager -- (Xi)
"C:\Tools\eMule0.49c\emule.exe" = C:\Tools\eMule0.49c\emule.exe:*:Enabled:eMule -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Tools\TeamViewerPortable_en\TeamViewer.exe" = C:\Tools\TeamViewerPortable_en\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\GridService\peer.exe" = C:\Program Files\GridService\peer.exe:*:Enabled:muse peer -- (FS2YOU)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Tools\FlashGet 3.0 Portable\Flashget3.exe" = C:\Tools\FlashGet 3.0 Portable\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
"$INSTDIR\FlvDetector.exe" = C:\Tools\FlashGet 3.0 Portable\FlvDetector.exe:*:Enabled:FGFlvDetector -- File not found
"C:\Program Files\NamiRobot\DUTool.exe" = C:\Program Files\NamiRobot\DUTool.exe:*:Enabled:米人 -- ()
"C:\Program Files\ProxyShellHideIP\proxyshell.exe" = C:\Program Files\ProxyShellHideIP\proxyshell.exe:*:Enabled:ProxyShell Hide IP Standard -- File not found
"C:\DOCUME~1\USE\LOCALS~1\Temp\Alcohol.exe" = C:\DOCUME~1\USE\LOCALS~1\Temp\Alcohol.exe:*:Enabled:Windows Messanger -- File not found
"C:\Program Files\56.comPlayer\isee.exe" = C:\Program Files\56.comPlayer\isee.exe:*:Enabled:?看 -- (?看)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0C9B0475-F65F-45AB-8D88-2AE7C195E907}" = Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
"{1473BF77-AD54-4241-8624-340726E9E77B}" = AXPDF Converter
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E41C2E-9111-44AA-B8C4-20D4D59DD990}" = RealWorld Change Cursor
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{5DC0DF76-3B2F-4C38-BE34-58627949BC1A}" = Mega Manager
"{6350DFD0-01B0-11DE-87AF-0800200C9A66}" = Livestation
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{80851370-07CF-477B-837D-F2E488916CFE}" = OpenOffice.org 2.4
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A68C605C-D997-44E5-B29D-BC0E5E740BF7}" = DownloadStudio
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AC76BA86-7AD7-1028-7B44-A70700000002}" = Adobe Reader 7.0.7 - Chinese Traditional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4C7AD43-8E0A-4E0B-8291-9710F4D42ADE}" = CyberLink Live Codec Pack
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EDD68B48-E14C-4DB0-B30F-B7A15C44E71C}" = Shell Tools
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"03A5D259B3018EB0DA1A61DC077382FEDF551A43" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"0406547057933D9804DEC02F27CA9B7A5F4BBE1F" = Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
"05C95B74F98DE3CFF4D710EAAAA7E7AAF587AC69" = Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
"069028742E076ED93DD1BAA9E1ED7EFDF77D872A" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"077EEA4E5490F32ED5FA1C5F4E9EE425420E1919" = Windows Driver Package - Intel hdc (02/05/2007 8.3.0.1011)
"0E1D95024DADE1CF31A5889E7105B00FE74E28AE" = Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
"11DC20852D47052BEF583908C84D8B92DE34C370" = Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
"157D8D755B5773E5E4764F37125BCC14F16A7B77" = Windows Driver Package - Intel System (08/25/2003 5.1.0.1006)
"15ABB80B2DE947F4B30AF453D66552D76BE589C0" = Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
"19E5E67F3BBBAC2C396F95A754CEBBE0D84F497A" = Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
"1BA616419FE97AD2C3A3D0B86F55E2A51D366986" = Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
"29C374B5E1EFE5340CEB8AAF699DB210FAB225AE" = Windows Driver Package - Intel System (03/10/2005 7.0.0.1019)
"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"3467A68D3474BCB811069FF862E97C99D961D7B2" = Windows Driver Package - Intel System (05/26/2004 6.1.0.1008)
"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"38DD94E8E6C72C839A50F7A7AC75F5CCF79F1E74" = Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
"41354D334FF04D96CEECC6C9318A774417289CD9" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"52C3DD2886518E59EFCABD2613C5B65DBAFC4ED6" = Windows Driver Package - Intel System (03/09/2006 7.3.0.1013)
"52E82464361E3BEF41DF10AAAD67A99B96503421" = Windows Driver Package - Intel System (01/10/2005 7.0.0.1011)
"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)
"55A70DD10E74D09B728586875FA4E7292C3AD199" = Windows Driver Package - Intel System (05/23/2005 7.1.0.1011)
"560270EE7689071CE3EBE598A400A8BB54BC41A7" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"56A66DF95E25E69FDBC453F4C6D064E5BDACA196" = Windows Driver Package - Intel System (09/13/2005 7.2.2.1001)
"639ADB4E5574000C7EB7635F85892B4DFC6D521D" = Windows Driver Package - Intel System (02/22/2006 8.1.0.1002)
"6AF3DB1E47C2FB8060218ECD7C6BC24EC07AF9CC" = Windows Driver Package - Intel System (04/10/2006 8.0.0.1008)
"6B0871F586FDF05439973F79398D0C8F54883509" = Windows Driver Package - Intel System (02/05/2007 8.3.0.1011)
"6B2D8C73D098BEE5A98B76EC5129EBFAA562EDA6" = Windows Driver Package - Intel System (12/06/2006 8.2.0.1002)
"708C7D1FC4337825C3EE8F52E4916B928EDB0B67" = Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
"73501D040246FD1119FF9BD02EAA9CA1541A9E01" = Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
"7BE0C2739D20748EA44AC0D0EFEEBC437581417D" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"9AC3F4DC0EBF5E96B39B89EE1838775695511567" = Windows Driver Package - Intel System (01/13/2007 8.3.0.1008)
"AA4988082D53DDFFD0732FD315248A82A62EB15A" = Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
"ADD9148E09287DC9FED76E28632EA8199F032820" = Windows Driver Package - Intel System (02/28/2007 8.3.0.1013)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adolix Wallpaper Changer_is1" = Adolix Wallpaper Changer 2.2
"AimOne All to MP3 Converter_is1" = AimOne All to MP3 Converter 1.61
"All ATI Software" = ATI - Software Uninstall Utility
"a-squared Free_is1" = a-squared Free 4.0
"ATI Display Driver" = ATI Display Driver
"AutoHotkey" = AutoHotkey 1.0.48.01
"AutoShutdown" = AutoShutdown
"avast!" = avast! Antivirus
"B6352A8B6E6888E294E97F6B61C28CC6B50DBB78" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"BE3FEA48CED26ECE01CC8EE0326CA7F3BC5666AC" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"Beach Party Craze_is1" = Beach Party Craze
"Big Island Blends_is1" = Big Island Blends
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"Bullzip Express Menu_is1" = Bullzip Express Menu 2.0.3186.20544
"Burger Island 2_is1" = Burger Island 2
"Burger Island_is1" = Burger Island
"Burger Shop_is1" = Burger Shop
"C3540E3115555DFC712CBDACCF8EF42B1A9370B6" = Windows Driver Package - Intel System (10/11/2002 4.20.1007)
"Cake Mania 3_is1" = Cake Mania 3
"ClickOff_is1" = ClickOff version 1.82
"ClocX" = ClocX (1.5b2)
"Cooking Dash_is1" = Cooking Dash
"Cool Timer_is1" = Cool Timer 3.6
"CursorFX" = CursorFX
"CursorXP" = CursorXP
"DafiTech.Copy2Clip" = Copy2Clip 1.0.7
"Daycare Nightmare Mini Monsters_is1" = Daycare Nightmare Mini Monsters
"DBEF16AF480DAF08022CD5CF2AFCC77A13BC5683" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"DF30C24B66078DFBDCEC781CB08AC73CC6B4CEBC" = Windows Driver Package - Intel hdc (02/05/2007 8.3.0.1011)
"Diaper Dash_is1" = Diaper Dash
"Diner Dash Flo On The Go_is1" = Diner Dash Flo On The Go
"Diner Dash Flo Through Time_is1" = Diner Dash Flo Through Time
"Diner Dash Hometown Hero_is1" = Diner Dash Hometown Hero
"Diner Dash Seasonal Snack Pack_is1" = Diner Dash Seasonal Snack Pack
"dMC Power Pack" = dMC Power Pack
"Doggie Dash_is1" = Doggie Dash
"Dress Shop Hop_is1" = Dress Shop Hop
"Dress Up Rush_is1" = Dress Up Rush
"E8CC5DBEDF908775835695BA4EC7CA57E4868EA5" = Windows Driver Package - Intel System (03/25/2004 5.1.0.1009)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"F23440D1946B041AB1E8E98F3E97A4982890BF52" = Windows Driver Package - Intel System (02/06/2007 8.3.0.1011)
"F6FF53611EF96933CA50D420CA298B60A5456FD7" = Windows Driver Package - Intel USB (05/15/2006 7.4.0.1005)
"Fashion Boutique_is1" = Fashion Boutique
"Fashion Craze_is1" = Fashion Craze
"Fashion Dash_is1" = Fashion Dash
"Fashion Fits_is1" = Fashion Fits
"FileNote" = FileNote (Remove Only)
"Fitness Dash_is1" = Fitness Dash
"Flower Shop Big City Break_is1" = Flower Shop Big City Break
"Fomine NetSend" = Fomine NetSend (remove only)
"Free Internet Window Washer" = Free Internet Window Washer
"Gourmania_is1" = Gourmania
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ICE Book Reader Professional Retail" = ICE Book Reader Professional Retail
"Ice Cream Craze Tycoon Takeover_is1" = Ice Cream Craze Tycoon Takeover
"Ice Cream Mania_is1" = Ice Cream Mania
"iKu" = 蚥蹄 i蹄
"InfoTag Magic 1.0" = InfoTag Magic 1.0
"InstallShield_{D4C7AD43-8E0A-4E0B-8291-9710F4D42ADE}" = CyberLink Live Codec Pack
"iSiloX" = iSiloX
"iWisoft Flash SWF Downloader_is1" = iWisoft Flash SWF Downloader 1.8
"Janes Hotel_is1" = Janes Hotel
"Jewelleria_is1" = Jewelleria
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"Lakeridge Software WisBar Advance 3 for WM6_is1" = Lakeridge Software WisBar Advance 3 for WM6 v3.0.0.2
"MediaInfo" = MediaInfo 0.7.15
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miriel The Magical Merchant_is1" = Miriel The Magical Merchant
"Multilingual Speaking Clock_is1" = Multilingual Speaking Clock ver 2.6
"Mystic Emporium_is1" = Mystic Emporium
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"NJStar Communicator" = NJStar Communicator
"OpenAL" = OpenAL
"Party Down_is1" = Party Down
"Piky Basket_is1" = Piky Basket 2.0
"Purrfect Pet Shop_is1" = Purrfect Pet Shop
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
"RAM Idle LE_is1" = RAM Idle LE
"RaySource" = RaySource 2.1.10.8366
"Replay_AV_807" = Replay AV 8
"Replay_Converter_1" = Replay Converter 2.8
"Resco Explorer" = Resco Explorer
"Shapez 3.0 Freeware" = Shapez 3.0 Freeware
"Shuangs Audio Joiner_is1" = Shuangs Audio Joiner 1.2
"Spb Pocket Plus" = Spb Pocket Plus
"Sprouts Adventure_is1" = Sprouts Adventure
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Squeaky Clean" = Squeaky Clean
"Stand O Food 2_is1" = Stand O Food 2
"Stardock Central" = Stardock Central
"Supermarket Mania_is1" = Supermarket Mania
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"UberIcon_is1" = UberIcon 1.0.4
"Video Cutter_is1" = Video Cutter 1.0
"VLC media player" = VLC media player 0.9.9
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"XnView Shell Extension_is1" = XnView Shell Extension 2.6.0
"XnView_is1" = XnView 1.96
"辦陬(FlashGet)3.0" = 辦陬(FlashGet)3.0 淏宒唳

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1192798999-1536786436-3313207897-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mmm" = Mmm

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/7/2009 8:05:20 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\ZenGemsSetup.exe failed, 0000001E.

Error - 9/7/2009 8:12:31 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\WeddingDash2Setup.exe failed, 0000001E.

Error - 9/7/2009 18:24:23 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\StandOFood2Setup.exe failed, 0000001E.

Error - 9/7/2009 19:01:41 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
D:\TheGreatChocolateChaseSetup.exe failed, 0000001E.

Error - 22/8/2009 19:07:29 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 28/8/2009 2:53:25 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 28/8/2009 3:20:53 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function 00000002.

Error - 28/8/2009 7:55:58 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 28/8/2009 12:14:12 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 12/9/2009 23:39:41 | Computer Name = SNNECCAP | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\USE\「開始」功能表\程式集\啟動\HijackThis.exe failed, 00000005.

[ Application Events ]
Error - 24/9/2009 4:40:40 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 spybotsd.exe，版本 1.6.2.46，失敗的模組 spybotsd.exe，版本 1.6.2.46，錯誤位址
0x0002a936。

Error - 24/9/2009 7:00:31 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 mplayerc.exe，版本 6.4.9.0，失敗的模組 ffdshow.ax，版本 1.0.5.2052，錯誤位址
0x00122176。

Error - 24/9/2009 14:12:33 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 tvc.exe，版本 3.5.9.725，失敗的模組 sdl.dll，版本 1.2.11.0，錯誤位址 0x0002e625。

Error - 24/9/2009 20:46:05 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 clickoff.exe，版本 1.82.0.0，失敗的模組 clickoff.exe，版本 1.82.0.0，錯誤位址
0x00006a73。

Error - 24/9/2009 22:34:51 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 tvc.exe，版本 3.5.9.725，失敗的模組 sdl.dll，版本 1.2.11.0，錯誤位址 0x0002e625。

Error - 25/9/2009 1:23:50 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 tvc.exe，版本 3.5.9.725，失敗的模組 sdl.dll，版本 1.2.11.0，錯誤位址 0x0002e625。

Error - 25/9/2009 4:51:59 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 rightclick.exe，版本 1.2.0.739，失敗的模組 rightclick.exe，版本 1.2.0.739，錯誤位址
0x00020aaa。

Error - 25/9/2009 4:52:20 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 strokeit.exe，版本 0.9.5.0，失敗的模組 strokeit.exe，版本 0.9.5.0，錯誤位址
0x000031bd。

Error - 25/9/2009 5:53:30 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 iku.exe，版本 1.5.0.461，失敗的模組 iku.exe，版本 1.5.0.461，錯誤位址 0x0002630a。

Error - 25/9/2009 6:34:45 | Computer Name = SNNECCAP | Source = Application Error | ID = 1000
Description = 失敗的應用程式 mplayerc.exe，版本 6.4.9.0，失敗的模組 ffdshow.ax，版本 1.0.5.2052，錯誤位址
0x00122176。

[ System Events ]
Error - 24/9/2009 20:37:12 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，為了執行伺服器: {1BE1F766-5536-11D1-B726-00C04FB926AF}
之時

Error - 24/9/2009 20:37:51 | Computer Name = SNNECCAP | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: Aavmker4 aswSP Fips i8042prt intelppm PCLEPCI

Error - 24/9/2009 20:40:53 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，為了執行伺服器: {1BE1F766-5536-11D1-B726-00C04FB926AF}
之時

Error - 24/9/2009 20:44:15 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，為了執行伺服器: {1BE1F766-5536-11D1-B726-00C04FB926AF}
之時

Error - 24/9/2009 20:45:08 | Computer Name = SNNECCAP | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: Aavmker4 aswSP Fips i8042prt intelppm PCLEPCI

Error - 25/9/2009 2:55:33 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 wuauserv 而引數為 ""，為了執行伺服器: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
之時

Error - 25/9/2009 4:51:56 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 MSIServer 而引數為 ""，為了執行伺服器: {000C101C-0000-0000-C000-000000000046}
之時

Error - 25/9/2009 9:19:20 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，為了執行伺服器: {1BE1F766-5536-11D1-B726-00C04FB926AF}
之時

Error - 25/9/2009 9:32:53 | Computer Name = SNNECCAP | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，為了執行伺服器: {1BE1F766-5536-11D1-B726-00C04FB926AF}
之時

Error - 25/9/2009 9:33:56 | Computer Name = SNNECCAP | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入: Aavmker4 aswSP Fips i8042prt intelppm PCLEPCI

< End of report >

by **wealthluck** » September 25th, 2009, 2:31 pm

3) Gmer :-
=======================================================

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-26 01:23:55
Windows 5.1.2600 Service Pack 3
Running: nxikksup.exe; Driver: C:\DOCUME~1\USE\LOCALS~1\Temp\pwriypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@矏卉s^L?\xe48ec豦\0\0\0\0 1?
Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@矏卉s^L?\xe48ec豦\0\0\0\0 1?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@0}\16f? 32904
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@送0}\16f?\0 136
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35219C1F-B9FE-8680-CEE4-8C51B28ED9C3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35219C1F-B9FE-8680-CEE4-8C51B28ED9C3}@lahemmgeiiohagcdodhbcbji 0x62 0x62 0x61 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35219C1F-B9FE-8680-CEE4-8C51B28ED9C3}@lanfdeoehinfadahclheebde 0x62 0x62 0x70 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35219C1F-B9FE-8680-CEE4-8C51B28ED9C3}@haaechhdgfaclkhm 0x63 0x62 0x68 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{35219C1F-B9FE-8680-CEE4-8C51B28ED9C3}@haaechhdjehblmil 0x6F 0x61 0x70 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\全拼@??T\x80鏞\0\0 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\全拼@???eQ\0\0 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\全拼@\20?n胉:y\0 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\全拼@\26Y\1x胉:y 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\全拼@涄zz<h 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\全拼@IQ\ah??\0 1

---- EOF - GMER 1.0.15 ----

by **wealthluck** » September 25th, 2009, 2:34 pm

4) BSOD detail :-
=======================================================

by **wealthluck** » September 25th, 2009, 2:41 pm

Wow, just to look those seemingly endless long reports is tiring enough!! It's such hard tough work to even go through them, well, just wanna thank you again, most heartily for your kindness and great effort!!

ThankSSSS........Jack&Jill!

by **Jack&Jill** » September 28th, 2009, 7:58 pm

Hello wealthluck

,

Sorry for taking quite some time to reply, having connection issues at home.

You have ComboFix on your computer. Are you being helped elsewhere? Or are you trying to work things out yourself?

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

We will leave it for the time being while I determine how to go about your problem.

You mentioned that that the BSOD started two weeks from the date you first posted, that means it was around early September. Any new softwares/programs you installed or particular website that you visited?

Check for additional security risks

Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.

by **wealthluck** » September 29th, 2009, 3:00 am

Hi Jack&Jill,

Thank you kindly again for getting back, it's more than fine, I'm the one who's asking for help and it's only very basic idea to be patient, hehe....

Sorry to say but I found Combofix powerful curing PC problems, seemingly, according to some information I came across on the net that silly me did have a moment hesitating whether or not to give it try. That was definitely before I saught help from this forum. Now that with your such kind advice, I won't touch it. Please be assured that this is the only one post/thread I put up about the whole BSOD problem I'm having.

Around the time this problem ocurred, I visited no particular website, just those daily ones. For newly installed programs, there're the ones below :-

NamiRot
Replay AV8
QuickTime Alternative
Ulead Gif Animator

There's also one more which is now out of my list having been removed which is Megaupload Manager, as I suspected it might've caused something. The uninstallation doesn't help though.

The log needed is as follows and again, thanks so much indeed....
=========================

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\use\favorites\freebie\best crack.cd.url
c:\documents and settings\use\favorites\freebie\perfect-crackzplanet.url
c:\documents and settings\use\favorites\freebie\~fullwares\~~~~ mucaca cracks _._._...url
c:\documents and settings\use\favorites\freebie\~fullwares\~~~~keygen.in_ avast keygen, serial numbers.url
c:\documents and settings\use\favorites\freebie\~fullwares\~~~~keygens.nl.url
c:\documents and settings\use\favorites\ppc\uwants forum - pda 郝論區 - pocket pc - vito 全系圭軟件【完全版】+ keygen.url
c:\documents and settings\use\favorites\ppc\games~tools\~helpedsomeone-efficasoft smartblock v2.1 build 0626 xscale wm2003 wm5 wm6 incl keygen-sympda in pxdxa we trust _ www.pxdxa.com.url
c:\documents and settings\use\favorites\tool\sourcer\~~~oldversionsoftware(nocrack).url
c:\documents and settings\use\favorites\tool\sourcer\~~~~oldversionsoftwaretucows(nocrack).url
c:\program files\cyberlink\powercinema\powercinema5crack.exe
scanner sequence 3.ZZ.11
----- EOF -----

by **Jack&Jill** » September 30th, 2009, 12:29 pm

Hello wealthluck

,

Cracks / Keygens / Warez / Illegal softwares detected!!!

Your log indicates the presence and usage of one or more of the above. Very likely your computer got infected due to the illegal softwares or the illegitimate websites you visited to get them.

Please read Illegal copies of software and Forum Rules.

Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.

Please remove/uninstall the following before we continue:
PowerCinema
avast! Antivirus
the bookmarks to the illegitimate websites

For Antivirus, you can try the free version of Avast or Avira after you removed the illegitimate one. Please keep only one AV installed.

Please post a new CKScanner log.

by **wealthluck** » September 30th, 2009, 3:53 pm

Sorry for causing to have stuck at this point, I've got them all removed/uninstalled and the new log is as follows.

Thank you most kindly Jack&Jill....

(PS: I'd like to also thank you so much for the information on the antivirus freewares which I'm now awful in need of, thanks indeed!)

=========================================
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Free Malware Removal Forum

Can't boot into normal mode - keeps giving me blue screen!!

Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Re: Can't boot into normal mode - keeps giving me blue screen!!

Who is online