HJThis 0 Report post Posted February 25, 2007 Hi,okrhommn Huh let's get this here out of the way then run these tools for me You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following: Go to Start | Control Panel | Add/Remove Programs Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) It should have this icon next to it: Select it and click Remove. Then download and install the newest version from here (scroll down to find it): Java Runtime Environment (JRE) 6 Do a reboot ------------------ Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) ( Don't run just Yet ) ------------------ Restart your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe Mode. Login on your usual account. If you need further assistance with Safe Mode, see Symantec ------------------ Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log ------------------- Then after reboot and before you come back here run this tool and show me all logfiles. Please download ComboScan by Deckard and save it to your desktop: *Close all applications and windows (including this one). *Double-click on comboscan.exe to run it, and follow the prompts. *When the scan is complete, a text file will open – ComboScan.txt. *Copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the contents of ComboScan.txt in your next reply. *A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt. *Please attach Supplementary.txt to your post. Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Gogo Share this post Link to post Share on other sites
HJThis 0 Report post Posted February 25, 2007 Hold on are you running an Anti-Virus scanner Gogo Share this post Link to post Share on other sites
okrhommn 0 Report post Posted March 9, 2007 Sorry for late reply. i have sent ISHOST.EXE and ismini.exe to http://www.virustotal.com/en/indeex.html for a full scan. But i can't find the other three files from my computer. this is the scan report of ISHOST.EXE Antivirus Version Update Result AntiVir 7.3.1.41 03.09.2007 TR/Dldr.Zlob.AEV.2 Authentium 4.93.8 03.08.2007 W32/Downloader.AWVM Avast 4.7.936.0 03.09.2007 no virus found AVG 7.5.0.447 03.08.2007 Downloader.Zlob.GDD BitDefender 7.2 03.09.2007 Trojan.Zlob.2.Gen CAT-QuickHeal 9.00 03.08.2007 TrojanDownloader.Zlob.bfb ClamAV devel-20060426 03.09.2007 no virus found DrWeb 4.33 03.09.2007 Trojan.Popuper eSafe 7.0.14.0 03.08.2007 Win32.Zlob.bfb eTrust-Vet 30.6.3467 03.09.2007 Win32/Puper!generic Ewido 4.0 03.09.2007 Downloader.Zlob.bfb FileAdvisor 1 03.09.2007 no virus found Fortinet 2.85.0.0 03.09.2007 W32/Zlob.BFB!tr.dldr F-Prot 4.3.1.45 03.08.2007 W32/Downloader.AWVM F-Secure 6.70.13030.0 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb Ikarus T3.1.1.3 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb Kaspersky 4.0.2.24 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb McAfee 4980 03.08.2007 no virus found Microsoft 1.2204 03.09.2007 TrojanDownloader:Win32/Zlob.gen NOD32v2 2105 03.09.2007 a variant of Win32/TrojanDownloader.Zlob.ANJ Norman 5.80.02 03.09.2007 W32/Zlob.YRB Panda 9.0.0.4 03.09.2007 Adware/SecurityError Prevx1 V2 03.09.2007 SpywareQuake Sophos 4.15.0 03.09.2007 no virus found Sunbelt 2.2.907.0 03.07.2007 Trojan-Downloader.Zlob.Media-Codec Symantec 10 03.09.2007 Trojan.Zlob TheHacker 6.1.6.073 03.09.2007 Trojan/Downloader.Zlob.bfb UNA 1.83 03.07.2007 TrojanDownloader.Win32.Zlob.8B78 VBA32 3.11.2 03.08.2007 Trojan.Popuper VirusBuster 4.3.19:9 03.09.2007 no virus found And it is the scan report of ismini.exe Antivirus Version Update Result AntiVir 7.3.1.41 03.09.2007 TR/Dldr.Zlob.AAZ.1 Authentium 4.93.8 03.08.2007 W32/Downloader.AWXP Avast 4.7.936.0 03.09.2007 Win32:Zlob-MW AVG 7.5.0.447 03.08.2007 Downloader.Zlob.GDY BitDefender 7.2 03.09.2007 Trojan.Downloader.Zlob.AEN CAT-QuickHeal 9.00 03.08.2007 TrojanDownloader.Zlob.bfb ClamAV devel-20060426 03.09.2007 no virus found DrWeb 4.33 03.09.2007 Trojan.Popuper eSafe 7.0.14.0 03.08.2007 Win32.Zlob.bfb eTrust-Vet 30.6.3467 03.09.2007 Win32/Puper!generic Ewido 4.0 03.09.2007 Downloader.Zlob.bfb FileAdvisor 1 03.09.2007 no virus found Fortinet 2.85.0.0 03.09.2007 W32/Zlob.BFB!tr.dldr F-Prot 4.3.1.45 03.08.2007 W32/Downloader.AWXP F-Secure 6.70.13030.0 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb Ikarus T3.1.1.3 03.09.2007 Trojan-Downloader.Win32.Zlob.adt Kaspersky 4.0.2.24 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb McAfee 4980 03.08.2007 no virus found Microsoft 1.2204 03.09.2007 TrojanDownloader:Win32/Zlob.gen NOD32v2 2105 03.09.2007 Win32/TrojanDownloader.Zlob.ANJ Norman 5.80.02 03.09.2007 W32/Zlob.ACZR Panda 9.0.0.4 03.09.2007 Adware/SecurityError Prevx1 V2 03.09.2007 SpywareQuake Sophos 4.15.0 03.09.2007 no virus found Sunbelt 2.2.907.0 03.07.2007 Trojan-Downloader.Zlob.Media-Codec Symantec 10 03.09.2007 Trojan.Zlob TheHacker 6.1.6.073 03.09.2007 Trojan/Downloader.Zlob.bfb UNA 1.83 03.07.2007 TrojanDownloader.Win32.Zlob.D377 VBA32 3.11.2 03.08.2007 MalwareScope.Downloader.Zlob.1 VirusBuster 4.3.19:9 03.08.2007 no virus found Share this post Link to post Share on other sites
okrhommn 0 Report post Posted March 9, 2007 i have then run the HijackThis which scan and fix many of the items. Here is the latest HijackThis Logfile: Logfile of HijackThis v1.99.1 Scan saved at 23:42:08, on 2007-3-9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ismini.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\EPDOA-1-2\OAHotkey.EXE C:\Documents and Settings\Sin\桌é¢\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: î‚•?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: î‚•?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe Following is the rapport.txt created by SmitfraudFix: SmitFraudFix v2.132 Scan done at 23:48:44.07, 2007-03-09 星期五 Run from C:\Documents and Settings\Sin\桌é¢\SmitfraudFix OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode é™é™é™é™é™é™é™é™é™é™é™é™ C:\ é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\system é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\Web é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe FOUND ! C:\WINDOWS\system32\ismini.exe FOUND ! C:\WINDOWS\system32\olnohdw.dll FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\components\flx?.dll FOUND ! C:\WINDOWS\system32\components\flx??.dll FOUND ! C:\WINDOWS\system32\components\flx???.dll FOUND ! é™é™é™é™é™é™é™é™é™é™é™é™ C:\Documents and Settings\Sin é™é™é™é™é™é™é™é™é™é™é™é™ C:\Documents and Settings\Sin\Application Data é™é™é™é™é™é™é™é™é™é™é™é™ Start Menu é™é™é™é™é™é™é™é™é™é™é™é™ C:\DOCUME~1\SIN\FAVORI~1 é™é™é™é™é™é™é™é™é™é™é™é™ Desktop é™é™é™é™é™é™é™é™é™é™é™é™ C:\Program Files C:\Program Files\VirusBurster\ FOUND ! é™é™é™é™é™é™é™é™é™é™é™é™ Corrupted keys é™é™é™é™é™é™é™é™é™é™é™é™ Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" é™é™é™é™é™é™é™é™é™é™é™é™ Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral" [HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32] @="C:\WINDOWS\system32\olnohdw.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32] @="C:\WINDOWS\system32\olnohdw.dll" é™é™é™é™é™é™é™é™é™é™é™é™ AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" é™é™é™é™é™é™é™é™é™é™é™é™ Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" é™é™é™é™é™é™é™é™é™é™é™é™ pe386-msguard-lzx32 é™é™é™é™é™é™é™é™é™é™é™é™ Scanning wininet.dll infection é™é™é™é™é™é™é™é™é™é™é™é™ End Share this post Link to post Share on other sites
okrhommn 0 Report post Posted March 9, 2007 Comboscan.txt ComboScan v20070306.20 run by Sin on 2007-03-10 at 00:49:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. Performed disk cleanup. -- HijackThis (run as Sin.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 0:50:44, on 2007-3-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\EPDOA-1-2\OAHotkey.EXE C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌é¢\comboscan.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HIJACK~1\Sin.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java ä¸»æŽ§å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: î‚•?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: î‚•?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - AutoCADScriptFile - "C:\WINDOWS\notepad.exe" "%1" .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys 3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys 3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys 3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\VBTEnum.sys 0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys 3S BTNetFilter (Bluetooth Network Filter) - C:\WINDOWS\system32\drivers\BTNetFilter.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 2R CdaC15BA - C:\WINDOWS\system32\drivers\CDAC15BA.SYS 3R cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys 1R FsVga - C:\WINDOWS\system32\drivers\fsvga.sys 3S hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys 3R LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidFlt2.Sys 3R LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsb.sys 3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys 3R mouhid (æ»‘é¼ HID 驅動程å¼) - C:\WINDOWS\system32\drivers\mouhid.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys 3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys 3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys 2R npkcrypt - C:\Program Files\Tencent\QQ\npkcrypt.sys 1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys 0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys 0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys 3S Ptserli (PCTEL Serial Device Driver for INTEL) - C:\WINDOWS\system32\drivers\ptserli.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys 3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys 3R rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys 0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 2R V7 - C:\WINDOWS\system32\drivers\V7.SYS 3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys 3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys 0R Vmodem (XP Vmodem) - C:\WINDOWS\system32\drivers\vmodem.sys 0R Vpctcom (XP Vpctcom) - C:\WINDOWS\system32\drivers\vpctcom.sys 0R Vvoice (XP Vvoice) - C:\WINDOWS\system32\drivers\vvoice.sys 3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys 1R WS2IFSL (Windows 通訊端 2.0 éž IFS æœå‹™æä¾›è€…支æ´ç’°å¢ƒ) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys 3S ZSMC301b (KINSTONE USB PC Camera) - C:\WINDOWS\system32\drivers\usbVM31b.sys 3R {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys 3R {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe 2R C-DillaCdaC11BA - C:\WINDOWS\System32\drivers\CDAC11BA.EXE 2S CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon 2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe -- Files created between 2007-02-10 and 2007-03-10 ----------------------------- 2007-03-10 00:24:04 0 d-------- C:\SDFix 2007-03-10 00:21:19 0 d-------- C:\Program Files\Common Files\Java 2007-02-22 23:25:21 0 d-------- C:\TDdownload<TDDOWN~1> 2007-02-22 23:24:36 228 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT> 2007-02-22 23:24:27 0 d-------- C:\Program Files\Thunder Network<THUNDE~1> 2007-02-22 22:03:07 0 d-------- C:\NDS 2007-02-17 00:51:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Tencent 2007-02-17 00:48:11 0 d-------- C:\Documents and Settings\Sin\Application Data\QQ 2007-02-17 00:45:42 0 d-------- C:\WINDOWS\system32\qqedit -- Find3M Report --------------------------------------------------------------- 2007-03-10 00:33:10 7680 --a------ C:\WINDOWS\system32\ismini.exe 2007-03-09 23:48:46 3246 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-29 16:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2006-12-30 18:18:14 90112 --a------ C:\WINDOWS\vqqsdl10.exe 2006-12-30 18:17:16 619067 --a------ C:\WINDOWS\vqqsdl10.dll 2006-12-20 05:49:44 133632 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-20 02:17:12 331776 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-15 19:59:56 218540 --a------ C:\WINDOWS\system32\prfh0404.dat 2006-12-15 19:59:56 65764 --a------ C:\WINDOWS\system32\prfc0404.dat 2006-12-15 16:18:34 48156 --a------ C:\WINDOWS\system32\ISHOST.EXE 2006-12-13 23:01:34 19456 --a------ C:\WINDOWS\system32\olnohdw.dll 2006-12-13 22:58:20 1024 --a------ C:\tlkx.exe 2006-12-13 22:58:20 1024 --a------ C:\qnmbvrw.exe 2006-12-13 22:58:20 1024 --a------ C:\docc.exe 2006-12-13 22:58:14 1024 --a------ C:\dlvkpgg.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE KINSTONE USB PC Camera" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\pccguide.exe\"" "PCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\PCClient.exe\"" "TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\TMOAgent.exe\" /run" "Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\"" "UIupdater"="C:\\PROGRA~1\\UIupdater.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始ã€åŠŸèƒ½è¡¨^程å¼é›†^啟動^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\「開始ã€åŠŸèƒ½è¡¨\\程å¼é›†\\啟動\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccRegVfy" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmod" "hkey"="HKCU" "command"="C:\\PROGRA~1\\ezula\\mmod.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQNet" "hkey"="HKLM" "command"="C:\\PROGRA~1\\ICQ\\ICQNet.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{3EA18648-FAF6-490D-9C92-8FD729028A58}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ -- End of ComboScan: finished at 2007-03-10 at 00:51:09 ------------------------ Supplementary.txt ComboScan v20070306.20 run by Sin on 2007-03-10 at 00:49:38 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Chinese CPU 0: Intel® Pentium® 4 CPU 2.40GHz Percentage of Memory in Use: 43% Physical Memory (total/avail): 503.48 MiB / 282.43 MiB Pagefile Memory (total/avail): 1228.03 MiB / 1059.22 MiB Virtual Memory (total/avail): 2047.88 MiB / 1984.36 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 76.3 GiB total, 49.53 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Sin\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SIN-CD9T4F0RBW3 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Sin LOGONSERVER=\\SIN-CD9T4F0RBW3 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0205 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Sin\LOCALS~1\Temp TMP=C:\DOCUME~1\Sin\LOCALS~1\Temp USERDOMAIN=SIN-CD9T4F0RBW3 USERNAME=Sin USERPROFILE=C:\Documents and Settings\Sin windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Sin (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Professional --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001} Adobe Reader for Pocket PC 2.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896} AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA} Autodesk Express Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove BitComet 0.68 --> C:\Program Files\BitComet\uninst.exe C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe Canon i255 --> C:\WINDOWS\System32\CNMCP52.exe "-PRINTERNAMECanon i255" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\cnmi0404.dll" Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL" Codec Pack - All In 1 6.0.1.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" DVMatics DVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Firepower Trial v0.95a for ppc2003_arm_xscale --> c:\Firepower_Trial\unins000.exe GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\System32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\System32\ShellExt\GMailFS.inf HijackThis 1.99.1 --> C:\DOCUME~1\Sin\LOCALS~1\Temp\Rar$EX00.921\HijackThis.exe /uninstall ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 IVT BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x404 Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kinstone digital focus --> C:\PROGRA~1\KINSTO~1\UNWISE.EXE C:\PROGRA~1\KINSTO~1\INSTALL.LOG KINSTONE USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9 Logitech MouseWare 9.76 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x404 -l0404 UNINSTALL Macromedia Flash Player 8 --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0404.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll" Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280404-6000-11D3-8CFE-0050048383C9} Microsoft Windows XP CD å¯«å…¥ç²¾éˆ HighMAT æ“´å…… --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} Microsoft Windows ç†è¨˜æœ¬æª¢è¦–器 --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} MSN Messenger 7.5 --> MsiExec.exe /I{68DF6432-03EF-11DA-BFBD-00065BBDC0B5} MUSICMATCH Jukebox --> C:\WINDOWS\IsUn0404.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll My Search Bar --> mshta res://C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll/101 Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan Power Mp3 Cutter(Mp3 Sound Cutter) 1.40 --> "C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)\unins000.exe" PowerDVD --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CyberLink\PowerDVD\DeIsL1.isu" QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x404 REMOVE SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Safety Alert 2006 --> C:\WINDOWS\system32\components\flx6.dll /del2 Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Skype 1.1 --> "C:\Program Files\Skype\Phone\unins000.exe" Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows XP 安全性更新 (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Windows XP 安全性更新 (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- End of ComboScan: finished at 2007-03-10 at 00:51:09 ------------------------ Share this post Link to post Share on other sites
okrhommn 0 Report post Posted April 1, 2007 Dears, I'm sorry, I cannot see any reply from yours, is it any problem of the internet? Can you send the reply again? Sorry for bothering you again, thank you very much!! Share this post Link to post Share on other sites