Virus Burst

[HJThis 0]

Hi,okrhommn

 

Huh let's get this here out of the way then run these tools for me

 

 

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following:

Go to Start | Control Panel | Add/Remove Programs

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have this icon next to it:

Select it and click Remove.

Then download and install the newest version from here (scroll down to find it):

Java Runtime Environment (JRE) 6

 

Do a reboot

 

------------------

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

( Don't run just Yet )

 

------------------

 

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
   
2. Wait 30 seconds, and then turn the computer on.
   
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
   
4. Ensure that the Safe Mode option is selected.
   
5. Press Enter. The computer then begins to start in Safe Mode.
   
6. Login on your usual account.
   

If you need further assistance with Safe Mode, see Symantec

 

------------------

 

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

-------------------

 

Then after reboot and before you come back here run this tool and show me all logfiles.

 

Please download ComboScan by Deckard and save it to your desktop:

 

*Close all applications and windows (including this one).

*Double-click on comboscan.exe to run it, and follow the prompts.

*When the scan is complete, a text file will open – ComboScan.txt.

*Copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the contents of ComboScan.txt in your next reply.

*A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.

*Please attach Supplementary.txt to your post.

 

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

 

 

Gogo

[HJThis 0]

Hold on are you running an Anti-Virus scanner

 

Gogo

[okrhommn 0]

Sorry for late reply.

 

i have sent ISHOST.EXE and ismini.exe to http://www.virustotal.com/en/indeex.html for a full scan.

But i can't find the other three files from my computer.

 

this is the scan report of ISHOST.EXE

 

Antivirus Version Update Result

AntiVir 7.3.1.41 03.09.2007 TR/Dldr.Zlob.AEV.2

Authentium 4.93.8 03.08.2007 W32/Downloader.AWVM

Avast 4.7.936.0 03.09.2007 no virus found

AVG 7.5.0.447 03.08.2007 Downloader.Zlob.GDD

BitDefender 7.2 03.09.2007 Trojan.Zlob.2.Gen

CAT-QuickHeal 9.00 03.08.2007 TrojanDownloader.Zlob.bfb

ClamAV devel-20060426 03.09.2007 no virus found

DrWeb 4.33 03.09.2007 Trojan.Popuper

eSafe 7.0.14.0 03.08.2007 Win32.Zlob.bfb

eTrust-Vet 30.6.3467 03.09.2007 Win32/Puper!generic

Ewido 4.0 03.09.2007 Downloader.Zlob.bfb

FileAdvisor 1 03.09.2007 no virus found

Fortinet 2.85.0.0 03.09.2007 W32/Zlob.BFB!tr.dldr

F-Prot 4.3.1.45 03.08.2007 W32/Downloader.AWVM

F-Secure 6.70.13030.0 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb

Ikarus T3.1.1.3 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb

Kaspersky 4.0.2.24 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb

McAfee 4980 03.08.2007 no virus found

Microsoft 1.2204 03.09.2007 TrojanDownloader:Win32/Zlob.gen

NOD32v2 2105 03.09.2007 a variant of Win32/TrojanDownloader.Zlob.ANJ

Norman 5.80.02 03.09.2007 W32/Zlob.YRB

Panda 9.0.0.4 03.09.2007 Adware/SecurityError

Prevx1 V2 03.09.2007 SpywareQuake

Sophos 4.15.0 03.09.2007 no virus found

Sunbelt 2.2.907.0 03.07.2007 Trojan-Downloader.Zlob.Media-Codec

Symantec 10 03.09.2007 Trojan.Zlob

TheHacker 6.1.6.073 03.09.2007 Trojan/Downloader.Zlob.bfb

UNA 1.83 03.07.2007 TrojanDownloader.Win32.Zlob.8B78

VBA32 3.11.2 03.08.2007 Trojan.Popuper

VirusBuster 4.3.19:9 03.09.2007 no virus found

 

 

And it is the scan report of ismini.exe

 

Antivirus Version Update Result

AntiVir 7.3.1.41 03.09.2007 TR/Dldr.Zlob.AAZ.1

Authentium 4.93.8 03.08.2007 W32/Downloader.AWXP

Avast 4.7.936.0 03.09.2007 Win32:Zlob-MW

AVG 7.5.0.447 03.08.2007 Downloader.Zlob.GDY

BitDefender 7.2 03.09.2007 Trojan.Downloader.Zlob.AEN

CAT-QuickHeal 9.00 03.08.2007 TrojanDownloader.Zlob.bfb

ClamAV devel-20060426 03.09.2007 no virus found

DrWeb 4.33 03.09.2007 Trojan.Popuper

eSafe 7.0.14.0 03.08.2007 Win32.Zlob.bfb

eTrust-Vet 30.6.3467 03.09.2007 Win32/Puper!generic

Ewido 4.0 03.09.2007 Downloader.Zlob.bfb

FileAdvisor 1 03.09.2007 no virus found

Fortinet 2.85.0.0 03.09.2007 W32/Zlob.BFB!tr.dldr

F-Prot 4.3.1.45 03.08.2007 W32/Downloader.AWXP

F-Secure 6.70.13030.0 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb

Ikarus T3.1.1.3 03.09.2007 Trojan-Downloader.Win32.Zlob.adt

Kaspersky 4.0.2.24 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb

McAfee 4980 03.08.2007 no virus found

Microsoft 1.2204 03.09.2007 TrojanDownloader:Win32/Zlob.gen

NOD32v2 2105 03.09.2007 Win32/TrojanDownloader.Zlob.ANJ

Norman 5.80.02 03.09.2007 W32/Zlob.ACZR

Panda 9.0.0.4 03.09.2007 Adware/SecurityError

Prevx1 V2 03.09.2007 SpywareQuake

Sophos 4.15.0 03.09.2007 no virus found

Sunbelt 2.2.907.0 03.07.2007 Trojan-Downloader.Zlob.Media-Codec

Symantec 10 03.09.2007 Trojan.Zlob

TheHacker 6.1.6.073 03.09.2007 Trojan/Downloader.Zlob.bfb

UNA 1.83 03.07.2007 TrojanDownloader.Win32.Zlob.D377

VBA32 3.11.2 03.08.2007 MalwareScope.Downloader.Zlob.1

VirusBuster 4.3.19:9 03.08.2007 no virus found

[okrhommn 0]

i have then run the HijackThis which scan and fix many of the items.

Here is the latest HijackThis Logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:42:08, on 2007-3-9

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ismini.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\Documents and Settings\Sin\æ¡Œé¢\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

 

 

Following is the rapport.txt created by SmitfraudFix:

 

SmitFraudFix v2.132

 

Scan done at 23:48:44.07, 2007-03-09 星期五

Run from C:\Documents and Settings\Sin\æ¡Œé¢\SmitfraudFix

OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in normal mode

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\system

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\Web

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\olnohdw.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\Documents and Settings\Sin

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\Documents and Settings\Sin\Application Data

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ Start Menu

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\DOCUME~1\SIN\FAVORI~1

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ Desktop

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ C:\Program Files

 

C:\Program Files\VirusBurster\ FOUND !

 

é™é™é™é™é™é™é™é™é™é™é™é™ Corrupted keys

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"

 

[HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]

@="C:\WINDOWS\system32\olnohdw.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]

@="C:\WINDOWS\system32\olnohdw.dll"

 

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ pe386-msguard-lzx32

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ Scanning wininet.dll infection

 

 

é™é™é™é™é™é™é™é™é™é™é™é™ End

[okrhommn 0]

Comboscan.txt

 

ComboScan v20070306.20 run by Sin on 2007-03-10 at 00:49:38

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created ComboScan Restore Point.

 

 

Performed disk cleanup.

 

 

-- HijackThis (run as Sin.exe) -------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 0:50:44, on 2007-3-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\æ¡Œé¢\comboscan.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\HIJACK~1\Sin.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java ä¸»æŽ§å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

 

-- File Associations -----------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - AutoCADScriptFile - "C:\WINDOWS\notepad.exe" "%1"

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys

3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys

3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys

3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\VBTEnum.sys

0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys

3S BTNetFilter (Bluetooth Network Filter) - C:\WINDOWS\system32\drivers\BTNetFilter.sys

3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys

2R CdaC15BA - C:\WINDOWS\system32\drivers\CDAC15BA.SYS

3R cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys

1R FsVga - C:\WINDOWS\system32\drivers\fsvga.sys

3S hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys

3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys

1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys

3R LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidFlt2.Sys

3R LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsb.sys

3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys

3R mouhid (滑鼠 HID 驅動程å¼) - C:\WINDOWS\system32\drivers\mouhid.sys

3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys

3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys

3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys

3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys

3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys

2R npkcrypt - C:\Program Files\Tencent\QQ\npkcrypt.sys

1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys

0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys

0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys

3S Ptserli (PCTEL Serial Device Driver for INTEL) - C:\WINDOWS\system32\drivers\ptserli.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys

3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys

3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys

3R rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys

0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys

3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys

3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys

3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys

3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys

2R V7 - C:\WINDOWS\system32\drivers\V7.SYS

3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys

3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys

0R Vmodem (XP Vmodem) - C:\WINDOWS\system32\drivers\vmodem.sys

0R Vpctcom (XP Vpctcom) - C:\WINDOWS\system32\drivers\vpctcom.sys

0R Vvoice (XP Vvoice) - C:\WINDOWS\system32\drivers\vvoice.sys

3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys

1R WS2IFSL (Windows 通訊端 2.0 éž IFS æœå‹™æ供者支æ´ç’°å¢ƒ) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys

3S ZSMC301b (KINSTONE USB PC Camera) - C:\WINDOWS\system32\drivers\usbVM31b.sys

3R {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys

3R {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

2R C-DillaCdaC11BA - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

2S CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe

2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe

 

 

-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

 

2007-03-10 00:24:04 0 d-------- C:\SDFix

2007-03-10 00:21:19 0 d-------- C:\Program Files\Common Files\Java

2007-02-22 23:25:21 0 d-------- C:\TDdownload<TDDOWN~1>

2007-02-22 23:24:36 228 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT>

2007-02-22 23:24:27 0 d-------- C:\Program Files\Thunder Network<THUNDE~1>

2007-02-22 22:03:07 0 d-------- C:\NDS

2007-02-17 00:51:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Tencent

2007-02-17 00:48:11 0 d-------- C:\Documents and Settings\Sin\Application Data\QQ

2007-02-17 00:45:42 0 d-------- C:\WINDOWS\system32\qqedit

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-03-10 00:33:10 7680 --a------ C:\WINDOWS\system32\ismini.exe

2007-03-09 23:48:46 3246 --a------ C:\WINDOWS\system32\tmp.reg

2007-01-29 16:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

2006-12-30 18:18:14 90112 --a------ C:\WINDOWS\vqqsdl10.exe

2006-12-30 18:17:16 619067 --a------ C:\WINDOWS\vqqsdl10.dll

2006-12-20 05:49:44 133632 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-20 02:17:12 331776 --a------ C:\WINDOWS\system32\wiaservc.dll

2006-12-15 19:59:56 218540 --a------ C:\WINDOWS\system32\prfh0404.dat

2006-12-15 19:59:56 65764 --a------ C:\WINDOWS\system32\prfc0404.dat

2006-12-15 16:18:34 48156 --a------ C:\WINDOWS\system32\ISHOST.EXE

2006-12-13 23:01:34 19456 --a------ C:\WINDOWS\system32\olnohdw.dll

2006-12-13 22:58:20 1024 --a------ C:\tlkx.exe

2006-12-13 22:58:20 1024 --a------ C:\qnmbvrw.exe

2006-12-13 22:58:20 1024 --a------ C:\docc.exe

2006-12-13 22:58:14 1024 --a------ C:\dlvkpgg.exe

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"

"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE KINSTONE USB PC Camera"

"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\pccguide.exe\""

"PCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\PCClient.exe\""

"TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\TMOAgent.exe\" /run"

"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""

"UIupdater"="C:\\PROGRA~1\\UIupdater.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始ã€åŠŸèƒ½è¡¨^程å¼é›†^å•Ÿå‹•^Microsoft Office.lnk]

"path"="C:\\Documents and Settings\\All Users\\「開始ã€åŠŸèƒ½è¡¨\\程å¼é›†\\å•Ÿå‹•\\Microsoft Office.lnk"

"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"

"item"="Microsoft Office"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccApp"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ccRegVfy"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="mmod"

"hkey"="HKCU"

"command"="C:\\PROGRA~1\\ezula\\mmod.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="InCD"

"hkey"="HKLM"

"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Logi_MwX"

"hkey"="HKLM"

"command"="Logi_MwX.Exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="ICQNet"

"hkey"="HKLM"

"command"="C:\\PROGRA~1\\ICQ\\ICQNet.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msmsgs"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NEWDOT~2"

"hkey"="HKLM"

"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{3EA18648-FAF6-490D-9C92-8FD729028A58}"=""

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

HTTPFilter REG_MULTI_SZ HTTPFilter\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

 

 

 

-- End of ComboScan: finished at 2007-03-10 at 00:51:09 ------------------------

 

 

Supplementary.txt

ComboScan v20070306.20 run by Sin on 2007-03-10 at 00:49:38

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: Chinese

 

CPU 0: Intel® Pentium® 4 CPU 2.40GHz

Percentage of Memory in Use: 43%

Physical Memory (total/avail): 503.48 MiB / 282.43 MiB

Pagefile Memory (total/avail): 1228.03 MiB / 1059.22 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1984.36 MiB

 

A: is Removable (No Media)

C: is Fixed (FAT32) - 76.3 GiB total, 49.53 GiB free.

D: is CDROM (No Media)

E: is CDROM (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Sin\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=SIN-CD9T4F0RBW3

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Sin

LOGONSERVER=\\SIN-CD9T4F0RBW3

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0205

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Sin\LOCALS~1\Temp

TMP=C:\DOCUME~1\Sin\LOCALS~1\Temp

USERDOMAIN=SIN-CD9T4F0RBW3

USERNAME=Sin

USERPROFILE=C:\Documents and Settings\Sin

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Sin (admin)

Administrator (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Professional --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe

Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}

Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}

Adobe Reader for Pocket PC 2.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896}

AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}

Autodesk Express Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove

BitComet 0.68 --> C:\Program Files\BitComet\uninst.exe

C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe

Canon i255 --> C:\WINDOWS\System32\CNMCP52.exe "-PRINTERNAMECanon i255" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\cnmi0404.dll"

Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"

Codec Pack - All In 1 6.0.1.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"

DVMatics DVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu"

Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

Firepower Trial v0.95a for ppc2003_arm_xscale --> c:\Firepower_Trial\unins000.exe

GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\System32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\System32\ShellExt\GMailFS.inf

HijackThis 1.99.1 --> C:\DOCUME~1\Sin\LOCALS~1\Temp\Rar$EX00.921\HijackThis.exe /uninstall

ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE

Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

IVT BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x404

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Kinstone digital focus --> C:\PROGRA~1\KINSTO~1\UNWISE.EXE C:\PROGRA~1\KINSTO~1\INSTALL.LOG

KINSTONE USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9

Logitech MouseWare 9.76 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x404 -l0404 UNINSTALL

Macromedia Flash Player 8 --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe

Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG

Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0404.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"

Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280404-6000-11D3-8CFE-0050048383C9}

Microsoft Windows XP CD å¯«å…¥ç²¾éˆ HighMAT æ“´å…… --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

Microsoft Windows 筆記本檢視器 --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}

MSN Messenger 7.5 --> MsiExec.exe /I{68DF6432-03EF-11DA-BFBD-00065BBDC0B5}

MUSICMATCH Jukebox --> C:\WINDOWS\IsUn0404.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll

My Search Bar --> mshta res://C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll/101

Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}

Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan

Power Mp3 Cutter(Mp3 Sound Cutter) 1.40 --> "C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)\unins000.exe"

PowerDVD --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CyberLink\PowerDVD\DeIsL1.isu"

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x404 REMOVE

SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall

Safety Alert 2006 --> C:\WINDOWS\system32\components\flx6.dll /del2

Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log

Skype 1.1 --> "C:\Program Files\Skype\Phone\unins000.exe"

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

Windows XP 安全性更新 (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Windows XP 安全性更新 (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Windows XP æ›´æ–° (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

 

 

-- End of ComboScan: finished at 2007-03-10 at 00:51:09 ------------------------

[okrhommn 0]

Dears,

 

I'm sorry, I cannot see any reply from yours, is it any problem of the internet? Can you send the reply again? Sorry for bothering you again, thank you very much!!