Jump to content


Photo

suspect infect with virus..


  • This topic is locked This topic is locked
55 replies to this topic

#1 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 18 May 2007 - 11:40 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:39:42 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\V-Gear BEE\VBService.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WC3Banlist\WC3Banlist.exe
C:\WINDOWS\system32\conime.exe
D:\Tools\JoyToKey\JoyToKey.exe
D:\Downloads\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BEE Service.lnk = C:\Program Files\V-Gear BEE\VBService.exe
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 10395 bytes

#2 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 21 May 2007 - 05:09 AM

so long...
Is there anybody?

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 21 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 24 May 2007 - 04:56 AM

Hi,

Sorry about the wait, we're very busy.

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#5 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 25 May 2007 - 02:00 AM

This is the log


"Dark" - 2007-05-25 14:35:03 Service Pack 2
ComboFix 07-05.24.4.V - Running from: "C:\Documents and Settings\Dark\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\wbem\jpckt.dll"
"C:\WINDOWS\system32\wbem\scehq.dll"
"C:\WINDOWS\system32\ckkzv.dll"
"C:\WINDOWS\system32\djnoq.dll"
"C:\DOCUME~1\ALLUSE~1\TEMPLA~1.\temp.exe"
"C:\Program Files\Common Files\system\updaterun.exe"
"C:\WINDOWS\system32\advport.dll"
"C:\WINDOWS\system32\score.txt"
"C:\WINDOWS\system32\wbem\ocmor.dll"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1.\microsoft\office\userdata"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ISPONER
-------\LEGACY_NM
-------\LEGACY_NWSAPAGENT
-------\LEGACY_RELATIONS
-------\cdnprot
-------\iSPONER
-------\nm
-------\NwSapAgent
-------\Relations


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


2007-05-24 23:05 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-05-24 16:13 <DIR> d-------- C:\7e08395bb459d2fe1c5d83da9516e3
2007-05-24 15:11 49,152 --a------ C:\WINDOWS\system32\soudmax.dll
2007-05-24 15:11 147,456 --a------ C:\WINDOWS\system32\msvd2.exe
2007-05-24 15:11 13,626 --a------ C:\WINDOWS\system32\C68918F8T.EXE
2007-05-24 15:11 13,626 --a------ C:\WINDOWS\system32\C68918F8.EXE
2007-05-22 17:40 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-05-22 17:08 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\Nokia
2007-05-22 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-05-22 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-05-22 17:07 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-05-22 17:07 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-05-22 17:06 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-05-22 17:06 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-05-22 17:06 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-05-22 17:06 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-05-22 17:06 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-05-22 17:06 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-05-22 17:06 <DIR> d-------- C:\Program Files\Nokia
2007-05-22 17:06 <DIR> d-------- C:\Program Files\DIFX
2007-05-22 17:06 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\PC Suite
2007-05-22 17:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-05-20 13:12 <DIR> d-------- C:\Program Files\TTPlayer
2007-05-20 11:56 <DIR> d-------- C:\Program Files\Power MP3 WMA Converter
2007-05-20 11:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-05-20 11:00 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-20 11:00 5 --a------ C:\WINDOWS\system32\SySCut.dat
2007-05-20 11:00 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-05-20 11:00 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-05-20 11:00 <DIR> d-------- C:\Program Files\SuperAudiotool
2007-05-20 10:59 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-05-20 10:59 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-05-19 19:03 8,993,027 --a------ C:\WINDOWS\system32\完美世界—武侠.Scr
2007-05-19 19:02 128,000 --a------ C:\WINDOWS\system32\Dsslji.dat
2007-05-19 13:31 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-05-19 13:29 36,864 --------- C:\WINDOWS\system32\Mfc42loc.dll
2007-05-19 13:28 92,064 --a------ C:\DOCUME~1\Dark\mqdmmdm.sys
2007-05-19 13:28 9,232 --a------ C:\DOCUME~1\Dark\mqdmmdfl.sys
2007-05-19 13:28 79,328 --a------ C:\DOCUME~1\Dark\mqdmserd.sys
2007-05-19 13:28 66,656 --a------ C:\DOCUME~1\Dark\mqdmbus.sys
2007-05-19 13:28 6,208 --a------ C:\DOCUME~1\Dark\mqdmcmnt.sys
2007-05-19 13:28 5,936 --a------ C:\DOCUME~1\Dark\mqdmwhnt.sys
2007-05-19 13:28 4,048 --a------ C:\DOCUME~1\Dark\mqdmcr.sys
2007-05-19 13:28 25,600 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
2007-05-19 13:28 25,600 --a------ C:\DOCUME~1\Dark\usbsermptxp.sys
2007-05-19 13:28 22,768 --a------ C:\DOCUME~1\Dark\usbsermpt.sys
2007-05-19 12:00 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-19 12:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-05-14 10:00 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-05-14 10:00 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-14 09:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-05-14 09:51 <DIR> d-------- C:\Program Files\Real
2007-05-14 09:51 <DIR> d-------- C:\Program Files\Common Files\Real
2007-05-14 09:50 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\Real
2007-05-14 09:13 <DIR> d-------- C:\WINDOWS\pss
2007-05-13 23:25 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-13 23:23 <DIR> d-------- C:\Program Files\MSBuild
2007-05-13 23:23 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-13 23:18 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-13 23:17 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-05-13 23:17 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-05-13 23:17 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-13 23:17 35,913 --a------ C:\WINDOWS\system32\drivers\smcirda.sys
2007-05-13 23:17 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-05-13 23:17 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-05-13 23:17 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-05-13 23:16 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-05-13 23:16 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-13 23:16 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-05-13 23:16 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-05-13 23:16 4,864 --a------ C:\WINDOWS\system32\drivers\fuj02e3.sys
2007-05-13 23:16 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-05-13 23:16 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-05-13 23:14 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-13 23:12 883,834 --a------ C:\WINDOWS\system32\ialmdd5.dll
2007-05-13 23:12 86,016 --a------ C:\WINDOWS\system32\igfxext.exe
2007-05-13 23:12 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-05-13 23:12 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-05-13 23:12 73,728 --a------ C:\WINDOWS\system32\hccutils.dll
2007-05-13 23:12 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4333.dll
2007-05-13 23:12 57,344 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-05-13 23:12 53,248 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-05-13 23:12 524,288 --a------ C:\WINDOWS\system32\igldev32.dll
2007-05-13 23:12 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2007-05-13 23:12 438,272 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-05-13 23:12 38,014 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2007-05-13 23:12 36,864 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-05-13 23:12 2,310,144 --a------ C:\WINDOWS\system32\iglicd32.dll
2007-05-13 23:12 196,954 --a------ C:\WINDOWS\system32\ialmdev5.dll
2007-05-13 23:12 155,648 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-05-13 23:12 147,456 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-05-13 23:12 131,072 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-05-13 23:12 117,883 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2007-05-13 23:12 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-05-13 23:12 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-05-13 23:12 1,503,232 --a------ C:\WINDOWS\system32\igfxress.dll
2007-05-13 23:12 1,050,140 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-05-13 23:11 88,201 --a------ C:\WINDOWS\AGRSMMSG.exe
2007-05-13 23:11 68,096 --a------ C:\WINDOWS\agrsmdel.exe
2007-05-13 23:11 5,248 --a------ C:\WINDOWS\system32\drivers\fuj02b1.sys
2007-05-13 23:11 1,094,853 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2007-05-13 23:11 <DIR> d-------- C:\Drivers
2007-05-13 23:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-05-13 23:08 <DIR> dr-h----- C:\MSOCache
2007-05-13 23:07 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-13 23:07 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-13 23:07 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-13 23:07 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-13 23:07 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-13 23:07 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-13 23:07 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-13 23:07 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-13 23:07 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-13 23:07 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-13 23:07 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-13 23:07 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-13 23:07 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-13 23:07 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-13 23:07 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-13 23:07 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-13 23:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-13 23:07 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-13 23:07 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-13 23:07 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-13 23:07 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-13 23:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-13 23:07 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-13 23:07 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-13 23:07 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-13 23:07 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-13 23:07 <DIR> dr------- C:\Program Files
2007-05-13 23:07 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-13 23:07 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-13 23:07 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-13 23:07 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-13 23:06 <DIR> d--hs---- C:\System Volume Information
2007-05-13 23:06 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-13 23:06 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-13 23:06 <DIR> d-------- C:\Documents and Settings
2007-05-13 23:05 <DIR> d-------- C:\RECOVERY
2007-05-13 22:52 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-05-13 22:50 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-13 22:50 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-13 22:50 <DIR> dr------- C:\WINDOWS\Web
2007-05-13 22:50 <DIR> d--h----- C:\WINDOWS\inf
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system32
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\system
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\security
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Resources
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\repair
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Provisioning
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\PeerNet
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\pchealth
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\mui
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\msapps
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\msagent
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Media
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\ime
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Help
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Debug
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\Config
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS\addins
2007-05-13 22:50 <DIR> d-------- C:\WINDOWS
2007-05-13 22:26 <DIR> d-------- C:\Program Files\OO Software
2007-05-13 22:25 <DIR> d-------- C:\Program Files\Update
2007-05-13 22:10 <DIR> d---s---- C:\DOCUME~1\Dark\UserData
2007-05-13 22:10 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\QQ
2007-05-13 22:08 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\QQUpdate
2007-05-13 22:07 <DIR> d-------- C:\Program Files\Tencent
2007-05-13 21:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-05-13 21:18 49,057 --a------ C:\WINDOWS\War3Unin.dat
2007-05-13 21:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-13 21:18 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-05-13 21:16 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-05-13 21:14 2,170 --a------ C:\WINDOWS\system32\cid_store.dat
2007-05-13 21:13 <DIR> d-------- C:\Program Files\Thunder Network
2007-05-13 18:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-13 18:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-13 18:15 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2007-05-13 18:08 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-13 17:59 <DIR> d--h----- C:\WINDOWS\PIF
2007-05-13 17:24 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-13 17:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-13 17:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-13 16:46 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-05-13 16:40 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-13 16:40 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-13 16:31 6,656 --a------ C:\WINDOWS\system32\Wservers.exe
2007-05-13 16:31 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-13 16:30 <DIR> d-------- C:\DOCUME~1\Dark\Contacts
2007-05-13 16:23 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-13 16:19 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-05-13 16:19 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-13 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2007-05-13 16:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-13 16:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-13 16:17 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-13 16:14 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-05-13 16:14 <DIR> d-------- C:\WINDOWS\system32\driver
2007-05-13 16:14 <DIR> d-------- C:\Program Files\IVT Corporation
2007-05-13 16:12 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-13 16:12 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-13 16:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-13 16:11 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-13 16:11 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2007-05-13 16:11 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-13 16:11 <DIR> d--hs---- C:\RECYCLER
2007-05-13 16:11 <DIR> d-------- C:\Program Files\WinPcap
2007-05-13 16:11 <DIR> d-------- C:\Program Files\WC3Banlist
2007-05-13 16:10 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-05-13 16:10 <DIR> d-------- C:\Program Files\3B Software
2007-05-13 16:09 90,112 -ra------ C:\WINDOWS\system32\CNMCP7C.exe
2007-05-13 16:09 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-05-13 16:09 8,704 --a------ C:\WINDOWS\system32\CNMVS7C.DLL
2007-05-13 16:09 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-05-13 16:09 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-05-13 16:09 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-05-13 16:09 140,288 --a------ C:\WINDOWS\system32\CNMLM7C.DLL
2007-05-13 16:09 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-05-13 16:09 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-05-13 16:09 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-05-13 16:08 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-13 16:08 <DIR> d-------- C:\Program Files\Canon
2007-05-13 16:03 <DIR> d-------- C:\WINDOWS\Profiles
2007-05-13 16:02 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-05-13 16:02 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\InterTrust
2007-05-13 16:01 <DIR> d-------- C:\Program Files\Prolink Hurricane 9000C
2007-05-13 15:59 796,672 --a------ C:\WINDOWS\GPInstall.exe
2007-05-13 15:59 <DIR> d-------- C:\Program Files\V-Gear BEE
2007-05-13 15:58 94,208 --a------ C:\WINDOWS\amcap.exe
2007-05-13 15:58 8,532,864 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys
2007-05-13 15:58 53,248 --a------ C:\WINDOWS\vsnpstd3.dll
2007-05-13 15:58 53,248 --a------ C:\WINDOWS\system32\csnpstd3.dll
2007-05-13 15:58 339,968 --a------ C:\WINDOWS\vsnpstd3.exe
2007-05-13 15:58 20,480 --a------ C:\WINDOWS\usnpstd3.exe
2007-05-13 15:58 147,456 --a------ C:\WINDOWS\system32\rsnpstd3.dll
2007-05-13 15:58 <DIR> d-------- C:\Program Files\Common Files\snpstd3
2007-05-13 15:57 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-05-13 15:57 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-05-13 15:57 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-05-13 15:57 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-05-13 15:57 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-05-13 15:57 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-05-13 15:56 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-05-13 15:56 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-05-13 15:56 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-05-13 15:56 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-05-13 15:56 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-05-13 15:56 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-05-13 15:56 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-05-13 15:56 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-05-13 15:56 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-05-13 15:56 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-05-13 15:56 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-05-13 15:56 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-05-13 15:56 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-05-13 15:56 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\Intel
2007-05-13 15:55 234,496 --a------ C:\WINDOWS\system32\drivers\iwca.sys
2007-05-13 15:55 21,504 --a------ C:\WINDOWS\system32\drivers\iwca2k.sys
2007-05-13 15:55 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-05-13 15:55 16,384 --a------ C:\WINDOWS\system32\iwca.dll
2007-05-13 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
2007-05-13 15:54 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-05-13 15:52 466,944 --a------ C:\WINDOWS\system32\w29NCPA.dll
2007-05-13 15:52 3,281,408 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2007-05-13 15:50 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-05-13 15:50 <DIR> d-------- C:\Program Files\AuthenTec
2007-05-13 15:44 1,671,168 --a------ C:\WINDOWS\system32\W29MLRES.DLL
2007-05-13 15:42 36,864 --a------ C:\WINDOWS\system32\o2flash.exe
2007-05-13 15:42 34,176 --a------ C:\WINDOWS\system32\drivers\o2media.sys
2007-05-13 15:42 23,168 --a------ C:\WINDOWS\system32\drivers\o2sd.sys
2007-05-13 15:42 13,312 --a------ C:\WINDOWS\system32\RMDevice.dll
2007-05-13 15:42 <DIR> d-------- C:\Program Files\Fingerprint Sensor
2007-05-13 15:41 132,352 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-05-13 15:41 <DIR> d-------- C:\Program Files\Broadcom
2007-05-13 15:40 90,202 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-05-13 15:40 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-05-13 15:40 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-05-13 15:40 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-05-13 15:40 190,080 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-05-13 15:40 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-05-13 15:40 <DIR> d-------- C:\WINDOWS\Options
2007-05-13 15:40 <DIR> d-------- C:\Program Files\Synaptics
2007-05-13 15:40 <DIR> d-------- C:\Program Files\ltmoh
2007-05-13 15:39 9,703,424 --a------ C:\WINDOWS\RTLCPL.EXE
2007-05-13 15:39 86,016 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-05-13 15:39 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-13 15:39 8 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.dat
2007-05-13 15:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-13 15:39 69,632 --a------ C:\WINDOWS\ALCMTR.EXE
2007-05-13 15:39 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-13 15:39 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-13 15:39 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-13 15:39 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-13 15:39 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-13 15:39 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-13 15:39 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-05-13 15:39 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-13 15:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-13 15:39 356,352 --a------ C:\WINDOWS\RtlUpd.exe
2007-05-13 15:39 3,959,296 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-05-13 15:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-13 15:39 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-13 15:39 2,807,296 --a------ C:\WINDOWS\ALCWZRD.EXE
2007-05-13 15:39 2,142,208 --a------ C:\WINDOWS\MicCal.exe
2007-05-13 15:39 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-13 15:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-13 15:39 14,850,560 --a------ C:\WINDOWS\RTHDCPL.EXE
2007-05-13 15:39 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-05-13 15:39 <DIR> d-------- C:\Program Files\Realtek
2007-05-13 15:39 <DIR> d-------- C:\Program Files\Intel
2007-05-13 15:39 <DIR> d-------- C:\Program Files\Fujitsu
2007-05-13 15:38 487,424 --a------ C:\WINDOWS\RtlExUpd.dll
2007-05-13 15:38 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-13 15:38 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-13 15:38 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-13 15:37 2,883,584 --ah----- C:\DOCUME~1\Dark\NTUSER.DAT
2007-05-13 15:35 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-13 15:35 225,280 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-13 15:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-13 15:35 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-13 15:31 831,562 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-05-13 15:29 225,280 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-13 15:29 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-13 15:29 0 -rahs---- C:\MSDOS.SYS
2007-05-13 15:29 0 -rahs---- C:\IO.SYS
2007-05-13 15:29 0 --a------ C:\CONFIG.SYS
2007-05-13 15:29 0 --a------ C:\AUTOEXEC.BAT
2007-05-13 15:29 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-13 15:29 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-13 15:28 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-13 15:28 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-13 15:28 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-13 15:28 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-13 15:27 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-13 15:27 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-13 15:27 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-13 15:27 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-13 15:27 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-13 15:27 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-13 15:27 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-13 15:27 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-13 15:27 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-13 15:27 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-13 15:27 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-13 15:27 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-13 15:26 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-13 15:26 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-13 15:26 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-13 15:26 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-13 15:26 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-13 15:26 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-13 15:26 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-13 15:26 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-13 15:26 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-13 15:26 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-13 15:26 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-13 15:26 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-13 15:26 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-13 15:26 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-13 15:26 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-13 15:26 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-05-13 15:26 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-13 15:26 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-13 15:26 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-13 15:26 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-13 15:26 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-13 15:26 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-13 15:26 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-13 15:26 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-13 15:26 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-13 15:26 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-13 15:26 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-13 15:26 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 15:26 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-13 15:26 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-13 15:26 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-13 15:26 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-13 15:26 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-13 15:26 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-13 15:26 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-13 15:26 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-13 15:26 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-13 15:26 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-13 15:26 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-13 15:26 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-13 15:26 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-13 15:25 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-13 15:25 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-13 15:25 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-13 15:25 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-13 15:25 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-13 15:25 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-13 15:25 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-13 15:25 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-13 15:25 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-13 15:25 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-13 15:25 <DIR> d-------- C:\WINDOWS\Registration
2007-05-13 15:25 <DIR> d-------- C:\Program Files\Online Services
2007-05-13 15:25 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-13 15:25 <DIR> d-------- C:\Program Files\Messenger
2007-05-13 15:24 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-13 15:24 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-13 15:24 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-13 15:24 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-13 15:24 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-13 15:24 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-13 15:24 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-13 15:24 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-13 15:24 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-13 15:24 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-13 15:24 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-13 15:24 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-13 15:24 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-13 15:24 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-13 15:24 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-13 15:24 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-13 15:24 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-13 15:24 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-13 15:24 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-13 15:24 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-13 15:24 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-13 15:24 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-13 15:24 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-13 15:24 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-13 15:24 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-13 15:24 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-13 15:24 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-13 15:24 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-13 15:24 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-13 15:24 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-13 15:24 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-13 15:24 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-13 15:24 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-13 15:24 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-13 15:24 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-13 15:24 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-13 15:24 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-13 15:24 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-13 15:24 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-13 15:24 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-13 15:24 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-13 15:24 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-13 15:24 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-13 15:24 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-13 15:24 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-13 15:24 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-13 15:24 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-13 15:24 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-13 15:24 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-13 15:24 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-13 15:24 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-13 15:24 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-13 15:24 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-13 15:24 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-13 15:24 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-13 15:24 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-13 15:24 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-13 15:24 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-13 15:24 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-13 15:24 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-13 15:24 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-13 15:24 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-13 15:24 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-13 15:24 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-13 15:24 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-13 15:24 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-13 15:24 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-13 15:24 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-13 15:24 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-13 15:24 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-13 15:24 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-13 15:24 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-13 15:24 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-05-13 15:24 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-13 15:24 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-13 15:24 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-13 15:24 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 06:41:53 9,255 ----a-w C:\WINDOWS\system32\C68918F8.DLL
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 03:37:46 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-15 05:45:36 707,344 ----a-w C:\WINDOWS\system32\oodag.exe
2007-02-15 05:34:30 217,360 ----a-w C:\WINDOWS\system32\oodbs.exe
2007-02-15 05:18:34 277,264 ----a-w C:\WINDOWS\system32\oodssrs.dll
2007-02-15 05:16:20 11,536 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2007-02-15 05:16:10 17,168 ----a-w C:\WINDOWS\system32\oodagrs.dll
2007-02-15 05:15:58 17,168 ----a-w C:\WINDOWS\system32\oodagmg.dll
2007-02-15 04:36:32 937,984 ----a-w C:\WINDOWS\system32\ooscrsav.scr
2007-02-15 01:44:32 16,656 ----a-w C:\WINDOWS\system32\ootmapi.dll
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}=C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2007-04-16 19:16]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2007-04-25 12:45]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{D92EB6BE-C6CA-475D-8D3B-45F323A6B62B}=C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll [2007-05-24 16:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-02-25 10:13]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 10:53]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 15:15]
"RTHDCPL"="RTHDCPL.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"AGRSMMSG"="AGRSMMSG.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-18 23:57]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 14:43]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 14:41]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 19:39]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 19:43]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00]
"tsnpstd3"="C:\Program Files\Common Files\snpstd3\tsnpstd3.exe" [2005-12-20 14:39]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 18:17]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-01-19 17:49]
"Thunder"="C:\Program Files\Thunder Network\Thunder\Thunder.exe" [2007-04-30 19:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-14 09:51]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-08 22:14]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 14:41:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-05-25 14:44:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 14:44

--- E O F ---



Now the quarantined-file log



2004-05-18 22:20	  5952	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\advport.dll.vir
2004-08-04 20:00	  223744	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ckkzv.dll.vir
2004-08-04 20:00	  223744	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\djnoq.dll.vir
2004-08-04 20:00	  241664	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\jpckt.dll.vir
2004-08-04 20:00	  241664	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\scehq.dll.vir
2004-08-04 20:00	  53248	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\System\Updaterun.exe.vir
2004-08-08 11:33	  6304	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\ocmor.dll.vir
2007-05-24 15:11	  331776	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\TEMPLA~1\temp.exe.vir
2007-05-24 20:52	  2446	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\Score.txt.vir
2007-05-25 14:37	  1048	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_ISPONER.reg.cf
2007-05-25 14:37	  1060	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf
2007-05-25 14:37	  1062	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_RELATIONS.reg.cf
2007-05-25 14:37	  1188	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
2007-05-25 14:37	  15796	--a------	C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-05-25 14:37	  206	--a------	C:\Qoobox\Quarantine\Registry_backups\services_cdnprot.reg.cf
2007-05-25 14:37	  3218	--a------	C:\Qoobox\Quarantine\Registry_backups\services_iSPONER.reg.cf
2007-05-25 14:37	  3374	--a------	C:\Qoobox\Quarantine\Registry_backups\services_Relations.reg.cf
2007-05-25 14:37	  3598	--a------	C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf


Folder PATH listing for volume Hard Disk
Volume serial number is 0CFE-2B42
C:\QOOBOX
\---Quarantine
	+---C
	|   +---DOCUME~1
	|   |   \---ALLUSE~1
	|   |	   \---TEMPLA~1
	|   |			   temp.exe.vir
	|   |			   
	|   +---Program Files
	|   |   \---Common Files
	|   |	   \---System
	|   |			   Updaterun.exe.vir
	|   |			   
	|   \---WINDOWS
	|	   \---system32
	|		   |   advport.dll.vir
	|		   |   ckkzv.dll.vir
	|		   |   djnoq.dll.vir
	|		   |   Score.txt.vir
	|		   |   
	|		   \---wbem
	|				   jpckt.dll.vir
	|				   ocmor.dll.vir
	|				   scehq.dll.vir
	|				   
	\---Registry_backups
			LEGACY_ISPONER.reg.cf
			LEGACY_NM.reg.cf
			LEGACY_NWSAPAGENT.reg.cf
			LEGACY_RELATIONS.reg.cf
			services_cdnprot.reg.cf
			services_iSPONER.reg.cf
			services_nm.reg.cf
			services_NwSapAgent.reg.cf
			services_Relations.reg.cf
			

Edited by DaRkSkY, 25 May 2007 - 02:02 AM.


#6 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 25 May 2007 - 03:11 AM

Hi again,

Ok, that's looking better, please now do the following:

Download GMER from here:
http://www.majorgeek...GMER_d5198.html

Unzip it to desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, apart from Show All.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#7 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 25 May 2007 - 08:45 PM

yup it improve alot and thanks alot,


this is the log

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-26 09:43:33
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001830 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] ADVAPI32.dll!CryptDecrypt 77DEA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] ADVAPI32.dll!CryptDecrypt + 3 77DEA7B4 4 Bytes [ 21, AF, CC, CC ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 270037A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 270032B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!SetWindowRgn 7E41FFB2 7 Bytes JMP 27004AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!CreateDialogParamW 7E427D4F 5 Bytes JMP 27004B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!SetWindowPlacement 7E42D84C 5 Bytes JMP 27004A10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 27004CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] USER32.dll!TrackPopupMenuEx 7E46CD28 5 Bytes JMP 27003F70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!send 71AB428A 5 Bytes JMP 27008B80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 27008970 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!recv 71AB615A 5 Bytes JMP 270087E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 27008D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 27008F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] SHELL32.dll!Shell_NotifyIconW 7CA21B6A 5 Bytes JMP 27002B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] ole32.dll!CoInitializeEx 774FEF6B 5 Bytes JMP 27001D20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] ole32.dll!CoRegisterClassObject 77518720 5 Bytes JMP 27001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WININET.dll!HttpOpenRequestA 771C36AD 5 Bytes JMP 27007760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WININET.dll!InternetCloseHandle 771C4D6C 5 Bytes JMP 27007A40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WININET.dll!HttpSendRequestA 771C6249 5 Bytes JMP 27007990 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[984] WININET.dll!InternetReadFile 771C80F4 5 Bytes JMP 270078C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003BDF40 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003C0490 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] kernel32.dll!GetPrivateProfileStringA 7C832B56 5 Bytes JMP 003BE0F0 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 003BD920 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 003BE520 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] SHELL32.dll!Shell_NotifyIcon 7CA20C79 5 Bytes JMP 003BD850 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] SHELL32.dll!ShellExecuteA 7CA40EC0 5 Bytes JMP 003BDA30 C:\Program Files\Tencent\QQ\CoralQQ.dll
.text C:\Program Files\Tencent\QQ\QQ.exe[2224] WS2_32.dll!ioctlsocket 71AB4519 5 Bytes JMP 003BEF70 C:\Program Files\Tencent\QQ\CoralQQ.dll

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION E3FBC442DB56531378C4F5B5E490AAEEE5F6D6E6A9C54DBC53C949172167789CD7EF4C88CF83A1CECE9AF1110B0BA044020EA64682B2185895BECDAD1BD83907520CA3091E8257C2B97BFE2736E3C14DE88E50CF377BF9A6CD240036413EB10F2AEC940328D09B146B6C2D67B24F8B2E4D084844A3AE67ECCA32DA639B20E9BBEA14BDBB420EAC2BCCD4E0C742298FD091EC57EA950068B60E822D6CA62A7C5851E313F9B680DB33F784D13F1CEE76E24F929A8BD1C697D0CC15980BD1AB1DF3D0A5D889C0918D9C3C2CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3D5D575E7D6A3B9808FEBC9E127BECC74C2871C33CD255EB4988CF15A9D800CD3BCF897BFB97538923EDAA3B24FB4B651CD602E00E15D4D977EAE8EB191D21A400B2184DA75E0232CC610F31B5E65A4D9FB10A1B82811B295E8C8957CF8ACFAF8F05E6B1A791C2AAF0197C0539C7A3B516D3DB99423FCE049DAE95C98D7F1575F34B0A0973E19DF7A37FD7A901C450BF3A2C4FF79A0BDCCAB9E0F32F376CBDB1195C9A2B2B95E053DA500C7E061ACFC2ACF9BC48F935F20E9A8B116254565854516535628E879DA8F19B86DC6197D345F0D3048CF3A283158D68DBB694D73A80D2647A6A85A429182547B70F5220D1886D2588BD41C94

---- EOF - GMER 1.0.12 ----



And how about the wserver.exe everytime i logon my computer, there is a message asking me to terminate
or debug the program on wserver.exe

#8 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 26 May 2007 - 03:42 AM

Hi again,

Good, no sign of any rootkit activity:

Please do the following:
Run a BitDefender Online scan Here and post the results.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#9 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 27 May 2007 - 05:00 AM

This is the log for Bitdefender, it took me about 5hrs, thats long way

BitDefender Online Scanner







Scan report generated at: Sun, May 27, 2007 - 15:40:55









Scan path: C:\;D:\;E:\;















Statistics

Time


05:17:16

Files


230893

Folders


3856

Boot Sectors


3

Archives


1613

Packed Files


22770







Results

Identified Viruses


4

Infected Files


16

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


16







Engines Info

Virus Definitions


508768

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\ı.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_һ.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_һ.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_һ.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_߱.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_ű.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_˱.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_Ϸ.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_ı.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\㶫_.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\girl\.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\give.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\hurry.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\start.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\tray.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\vipenter.mid


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\vipenter.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\sound\win.wav


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\SoundPlayer.dll


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\static.cur


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\table.ini


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\tablen.bmp


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\tables.bmp


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\UNWISE.EXE


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\voice.txt


Clean

C:\Program Files\Tencent\QQGAME\MjRPG\zlib1.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\client.log


Clean

C:\Program Files\Tencent\QQGAME\Money\Config.exe


Clean

C:\Program Files\Tencent\QQGAME\Money\config.ini


Clean

C:\Program Files\Tencent\QQGAME\Money\Config.lua


Clean

C:\Program Files\Tencent\QQGAME\Money\data\objects.pkg


Clean

C:\Program Files\Tencent\QQGAME\Money\data\package.cfg


Clean

C:\Program Files\Tencent\QQGAME\Money\Display2D.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\Display3D7.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\Display3D8.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\DSETUP.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\Hcq.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\InputDevice.dll


Clean

C:\Program Files\Tencent\QQGAME\Money\INSTALL.LOG


Clean

C:\Program Files\Tencent\QQGAME\Money\keyconfig.cfg


Clean

C:\Program Files\Tencent\QQGAME\Money\Money.bmp


Clean

C:\Program Files\Tencent\QQGAME\Money\MoneyClient.exe


Clean

C:\Program Files\Tencent\QQGAME\Money\MoneyClient.ico


Clean

C:\Program Files\Tencent\QQGAME\Money\mouse.ani


Clean

C:\Program Files\Tencent\QQGAME\Money\music\bk\Ϸ׼.ogg


Clean

C:\Program Files\Tencent\QQGAME\Money\music\bk\Ϸ.ogg


Clean

C:\Program Files\Tencent\QQGAME\Money\music\bk\Ϸq.ogg


Clean

C:\Program Files\Tencent\QQGAME\Money\Rank.ini


Clean

C:\Program Files\Tencent\QQGAME\Money\resbin\GBK12.bmp


Clean

C:\Program Files\Tencent\QQGAME\Money\showconfig.cfg


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\10.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\100.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\101.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\102.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\103.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\104.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\105.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\106.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\107.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\108.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\109.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\11.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\110.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\111.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\112.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\113.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\114.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\115.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\116.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\117.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\118.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\119.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\12.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\13.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\14.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\15.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\16.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\17.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\18.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\19.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\20.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\21.wav


Clean

C:\Program Files\Tencent\QQGAME\Money\sndeffect\22.wav


Clean

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\8.tmp=>(Quarantine-4)


Infected with: Trojan.Dloader.ZY

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\8.tmp=>(Quarantine-4)


Disinfection failed

C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\8.tmp=>(Quarantine-4)


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001290.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001290.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001290.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001318.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001318.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001318.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001409.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001409.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001409.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001482.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001482.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001482.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001511.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001511.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001511.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001536.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001536.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001536.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001560.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001560.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001560.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001607.EXE


Infected with: Trojan.Fakealert.AS

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001607.EXE


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001607.EXE


Deleted

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001611.dll


Infected with: Trojan.Dloader.ZY

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001611.dll


Disinfection failed

C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18\A0001611.dll


Deleted

C:\WINDOWS\system32\C68918F8.EXE


Infected with: Trojan.Fakealert.AS

C:\WINDOWS\system32\C68918F8.EXE


Disinfection failed

C:\WINDOWS\system32\C68918F8.EXE


Deleted

C:\WINDOWS\system32\C68918F8T.EXE


Infected with: Trojan.Fakealert.AS

C:\WINDOWS\system32\C68918F8T.EXE


Disinfection failed

C:\WINDOWS\system32\C68918F8T.EXE


Deleted

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP16\A0001065.exe=>(RAR Sfx o)=>TFTkeygen.exe


Infected with: Trojan.Dropper.PT

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP16\A0001065.exe=>(RAR Sfx o)=>TFTkeygen.exe


Disinfection failed

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP16\A0001065.exe=>(RAR Sfx o)=>TFTkeygen.exe


Deleted

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP16\A0001065.exe=>(RAR Sfx o)


Update failed

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP6\A0000141.exe=>(RAR Sfx o)=>TFTkeygen.exe


Infected with: Trojan.Dropper.PT

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP6\A0000141.exe=>(RAR Sfx o)=>TFTkeygen.exe


Disinfection failed

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP6\A0000141.exe=>(RAR Sfx o)=>TFTkeygen.exe


Deleted

D:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP6\A0000141.exe=>(RAR Sfx o)


Update failed

D:\Tools\war3tool.zip=>gj.exe=>(RAR Sfx o)=>BNرߺϼ.exe=>(RAR Sfx o)=>TFTkeygen.exe


Infected with: Trojan.Dropper.PT

D:\Tools\war3tool.zip=>gj.exe=>(RAR Sfx o)=>BNرߺϼ.exe=>(RAR Sfx o)=>TFTkeygen.exe


Disinfection failed

D:\Tools\war3tool.zip=>gj.exe=>(RAR Sfx o)=>BNرߺϼ.exe=>(RAR Sfx o)=>TFTkeygen.exe


Deleted

D:\Tools\war3tool.zip=>gj.exe=>(RAR Sfx o)=>BNرߺϼ.exe=>(RAR Sfx o)


Update failed

D:\Tools\ɫ\ħ޸.exe


Infected with: Trojan.Flystudio.D

D:\Tools\ɫ\ħ޸.exe


Disinfection failed

D:\Tools\ɫ\ħ޸.exe


Deleted

#10 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 27 May 2007 - 11:05 AM

Hi again,

Ok, it's looking good. Please post a fresh HiJackThis log for me to check over.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#11 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 28 May 2007 - 03:10 AM

Hjack log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:51:03 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WC3Banlist\WC3Banlist.exe
C:\WINDOWS\system32\conime.exe
D:\Tools\W3 MH\W3XMapHack12101.exe
D:\Tools\w3 kick\CustomKick.exe
D:\Tools\JoyToKey\JoyToKey.exe
D:\Downloads\HiJackThis_v2.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\3Ip6GBB67D_2007.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [SoundMix] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\soudmax.dll,St
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C68918F8 - Unknown owner - C:\WINDOWS\system32\C68918F8.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Windows Video2 - Unknown owner - C:\WINDOWS\system32\msvd2.exe

--
End of file - 11956 bytes



Even though it looks fine, but i still get wservers.exe debug, rundll of soundmax.dll cant be load. and one more i forgot

#12 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 May 2007 - 04:03 AM

Hi again,

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#13 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 28 May 2007 - 10:39 PM

The hjack log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:37:58 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
D:\Tools\JoyToKey\JoyToKey.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Downloads\HiJackThis_v2.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\3Ip6GBB67D_2007.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [SoundMix] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\soudmax.dll,St
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C68918F8 - Unknown owner - C:\WINDOWS\system32\C68918F8.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Windows Video2 - Unknown owner - C:\WINDOWS\system32\msvd2.exe

--
End of file - 11922 bytes




This is the report


SDFix: Version 1.85

Run by Dark - 05/29/2007 Tue - 11:17:57.64

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
_________________________________

After it reboot, its not like what u had said, long reboot than normal..

i let you see the wservers as what i had mention

Posted Image

---------------------------------------------

And may ask, is the soundmax.dll a spyware?

i went to search in the google, its stated it is kinda spyware...
and i follow its instruction to create a txt and name it as soundmax.dll to solve the rundll as i mention before

--------------------------------------------

And what is wlloginproxy.exe for? i saw this process only after i had formatt my computer...

meaning i first time see this process from all the formatt

Edited by DaRkSkY, 29 May 2007 - 09:41 PM.


#14 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 30 May 2007 - 04:16 AM

hi,

The file WLLoginProxy.exe belongs to Microsoft Windows Live Login Helper which is a legit service. Soundmax.dll seems to be a crack, or something like, it doesn't seem ligit.

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find Windows Video2

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type Windows Video2 and press OK. OK any prompts, close HijackThis, and restart your computer.

Download Killbox to your desktop.
Click killbox.exe.
Select the option "Delete on reboot".
In the field labeled "Full Path of File to Delete" copy and paste next:

C:\WINDOWS\system32\msvd2.exe

Click the button: Single File (!important!)

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that the listed file will be removed on next reboot and asks if you would like to Reboot now, click YES

Your computer should reboot now.

Next:

Do Start > Search > All files/folders > and search for Wservers. Post the results, if any, here.


jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#15 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 01 June 2007 - 03:34 AM

oh i forgot to tell you that, whenever i surf net using Internet Explorer,
there is popup of advertiment... and its the same every time...
but there were no detection of cool search web or anything

-------------------
the wservers.exe was seem to be still there..

-------------------------

May i know how am i suppose to solve the rundll of soundmax.dll

Edited by DaRkSkY, 01 June 2007 - 06:26 AM.


#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 01 June 2007 - 04:14 AM

Hi,

Do Start > Search > All files/folders > and search for Wservers. Post the results, if any, here.

I need to know the file paths, (i.e. C:\Windows\System or whatever) and how many entries there are.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#17 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 02 June 2007 - 03:26 AM

Okay now.. wservers.exe was clear...

But after the scan... WSERVERS.EXE-0409AA7B.pf was left

In C:\WINDOWS\Prefetch

-------------------------------

Posted Image

Now the rundll... my replacement of the txt seem to be not working now..
So hope that you can give me way to solve it...


---------------------------------

There is a popup of the advertisement with the Internet Explorer, when i first open it...

But after that it seem to be no popup


----------------------------------


Report of the Dr.Web CureIt..

wservers.exe;c:\windows\system32;Win32.HLLW.Autoruner;Deleted.;
Process.exe;D:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
KKUpdater.exe;C:\Program Files\Thunder Network\kankan;Probably DLOADER.Trojan;;
Updaterun.exe.vir;C:\QooBox\Quarantine\C\Program Files\Common Files\System;Adware.Baidu;Incurable.Moved.;
ckkzv.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.QQHelp;Incurable.Moved.;
djnoq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Adware.QQHelp;Incurable.Moved.;
jpckt.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\wbem;Adware.QQHelp;Incurable.Moved.;
scehq.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32\wbem;Adware.QQHelp;Incurable.Moved.;
A0001389.dll;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Adware.QQHelp;Incurable.Moved.;
A0001390.dll;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Adware.QQHelp;Incurable.Moved.;
A0001391.dll;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Adware.QQHelp;Incurable.Moved.;
A0001392.dll;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Adware.QQHelp;Incurable.Moved.;
A0001394.exe;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Adware.Baidu;Incurable.Moved.;
A0001627.EXE;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Trojan.Popwin;Deleted.;
A0001645.DLL;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP18;Trojan.Popwin;Deleted.;
A0002897.dll;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP19;Adware.Dongtian;Incurable.Moved.;
A0004024.dll;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP19;Adware.Dongtian;Incurable.Moved.;
A0004125.exe;C:\System Volume Information\_restore{06C76B26-ED1D-43A1-8778-876B356979E4}\RP20;Win32.HLLW.Autoruner;Deleted.;
alipy_.log;C:\WINDOWS\system32;Adware.Dongtian;Incurable.Moved.;

Edited by DaRkSkY, 02 June 2007 - 03:27 AM.


#18 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 02 June 2007 - 10:45 AM

Hi,

Download Deckard's System Scanner (formerly Comboscan)
http://www.geekstogo...a...nload&id=19 to your Desktop.
  • Close all applications and windows.
  • Double-click on comboscan.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - ComboScan.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your thread.
  • A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
  • Please attach Supplementary.txt to your post.
Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

To attach a file to a new post, simply
  • Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  • copy and paste the following into the "Upload File from your Computer" box:

    C:\ComboScan\Supplementary.txt

  • Click Upload.
What ComboScan will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
(If you have any problems attaching the supplementary file, copy and paste it into a second thread.)

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#19 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 03 June 2007 - 02:27 AM

the link does not work, i can't find the program also

#20 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 June 2007 - 04:44 AM

Sorry, it's been renamed, link now fixed.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#21 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 03 June 2007 - 05:32 AM

Okay now, there are 3 txt called

Main.txt,; Extra,; Moved.txt

First Main.txt

Deckard's System Scanner v20070602.46
Run by Dark on 2007-06-03 at 18:21:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2007-06-03 10:22:02 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2007-06-01 11:53:33 UTC - RP20 - System Checkpoint
19: 2007-05-29 11:52:58 UTC - RP19 - System Checkpoint
18: 2007-05-24 10:03:27 UTC - RP18 - Installed Audition
17: 2007-05-23 11:31:49 UTC - RP17 - Installed Windows XP Wudf01005.


-- First Restore Point --
1: 2007-05-19 05:02:12 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-03 18:24:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\components\TmProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Tools\JoyToKey\JoyToKey.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WC3Banlist\WC3Banlist.exe
C:\WINDOWS\system32\rsvp.exe
D:\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.08xz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://messenger.msn...ersion=9,0,28,0
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\SYSTEMDATA\3Ip6GBB67D_2007.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\NAVDATA\1LdrYPaJ8l_2007.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\wshbth.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C68918F8 - Unknown owner - C:\WINDOWS\system32\C68918F8.EXE -service
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\components\TmProxy.exe
O23 - Service: Wserver - Unknown owner - C:\WINDOWS\system32\Wservers.exe


-- File Associations -----------------------------------------------------------

.chm - chm.file - shell\open\command - "hh.exe" %1
.ini - inifile - shell\open\command - C:\WINDOWS\System32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BtnHnd - c:\program files\fujitsu\btnhnd\btnhnd.sys <Not Verified; FUJITSU LIMITED; Button handler>
R2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
R3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; Sonix Co. Ltd.; USB PC Camera>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 CEDRIVER53 - c:\program files\cheat engine\dbk32.sys
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 SHAK31 - c:\docume~1\dark\locals~1\temp\rar$ex03.453\re 4.2\shak3.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 O2Flash (O2Micro Flash Memory) - c:\windows\system32\o2flash.exe
R2 OwnershipProtocol - c:\program files\intel\wireless\bin\oprotsvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

S2 C68918F8 - c:\windows\system32\c68918f8.exe -service (file missing)
S2 Wserver - c:\windows\system32\wservers.exe (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Files created between 2007-05-03 and 2007-06-03 -----------------------------

2007-06-02 14:58:22 0 d-------- C:\Documents and Settings\Dark\DoctorWeb
2007-06-02 14:54:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-06-01 19:21:15 118784 --a------ C:\WINDOWS\system32\GETCPU.dll <Not Verified; Don't have one.; GETCPU Dynamic Link Library>
2007-06-01 19:15:48 4096 --a------ C:\WINDOWS\d3dx.dat
2007-06-01 16:10:56 0 d-------- C:\!KillBox
2007-05-31 13:43:50 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-05-31 13:43:47 0 d-------- C:\Program Files\Cheat Engine
2007-05-29 11:21:44 675 --a------ C:\Documents and Settings\Dark\clean.reg
2007-05-27 01:37:12 0 d-------- C:\WINDOWS\BDOSCAN8
2007-05-26 22:02:48 0 d-------- C:\Documents and Settings\Dark\Application Data\Nokia Multimedia Player
2007-05-24 23:05:02 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-05-24 23:04:51 0 d-------- C:\WINDOWS\Sun
2007-05-24 23:04:50 0 d-------- C:\Documents and Settings\Dark\Application Data\Sun
2007-05-24 16:13:53 0 d-------- C:\7e08395bb459d2fe1c5d83da9516e3
2007-05-22 17:08:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-05-22 17:08:38 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-05-22 17:08:21 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-05-22 17:08:05 0 d-------- C:\Documents and Settings\Dark\Application Data\Nokia
2007-05-22 17:07:16 0 d-------- C:\Program Files\Common Files\PCSuite
2007-05-22 17:07:15 0 d-------- C:\Program Files\Common Files\Nokia
2007-05-22 17:06:55 0 d-------- C:\Program Files\DIFX
2007-05-22 17:06:52 0 d-------- C:\Documents and Settings\Dark\Application Data\PC Suite
2007-05-22 17:06:44 0 d-------- C:\Program Files\PC Connectivity Solution
2007-05-22 17:06:05 0 d-------- C:\Program Files\Nokia
2007-05-22 17:05:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2007-05-20 13:12:00 0 d-------- C:\Program Files\TTPlayer
2007-05-20 11:56:16 0 d-------- C:\Program Files\Power MP3 WMA Converter
2007-05-20 11:06:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-05-20 11:00:40 5 --a------ C:\WINDOWS\system32\SySCut.dat
2007-05-20 11:00:28 0 d-------- C:\Program Files\SuperAudiotool
2007-05-19 19:03:24 8993027 --a------ C:\WINDOWS\system32\完美世界—武侠.Scr <Not Verified; Acme Photo Software; 梦想之巅屏保播放器>
2007-05-19 19:02:14 128000 --a------ C:\WINDOWS\system32\Dsslji.dat <Not Verified; Intel Corporation; Intel? JPEG Library>
2007-05-19 13:28:12 22768 --a------ C:\Documents and Settings\Dark\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft Windows 2000 Operating System>
2007-05-19 13:28:12 5936 --a------ C:\Documents and Settings\Dark\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-05-19 13:28:12 79328 --a------ C:\Documents and Settings\Dark\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-05-19 13:28:12 92064 --a------ C:\Documents and Settings\Dark\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-05-19 13:28:12 9232 --a------ C:\Documents and Settings\Dark\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-05-19 13:28:12 4048 --a------ C:\Documents and Settings\Dark\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-05-19 13:28:12 6208 --a------ C:\Documents and Settings\Dark\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-05-19 13:28:12 66656 --a------ C:\Documents and Settings\Dark\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-05-19 12:00:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-05-19 12:00:13 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-05-19 12:00:13 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-05-19 12:00:13 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-05-19 12:00:13 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-05-19 12:00:13 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-05-19 12:00:13 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-05-19 12:00:13 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-05-19 12:00:13 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-05-19 12:00:13 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-05-19 12:00:13 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-05-19 12:00:13 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-05-19 12:00:13 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-05-19 12:00:13 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-05-19 12:00:12 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-14 09:52:04 0 d-------- C:\Program Files\Common Files\xing shared
2007-05-14 09:51:31 0 d-------- C:\Program Files\Real
2007-05-14 09:51:31 0 d-------- C:\Program Files\Common Files\Real
2007-05-14 09:50:59 0 d-------- C:\Documents and Settings\Dark\Application Data\Real
2007-05-14 09:13:22 0 d-------- C:\WINDOWS\pss
2007-05-13 23:23:36 0 d-------- C:\Program Files\Microsoft Works
2007-05-13 23:23:06 0 d-------- C:\Program Files\MSBuild
2007-05-13 23:14:19 0 d-------- C:\WINDOWS\SHELLNEW
2007-05-13 23:11:26 0 d-------- C:\Drivers
2007-05-13 23:09:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-05-13 23:08:29 0 dr-h----- C:\MSOCache
2007-05-13 23:07:50 0 d--hs---- C:\WINDOWS\Installer
2007-05-13 23:07:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-05-13 23:07:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-13 23:07:44 0 dr------- C:\Program Files
2007-05-13 23:07:14 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-05-13 23:07:14 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-05-13 23:07:14 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-05-13 23:07:14 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-05-13 23:07:14 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-05-13 23:07:14 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-05-13 23:07:14 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-05-13 23:07:14 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-05-13 23:07:14 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-05-13 23:07:14 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-05-13 23:07:14 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-05-13 23:07:14 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-05-13 23:07:14 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-05-13 23:07:14 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-05-13 23:07:14 0 dr------- C:\Documents and Settings\All Users\Documents
2007-05-13 23:07:14 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-05-13 23:06:56 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-05-13 23:06:56 0 d-------- C:\WINDOWS\system32\CatRoot
2007-05-13 23:06:51 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-05-13 23:06:51 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-05-13 23:06:51 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-05-13 23:06:51 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-05-13 23:06:11 0 d--hs---- C:\System Volume Information
2007-05-13 23:06:11 0 d-------- C:\Documents and Settings
2007-05-13 23:05:09 0 d-------- C:\RECOVERY
2007-05-13 23:03:35 0 d-------- C:\Program Files\Java
2007-05-13 23:00:15 0 d-------- C:\Program Files\Common Files\Java
2007-05-13 22:52:49 0 d-------- C:\WINDOWS\system32\oodag
2007-05-13 22:50:10 0 d-------- C:\WINDOWS
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\WinSxS
2007-05-13 22:50:10 0 dr------- C:\WINDOWS\Web
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\twain_32
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\wins
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\wbem
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\usmt
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\spool
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\ShellExt
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\Setup
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\ras
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\oobe
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\npp
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\mui
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\inetsrv
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\IME
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\icsxml
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\ias
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\export
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\drivers
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-13 22:50:10 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\dhcp
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\config
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\3076
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\2052
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1054
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1042
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1041
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1037
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1033
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1031
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1028
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system32\1025
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\system
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\security
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Resources
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\repair
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Provisioning
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\PeerNet
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\pchealth
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\mui
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\msapps
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\msagent
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Media
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\java
2007-05-13 22:50:10 0 d--h----- C:\WINDOWS\inf
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\ime
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Help
2007-05-13 22:50:10 0 dr--s---- C:\WINDOWS\Fonts
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Driver Cache
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Debug
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Cursors
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Connection Wizard
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\Config
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\AppPatch
2007-05-13 22:50:10 0 d-------- C:\WINDOWS\addins
2007-05-13 22:26:23 0 d-------- C:\Program Files\OO Software
2007-05-13 22:25:20 0 d-------- C:\Program Files\Update
2007-05-13 22:10:32 0 d-------- C:\Documents and Settings\Dark\Application Data\QQ
2007-05-13 22:10:26 0 d---s---- C:\Documents and Settings\Dark\UserData
2007-05-13 22:08:56 0 d-------- C:\Documents and Settings\Dark\Application Data\QQUpdate
2007-05-13 22:07:09 0 d-------- C:\Program Files\Tencent
2007-05-13 21:37:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-05-13 21:18:28 49137 --a------ C:\WINDOWS\War3Unin.dat
2007-05-13 21:18:26 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-13 21:18:26 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-05-13 21:16:52 0 d-------- C:\Program Files\Messenger Plus! Live
2007-05-13 21:14:44 2357 --a------ C:\WINDOWS\system32\cid_store.dat
2007-05-13 21:13:29 0 d-------- C:\Program Files\Thunder Network
2007-05-13 18:50:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-13 18:38:15 0 d-------- C:\Program Files\MSXML 4.0
2007-05-13 18:15:57 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated for JEDI. www.delphi-jedi.org; D3DX81>
2007-05-13 18:08:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-13 18:08:27 0 d-------- C:\Documents and Settings\Dark\Application Data\Mozilla
2007-05-13 17:59:22 0 d--h----- C:\WINDOWS\PIF
2007-05-13 17:24:11 0 d-------- C:\Program Files\Windows Media Connect 2
2007-05-13 17:09:47 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-13 17:09:47 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-13 16:50:18 0 d-------- C:\Documents and Settings\Dark\Application Data\Macromedia
2007-05-13 16:46:37 0 d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-05-13 16:40:52 0 d-------- C:\WINDOWS\system32\PreInstall
2007-05-13 16:40:44 0 d--h----- C:\WINDOWS\$hf_mig$
2007-05-13 16:31:45 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-13 16:30:04 0 d-------- C:\Documents and Settings\Dark\Contacts
2007-05-13 16:23:10 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-05-13 16:19:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-05-13 16:19:11 0 d-------- C:\Program Files\Trend Micro
2007-05-13 16:17:17 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-05-13 16:17:08 0 d-------- C:\Program Files\MSN Messenger
2007-05-13 16:14:41 0 d-------- C:\WINDOWS\system32\driver
2007-05-13 16:14:36 0 d-------- C:\Program Files\IVT Corporation
2007-05-13 16:11:53 163840 --a------ C:\WINDOWS\BJPSUNST.EXE <Not Verified; CANON INC.; BJPSUNST.EXE>
2007-05-13 16:11:15 0 d-------- C:\Program Files\WinPcap
2007-05-13 16:11:11 348160 --a------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2007-05-13 16:11:11 499712 --a------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2007-05-13 16:11:11 1060864 --a------ C:\WINDOWS\system32\MFC71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2007-05-13 16:11:08 0 d-------- C:\Program Files\WC3Banlist
2007-05-13 16:10:47 0 d-------- C:\Program Files\3B Software
2007-05-13 16:09:33 90112 -ra------ C:\WINDOWS\system32\CNMCP7C.exe <Not Verified; CANON INC.; Canon BJ Raster Printer Driver Installer>
2007-05-13 16:09:17 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-05-13 16:08:56 0 d-------- C:\Program Files\Canon
2007-05-13 16:03:00 0 d-------- C:\WINDOWS\Profiles
2007-05-13 16:02:57 0 d-------- C:\WINDOWS\system32\Adobe
2007-05-13 16:02:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-05-13 16:02:57 0 d-------- C:\Documents and Settings\Dark\Application Data\InterTrust
2007-05-13 16:02:57 0 d-------- C:\Documents and Settings\Dark\Application Data\Adobe
2007-05-13 16:02:41 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield? unInstaller>
2007-05-13 16:01:21 0 d-------- C:\Program Files\Prolink Hurricane 9000C
2007-05-13 15:59:10 0 d-------- C:\Program Files\V-Gear BEE
2007-05-13 15:59:00 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2007-05-13 15:58:37 94208 --a------ C:\WINDOWS\amcap.exe <Not Verified; Microsoft Corporation; DirectX 8.1 Sample>
2007-05-13 15:58:32 339968 --a------ C:\WINDOWS\vsnpstd3.exe <Not Verified; ; CameraMonitor Application>
2007-05-13 15:58:32 8532864 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys <Not Verified; Sonix Co. Ltd.; USB PC Camera>
2007-05-13 15:58:29 53248 --a------ C:\WINDOWS\vsnpstd3.dll
2007-05-13 15:58:29 20480 --a------ C:\WINDOWS\usnpstd3.exe <Not Verified; ; DelHwKey Application>
2007-05-13 15:58:29 147456 --a------ C:\WINDOWS\system32\rsnpstd3.dll <Not Verified; ; ResourceDLL>
2007-05-13 15:58:29 53248 --a------ C:\WINDOWS\system32\csnpstd3.dll <Not Verified; ; InstallUtil>
2007-05-13 15:58:29 0 d-------- C:\Program Files\Common Files\snpstd3
2007-05-13 15:56:12 0 d-------- C:\Documents and Settings\Dark\Application Data\Intel
2007-05-13 15:55:36 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2007-05-13 15:55:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-05-13 15:50:46 0 d-------- C:\WINDOWS\system32\Lang
2007-05-13 15:50:39 0 d-------- C:\Program Files\AuthenTec
2007-05-13 15:46:12 0 d-------- C:\Documents and Settings\Dark\Application Data\Identities
2007-05-13 15:44:59 1671168 --a------ C:\WINDOWS\system32\W29MLRES.DLL <Not Verified; Intel Corporation; Intel PRO/Wireless 2915ABG Network Connection>
2007-05-13 15:42:19 0 d-------- C:\Program Files\Fingerprint Sensor
2007-05-13 15:42:07 13312 --a------ C:\WINDOWS\system32\RMDevice.dll
2007-05-13 15:42:07 36864 --a------ C:\WINDOWS\system32\o2flash.exe
2007-05-13 15:41:06 0 d-------- C:\Program Files\Broadcom
2007-05-13 15:40:43 0 d-------- C:\Program Files\ltmoh
2007-05-13 15:40:34 0 d-------- C:\WINDOWS\Options
2007-05-13 15:40:09 0 d-------- C:\Program Files\Synaptics
2007-05-13 15:39:25 0 d-------- C:\Program Files\Fujitsu
2007-05-13 15:39:14 8 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.dat
2007-05-13 15:39:08 0 d-------- C:\WINDOWS\system32\RTCOM
2007-05-13 15:39:08 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-05-13 15:39:03 0 d-------- C:\Program Files\Realtek
2007-05-13 15:39:00 0 d-------- C:\Program Files\Intel
2007-05-13 15:38:59 487424 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-05-13 15:38:10 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-13 15:38:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-13 15:38:01 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-13 15:37:21 0 dr------- C:\Documents and Settings\Dark\Favorites
2007-05-13 15:37:21 0 d-------- C:\Documents and Settings\Dark\Desktop
2007-05-13 15:37:21 0 d---s---- C:\Documents and Settings\Dark\Cookies
2007-05-13 15:37:21 0 dr-h----- C:\Documents and Settings\Dark\Application Data
2007-05-13 15:37:20 0 d--h----- C:\Documents and Settings\Dark\Templates
2007-05-13 15:37:20 0 dr------- C:\Documents and Settings\Dark\Start Menu
2007-05-13 15:37:20 0 dr-h----- C:\Documents and Settings\Dark\SendTo
2007-05-13 15:37:20 0 dr-h----- C:\Documents and Settings\Dark\Recent
2007-05-13 15:37:20 0 d--h----- C:\Documents and Settings\Dark\PrintHood
2007-05-13 15:37:20 3145728 --ah----- C:\Documents and Settings\Dark\NTUSER.DAT
2007-05-13 15:37:20 0 d--h----- C:\Documents and Settings\Dark\NetHood
2007-05-13 15:37:20 0 dr------- C:\Documents and Settings\Dark\My Documents
2007-05-13 15:37:20 0 d--h----- C:\Documents and Settings\Dark\Local Settings
2007-05-13 15:35:58 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-05-13 15:35:51 0 d-------- C:\WINDOWS\Prefetch
2007-05-13 15:35:50 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-05-13 15:35:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-05-13 15:35:48 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-05-13 15:35:48 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-05-13 15:35:48 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-05-13 15:35:48 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-05-13 15:35:08 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-05-13 15:35:08 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-05-13 15:35:08 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-05-13 15:35:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-05-13 15:35:08 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-05-13 15:31:32 831562 --a------ C:\WINDOWS\system32\mswdat10.dll <Not Verified; Microsoft Corporation; Microsoft Jet>
2007-05-13 15:29:48 0 d-------- C:\WINDOWS\system32\xircom
2007-05-13 15:29:48 0 d-------- C:\Program Files\microsoft frontpage
2007-05-13 15:29:45 225280 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-05-13 15:29:32 0 -rahs---- C:\MSDOS.SYS
2007-05-13 15:29:32 0 -rahs---- C:\IO.SYS
2007-05-13 15:29:32 0 --a------ C:\CONFIG.SYS
2007-05-13 15:29:32 0 --a------ C:\AUTOEXEC.BAT
2007-05-13 15:28:32 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-05-13 15:28:22 0 dr------- C:\WINDOWS\Offline Web Pages
2007-05-13 15:28:22 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-13 15:28:10 0 d--h----- C:\Program Files\WindowsUpdate
2007-05-13 15:27:47 0 d-------- C:\WINDOWS\system32\DirectX
2007-05-13 15:27:10 0 d---s---- C:\WINDOWS\Tasks
2007-05-13 15:27:09 0 d-------- C:\Program Files\Common Files\MSSoap
2007-05-13 15:27:04 0 d-------- C:\WINDOWS\srchasst
2007-05-13 15:27:03 0 d-------- C:\WINDOWS\system32\Macromed
2007-05-13 15:26:53 0 d-------- C:\Program Files\Movie Maker
2007-05-13 15:26:44 0 d-------- C:\WINDOWS\system32\Restore
2007-05-13 15:26:22 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 15:25:59 0 d-------- C:\WINDOWS\Registration
2007-05-13 15:25:27 0 d-------- C:\Program Files\Online Services
2007-05-13 15:25:21 0 d-------- C:\Program Files\Messenger
2007-05-13 15:25:17 0 d-------- C:\Program Files\MSN Gaming Zone
2007-05-13 15:24:33 0 d-------- C:\Program Files\Windows NT
2007-05-13 15:24:30 0 d-------- C:\WINDOWS\system32\MsDtc
2007-05-13 15:24:28 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-05-13 23:07:14 62 --ahs---- C:\Documents and Settings\Dark\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\3Ip6GBB67D_2007.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LoadFUJ02E3"="C:\\Program Files\\Fujitsu\\FUJ02E3\\FUJ02E3.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"IndicatorUtility"="C:\\Program Files\\Fujitsu\\Fujitsu Hotkey Utility\\IndicatorUty.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"LoadFujitsuQuickTouch"="C:\\Program Files\\Fujitsu\\Application Panel\\QuickTouch.exe"
"LoadBtnHnd"="C:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"
"ATSwpNav"="\"C:\\Program Files\\Fingerprint Sensor\\ATSwpNav\" -run"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"IntelZeroConfig"="C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe"
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"tsnpstd3"="C:\\Program Files\\Common Files\\snpstd3\\tsnpstd3.exe"
"snpstd3"="C:\\WINDOWS\\vsnpstd3.exe"
"PDUiP6220DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\iP6220D\\PDUiP6220DMon.exe"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"Trend Micro AntiVirus 2007"="C:\\Program Files\\Trend Micro\\AntiVirus 2007\\tavui.exe -1 --delay 15"
"Thunder"="\"C:\\Program Files\\Thunder Network\\Thunder\\Thunder.exe\" /s"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Microsoft Pinyin IME Migration"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\IME12\\IMESC\\IMSCMIG.EXE /INSTALL"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Windows Registry Repair Pro"="C:\\Program Files\\3B Software\\Windows Registry Repair Pro\\RegistryRepairPro.exe 4"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SoundMix"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\soudmax.dll,St"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dark^Start Menu^Programs^Startup^BEE Service.lnk]
"backup"="C:\\WINDOWS\\pss\\BEE Service.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\V-GEAR~1\\VBSERV~1.EXE "
"item"="BEE Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchApplication"
"hkey"="HKLM"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0



-- End of Deckard's System Scanner: finished at 2007-06-03 at 18:26:38 ---------

--------------------------------

Edited by DaRkSkY, 03 June 2007 - 05:42 AM.


#22 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 03 June 2007 - 05:37 AM

Then now Extra.txt


Deckard's System Scanner v20070602.46
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium M processor 2.00GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1014.05 MiB / 503.61 MiB
Pagefile Memory (total/avail): 2441.04 MiB / 1699.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1939.17 MiB

C: is Fixed (NTFS) - 34.53 GiB total, 24.34 GiB free.
D: is Fixed (NTFS) - 39.99 GiB total, 17.61 GiB free.
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: Trend Micro AntiVirus - Virus Protection v15.10.1206 (Trend Micro, Inc.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Tencent\\QQ\\QQ.exe"="C:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"="C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder"
"D:\\Games\\Warcraft III\\war3.exe"="D:\\Games\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dark\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DARK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dark
LOGONSERVER=\\DARK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dark\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dark\LOCALS~1\Temp
USERDOMAIN=DARK
USERNAME=Dark
USERPROFILE=C:\Documents and Settings\Dark
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dark (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agere Systems HDA Modem --> agrsmdel
Audition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB19D888-ACD6-4D1D-BC81-473DBC2A319A}\setup.exe" -l0x9 -removeonly
BlueSoleil --> MsiExec.exe /X{38F0F8B4-3786-42D6-A82C-DF1FEB010C46}
Broadcom Gigabit Ethernet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC502085-5F63-41A2-A290-41F9F9574270}\setup.exe" -l0x9 REMOVE
Canon iP6220D --> C:\WINDOWS\system32\CNMCP7C.exe "-PRINTERNAMECanon iP6220D" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP6220D Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon iP6220D Memory Card Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD62878E-7631-4D9D-9983-6F30DA4D7FF8}\setup.exe" /PDUUninstall
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Fingerprint Sensor Minimum Install --> MsiExec.exe /I{D1C6BA81-14FF-4331-8350-350D159A50F4}
Fujitsu Hotkey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{805BDB3F-6803-45F7-B959-4FE5B921BC55}\setup.exe"
Fujitsu System Extension Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D48CCDB0-5EAB-4ED9-8D3E-8653EFFBFB84}\setup.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LifeBook Application Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F403DD9-5A80-46DC-AAEC-9C743121E8B8}\setup.exe"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0015-0804-0000-0000000FF1CE}
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0016-0804-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0028-0804-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0044-0804-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-001A-0804-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0018-0804-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-001F-0804-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proofing (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-002C-0804-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-0019-0804-0000-0000000FF1CE}
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-006E-0804-0000-0000000FF1CE}
Microsoft Office Word MUI (Chinese (Simplified)) 2007 --> MsiExec.exe /X{90120000-001B-0804-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Cutter Joiner 1.17 --> "C:\Program Files\SuperAudiotool\MP3 Cutter Joiner\unins000.exe"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{92C368C7-E69F-402A-B286-D178E786603D}
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
O2Micro Flash Memory Card Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3BB2AA79-6623-48F4-B288-0CE1C88D40D6} /l1033
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Power MP3 WMA Converter 2006, (ver 3.0) --> "C:\Program Files\Power MP3 WMA Converter\unins000.exe"
QQ游戏 --> C:\Program Files\Tencent\QQGAME\Uninstall.EXE
QQ连连看角色版 --> C:\PROGRA~1\Tencent\QQGAME\KYODAI~1\UNWISE.EXE C:\PROGRA~1\Tencent\QQGAME\KYODAI~1\INSTALL.LOG
Quick Start V1.3 --> "C:\Program Files\Prolink Hurricane 9000C\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Security Update for Excel 2007 (KB934670) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD098537-8857-4065-B4B6-AC023CB2C48E}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro AntiVirus --> MsiExec.exe /X{71E4D679-20AB-41E9-A350-D5BF92088FFE}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 Junk Email Filter (KB934655) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F7185592-E40D-476E-9BC4-38DF96EE176B}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
V-Gear BEE --> C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\V-Gear BEE\UnInst.log" "/APPNAME=V-Gear BEE"
V-Gear TalkCam Messenger Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WC3Banlist --> "C:\Program Files\WC3Banlist\unins000.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Registry Repair SE --> "C:\Program Files\3B Software\Windows Registry Repair Pro\unins000.exe"
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
千千静听 5.0 --> "C:\Program Files\TTPlayer\uninst.exe"
珊瑚虫 2007 --> "C:\Program Files\Tencent\QQ\uninstall.exe"
迅雷5 --> "C:\Program Files\Thunder Network\Thunder\unins000.exe"
迅雷看看 --> C:\Program Files\Thunder Network\kankan\uninstall.exe


-- End of Deckard's System Scanner: finished at 2007-06-03 at 18:26:38 ---------


------------------------------------

Lastly Moved.txt


Directories/Files moved to C:\Deckard\System Scanner\backup

2007-06-01 13:09:28 1016333 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\000041180603571018.wmv
2007-05-31 13:39:55 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\2yz31.tmp
2007-05-29 22:13:39 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\31dAA.tmp
2007-05-29 13:03:23 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\4aq75.tmp
2007-06-01 16:28:40 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\99544.tmp
2007-06-03 17:19:38 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\a5n49.tmp
2007-05-29 23:50:14 1704092 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\aaSOcABoAAAAAAM1vYYVnye7UP+XW5Xb5kYBloIGw&mid=3ac5cc7e7074cb62486e87b9f03fe357&threshold=40&tid=A0D44367C6CE578F4B293231101A5CD3.wmv
2007-05-31 11:04:16 837274 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\BVaE1v1SJixEIpHDll1qv6axgwAAAAAAKqd38tR45lPMPQhhpmOLFMzTKuf&mid=e1c50c7894d850e1b4d9a63480114d04&threshold=40&tid=A7150974863DF9421329A2397CCFD37C.wmv
2007-05-31 11:03:45 405264 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\h&mid=7f9c7d9e626e40e0759adfe9ff38561c&threshold=40&tid=F2291001B087192F2CFCD8D2A4F51EB3.wmv
2007-06-01 16:08:32 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\i6d1.tmp
2007-06-01 16:32:23 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\i8e4.tmp
2007-05-29 11:26:35 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\io713.tmp
2007-05-29 13:02:24 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\j4572.tmp
2007-06-01 21:22:14 416 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\java_install_reg.log
2007-06-03 12:08:44 1710 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\jusched.log
2007-06-02 21:34:40 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\k16A.tmp
2007-06-03 12:27:39 0 d-------- C:\DOCUME~1\Dark\LOCALS~1\Temp\MessengerCache
2007-05-29 12:33:59 412554 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\mps_86ff.tmp
2007-06-03 12:08:47 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\oepD.tmp
2007-05-30 16:41:51 0 d-------- C:\DOCUME~1\Dark\LOCALS~1\Temp\outlook logging
2007-05-30 15:52:12 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\pyo43.tmp
2007-06-02 10:25:57 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\qpu1D.tmp
2007-06-01 13:15:57 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\rde2B.tmp
2007-05-29 14:42:32 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\sm47A.tmp
2007-05-31 10:46:10 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\sy620.tmp
2007-05-29 20:23:20 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\temA8.tmp
2007-06-02 16:15:43 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\tvf9.tmp
2007-05-30 10:32:56 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\v5124.tmp
2007-06-02 16:15:39 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\vhb8.tmp
2007-05-30 15:45:43 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\vx342.tmp
2007-06-03 12:03:48 0 d-------- C:\DOCUME~1\Dark\LOCALS~1\Temp\WPDNSE
2007-06-02 16:14:53 0 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\z925.tmp
2007-05-29 20:34:04 50 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\ZsJgPo9x
2007-06-01 13:16:58 65536 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF15C0.tmp
2007-06-01 13:16:58 512 --a-----t C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF15CB.tmp
2007-06-01 13:06:08 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF1802.tmp
2007-06-01 16:06:46 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF1971.tmp
2007-06-03 16:14:11 65536 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF297.tmp
2007-06-03 16:14:11 512 --a-----t C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF2FE.tmp
2007-06-01 13:17:03 65536 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF3471.tmp
2007-06-01 13:17:03 512 --a-----t C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF34AD.tmp
2007-05-31 14:25:23 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF3880.tmp
2007-06-01 13:52:21 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF3CA8.tmp
2007-06-01 13:21:25 180224 --a-----t C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF42E.tmp
2007-06-01 13:06:42 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF4615.tmp
2007-06-02 21:23:20 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF5D9E.tmp
2007-06-01 16:09:54 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF6DBE.tmp
2007-06-02 16:12:24 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF758E.tmp
2007-06-01 16:30:37 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF79D1.tmp
2007-06-01 16:28:42 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF7AA.tmp
2007-06-01 16:27:37 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF7B81.tmp
2007-06-01 23:27:35 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF94F5.tmp
2007-06-01 16:07:05 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF9C43.tmp
2007-05-30 10:27:01 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DF9F8A.tmp
2007-05-31 10:36:13 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFA56F.tmp
2007-06-01 16:30:56 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFAD65.tmp
2007-06-01 16:27:54 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFB4E1.tmp
2007-06-03 15:08:42 65536 --a-----t C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFB602.tmp
2007-06-02 10:14:27 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFBA37.tmp
2007-06-02 10:14:13 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFBF5A.tmp
2007-05-30 10:31:20 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFC634.tmp
2007-06-03 16:14:04 65536 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFE0CE.tmp
2007-06-03 16:14:04 512 --a-----t C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFE163.tmp
2007-06-02 21:23:39 16384 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFFA26.tmp
2007-05-31 10:35:59 32768 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~DFFCB.tmp
2007-06-01 19:54:15 72192 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~e5.0001 <Not Verified; Macrovision Europe Ltd.; Macrovision Europe Ltd. Cleanup>
2007-05-31 14:36:07 2194 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~th34.tmp
2007-05-31 15:36:07 2194 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~th3B.tmp
2007-05-31 16:36:08 2194 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~th6C.tmp
2007-06-02 00:30:42 2133 --a------ C:\DOCUME~1\Dark\LOCALS~1\Temp\~thF5.tmp
2007-05-30 10:27:52 0 --a------ C:\WINDOWS\temp\ms5.tmp
2007-06-03 17:45:50 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2007-06-03 12:05:07 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2007-06-01 15:57:18 0 --a------ C:\WINDOWS\temp\xx2
2007-06-01 15:57:18 0 --a------ C:\WINDOWS\temp\xx3
2007-06-01 15:57:18 0 --a------ C:\WINDOWS\temp\xx4
2007-06-01 15:57:18 0 --a------ C:\WINDOWS\temp\xx5
2007-06-01 15:57:18 0 --a------ C:\WINDOWS\temp\xx6
2007-06-03 12:04:44 520 --a------ C:\WINDOWS\temp\_pccchkdll.log
2004-12-07 16:07:08 32 --a------ C:\WINDOWS\Downloaded Program Files\bdcore.dll
2005-03-01 14:08:48 118784 --a------ C:\WINDOWS\Downloaded Program Files\bdupd.dll
2005-03-01 14:08:52 53248 --a------ C:\WINDOWS\Downloaded Program Files\ipsupd.dll
2004-12-07 16:07:08 32 --a------ C:\WINDOWS\Downloaded Program Files\libfn.dll
2007-02-22 23:41:12 304544 --a------ C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll <Verified; Microsoft Corporation; MSN? Games by Zone.com>
2007-02-28 14:21:04 130472 --a------ C:\WINDOWS\Downloaded Program Files\MineSweeper.dll <Verified; Microsoft Corporation; MSN? Games by Zone.com>
2006-06-01 02:54:16 471040 --a------ C:\WINDOWS\Downloaded Program Files\oscan8.ocx <Not Verified; SOFTWIN; bdscanonline>
2006-05-31 04:15:16 10 --a------ C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x

-*- End of Logfile -*-


---------------------------------

So there's no Supplementary.txt....

And everything was different as you say...
Since they change the whole programee

Thats all i had found....

----------------------------------

Sorry to double post... it seem that the report is too long so i had to make another post

Edited by DaRkSkY, 03 June 2007 - 10:23 PM.


#23 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 June 2007 - 11:59 AM

I can see no problems in the ComboScan log. How is your PC performing now?

jei
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#24 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 05 June 2007 - 02:07 AM

Posted Image


now is this module...

-------------
It seem that now my process speed is slower than before

So can you check for me is there any dumb process that is useless?

So i can stop it running and make the computer run faster

----------------------------

I found out there is pop up on http://mms.smartpv.cn/

This popup happen is only when i open IE explorer

#25 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 05 June 2007 - 12:43 PM

Hi again,

Please run Notepad and paste the following text into a new file, do not include the word quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SoundMix"=-



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Navigate to this folder C:\Deckard\System Scanner\backup and delete the contents.

Next:

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
Select the following:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Next:

Download RegSeeker from here:
http://www.snapfiles.../regseeker.html

Open RegSeeker.

Check the 'Backup before Deletion' box
Click on 'Clean the Registry'
Make sure all boxes except Invalid Sevices (experimental) are checked.
Click AutoClean and follow the prompts to allow it to run.
You will get a notification when AutoClean has run.
Exit RegSeeker.
Do not try to use any of the other functions on RegSeeker, it is a powerful program with the potential to damage your PC if used incorrectly

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Under 'Error-Checking' click 'Check Now'.
Under 'Check Local Disk C check both boxes and click 'Start'. You will be prompted to restart. Do so. You will get a blue screen on restart, be patient, the error-check takes time, your PC will start normally when it is complete.

Next:

Do Start > My Computer.
Right-Click on Local Disk C.
Click Properties > Tools.
Click on 'Defragment now' and follow the prompts to defragment your disk.

Finally, please post a fresh HiJackThis log and let me know how your PC is running.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#26 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 06 June 2007 - 01:17 AM

Hijack log


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:10:36 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\3Ip6GBB67D_2007.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C68918F8 - Unknown owner - C:\WINDOWS\system32\C68918F8.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
O23 - Service: Wserver - Unknown owner - C:\WINDOWS\system32\Wservers.exe (file missing)

--
End of file - 11598 bytes


-------------------------
Okay, rundll fixed..

After all the process, it doesn't seem to have any increase in process speed
I think the process speed is not able to have a better one,
since i used this computer for more than a year and its getting old..

But i do have a doubt,
Does formatting a computer in decrease its performance?

Edited by DaRkSkY, 06 June 2007 - 04:09 AM.


#27 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 June 2007 - 04:47 AM

Hi again,

One of the Malware entries is still running a service, even though the file is gone.

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find Wserver

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type Wserver and press OK. OK any prompts, close HijackThis, and restart your computer.

Post a fresh HiJackThis log.

Does formatting a computer in decrease its performance?

Not sure what you're asking here, do you mean - if I reformat will it decrease performance? - or - I have reformatted, did it decrease performance?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#28 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 06 June 2007 - 08:31 AM

The Hijack log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:31:01 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Tools\JoyToKey\JoyToKey.exe
C:\Program Files\WC3Banlist\WC3Banlist.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
D:\Downloads\HiJackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: MyLoader Class - {09BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\3Ip6GBB67D_2007.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C68918F8 - Unknown owner - C:\WINDOWS\system32\C68918F8.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 11617 bytes

---------------------

Not sure what you're asking here, do you mean - if I reformat will it decrease performance? - or - I have reformatted, did it decrease performance?


Isn't this 2 question some how linked?

Both question is asking whether "reformatting decreases the performance of the computer"

As i had formatted this computer few times..

Its processing speed is somehow had a failure

#29 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 June 2007 - 09:50 AM

Hi again,

Your log looks clean. To answer your question, no, formatting, even repeatedly, shouldn't affect performance if the disk is healthy. It's more often hardware or compatibility problems:

If you want to benchmark your PC against other similar ones, please register (it's free, don't worry) with PCPitStop and run the full tests here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#30 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 07 June 2007 - 02:23 AM

okay..

So it should be this, my hardware had over work..

------------------------

okay now, i had done the test and fixed most of the things.
It seem to have a better performance..

----------------------

But i used its spyware tool, PC Pitstop Exterminate
It scanned some spyware
    Item count
-Allsum 3
Tencent QQ 1
allsumx 7
Prockill 1
qqwry 1
QuickButton 2


Give me some opinion on this.. except Tencent QQ

Edited by DaRkSkY, 07 June 2007 - 02:38 AM.


#31 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 June 2007 - 01:08 PM

Hi again,

Allsum and QuickButton are Adware, if you're not getting any popups then they are not active, and have been disabled and partially removed by other tools we're used, therefore not a threat.
Tencent QQ you know about.
Prockill refers to the Process Killer in SDFix, it's a false positive, DrWeb found it too, if you look back.
qqwry - no idea, it doesn't look malicious from Google, and I'd guess it was another FP, or at the most a leftover.
PC Pitstop Exterminate is a program that scans, but you have to buy it to remove anything, therefore it's in the interests of the manufacturers for the scan to find something. In my opinion, and I've been doing this a long time, your PC is safe. :)

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#32 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 08 June 2007 - 12:36 AM

okay... but i told you i had the popup with IE explorer..

It is like stop for few days, then come back again..

Now increase to 2..

<http://www.u8u.com/z...325&b=0&d=0&e=>
and
<http://3dorg.cn/>


Its like the website change every time i open a IE explorer...

-------------

About the QuickButton... it should be a software of mine, come with my Fujitsu notebook.

From my result.. qqwry is under RAT

http://www.ca.com/us...px?id=453084985


This is the link it gave me

Edited by DaRkSkY, 08 June 2007 - 01:01 AM.


#33 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 June 2007 - 06:36 AM

Ok, fair enough, let's have another look round.

Please run ComboFix again, I need the log, here's the download in case you deleted it:

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#34 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 09 June 2007 - 12:41 AM

Okay this is the log...


"Dark" - 2007-06-09 13:36:35 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Dark\"


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-08 00:29 <DIR> d-------- C:\Program Files\WC3Banlist
2007-06-07 13:42 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-06 13:14 <DIR> d-------- C:\Program Files\CCleaner
2007-06-05 16:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\KanKan
2007-06-04 11:41 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-06-03 21:02 49,494 --a------ C:\WINDOWS\War3Unin.dat
2007-06-03 21:02 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-06-03 21:02 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-06-02 14:58 <DIR> d-------- C:\DOCUME~1\Dark\DoctorWeb
2007-06-02 14:54 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-06-01 19:21 118,784 --a------ C:\WINDOWS\system32\GETCPU.dll
2007-06-01 19:15 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-05-31 13:43 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-05-31 13:43 <DIR> d-------- C:\Program Files\Cheat Engine
2007-05-29 11:21 675 --a------ C:\DOCUME~1\Dark\clean.reg
2007-05-27 01:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-26 22:02 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\Nokia Multimedia Player
2007-05-25 14:44 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-24 23:05 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-05-24 16:13 <DIR> d-------- C:\7e08395bb459d2fe1c5d83da9516e3
2007-05-22 17:40 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-05-22 17:08 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\Nokia
2007-05-22 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-05-22 17:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-05-22 17:07 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-05-22 17:07 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-05-22 17:06 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-05-22 17:06 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-05-22 17:06 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-05-22 17:06 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-05-22 17:06 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-05-22 17:06 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-05-22 17:06 <DIR> d-------- C:\Program Files\Nokia
2007-05-22 17:06 <DIR> d-------- C:\Program Files\DIFX
2007-05-22 17:06 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\PC Suite
2007-05-22 17:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-05-20 13:12 <DIR> d-------- C:\Program Files\TTPlayer
2007-05-20 11:56 <DIR> d-------- C:\Program Files\Power MP3 WMA Converter
2007-05-20 11:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-05-20 11:00 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-20 11:00 5 --a------ C:\WINDOWS\system32\SySCut.dat
2007-05-20 11:00 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-05-20 11:00 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-05-20 11:00 <DIR> d-------- C:\Program Files\SuperAudiotool
2007-05-20 10:59 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-05-20 10:59 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-05-19 19:03 8,993,027 --a------ C:\WINDOWS\system32\完美世界武侠.Scr
2007-05-19 19:02 128,000 --a------ C:\WINDOWS\system32\Dsslji.dat
2007-05-19 13:31 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-05-19 13:29 36,864 --------- C:\WINDOWS\system32\Mfc42loc.dll
2007-05-19 13:28 92,064 --a------ C:\DOCUME~1\Dark\mqdmmdm.sys
2007-05-19 13:28 9,232 --a------ C:\DOCUME~1\Dark\mqdmmdfl.sys
2007-05-19 13:28 79,328 --a------ C:\DOCUME~1\Dark\mqdmserd.sys
2007-05-19 13:28 66,656 --a------ C:\DOCUME~1\Dark\mqdmbus.sys
2007-05-19 13:28 6,208 --a------ C:\DOCUME~1\Dark\mqdmcmnt.sys
2007-05-19 13:28 5,936 --a------ C:\DOCUME~1\Dark\mqdmwhnt.sys
2007-05-19 13:28 4,048 --a------ C:\DOCUME~1\Dark\mqdmcr.sys
2007-05-19 13:28 25,600 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
2007-05-19 13:28 25,600 --a------ C:\DOCUME~1\Dark\usbsermptxp.sys
2007-05-19 13:28 22,768 --a------ C:\DOCUME~1\Dark\usbsermpt.sys
2007-05-19 12:00 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-19 12:00 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
2007-05-14 10:00 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-05-14 10:00 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-14 09:52 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-05-14 09:51 <DIR> d-------- C:\Program Files\Real
2007-05-14 09:51 <DIR> d-------- C:\Program Files\Common Files\Real
2007-05-14 09:50 <DIR> d-------- C:\DOCUME~1\Dark\APPLIC~1\Real
2007-05-14 09:13 <DIR> d-------- C:\WINDOWS\pss
2007-05-13 23:25 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-13 23:23 <DIR> d-------- C:\Program Files\MSBuild
2007-05-13 23:23 <DIR> d-------- C:\Program Files\Microsoft Works
2007-05-13 23:18 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-13 23:17 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-05-13 23:17 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-05-13 23:17 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-13 23:17 35,913 --a------ C:\WINDOWS\system32\drivers\smcirda.sys
2007-05-13 23:17 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-05-13 23:17 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-05-13 23:17 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-05-13 23:16 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-05-13 23:16 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-13 23:16 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-05-13 23:16 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-05-13 23:16 4,864 --a------ C:\WINDOWS\system32\drivers\fuj02e3.sys
2007-05-13 23:16 14,080 --a------ C:\WINDOWS\system32\drivers\CmBatt.sys
2007-05-13 23:16 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-05-13 23:14 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-13 23:12 883,834 --a------ C:\WINDOWS\system32\ialmdd5.dll
2007-05-13 23:12 86,016 --a------ C:\WINDOWS\system32\igfxext.exe
2007-05-13 23:12 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-05-13 23:12 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-05-13 23:12 73,728 --a------ C:\WINDOWS\system32\hccutils.dll
2007-05-13 23:12 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4333.dll
2007-05-13 23:12 57,344 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-05-13 23:12 53,248 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-05-13 23:12 524,288 --a------ C:\WINDOWS\system32\igldev32.dll
2007-05-13 23:12 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll
2007-05-13 23:12 438,272 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-05-13 23:12 38,014 --a------ C:\WINDOWS\system32\ialmrnt5.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-01 11:54:16 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-20 03:37:46 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}=C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2007-04-16 19:16]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2007-04-25 12:45]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 12:02]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{D92EB6BE-C6CA-475D-8D3B-45F323A6B62B}=C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll [2007-05-24 16:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-02-25 10:13]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-08-09 10:53]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-03 15:15]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-07 03:39 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 01:43 C:\WINDOWS\ALCMTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-07-01 23:58 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-05-18 23:57]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-03-24 14:43]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-03-24 14:41]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-05-31 22:46]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-06-03 01:31]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-05-31 22:50]
"tsnpstd3"="C:\Program Files\Common Files\snpstd3\tsnpstd3.exe" [2005-12-20 14:39]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [2005-05-06 18:17]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 09:10]
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-01-19 17:49]
"Thunder"="C:\Program Files\Thunder Network\Thunder\Thunder.exe" [2007-04-30 19:12]
"Microsoft Pinyin IME Migration"="C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.exe" [2006-10-26 14:53]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 20:00 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-14 09:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Registry Repair Pro"="C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-08 22:14]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dark^Start Menu^Programs^Startup^BEE Service.lnk]
backup=C:\WINDOWS\pss\BEE Service.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 13:39:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


Completion time: 2007-06-09 13:40:17
C:\ComboFix-quarantined-files.txt ... 2007-06-09 13:40
C:\ComboFix2.txt ... 2007-05-25 14:44

--- E O F ---

#35 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 09 June 2007 - 07:33 AM

Hi,

Well, there's nothing active in there that would suggest you're still infected, certainly no sign of any backdoor trojans etc.

There's only one file I don't recognise, so please go here:
http://virusscan.jotti.org/
Browse to, upload and submit this file:
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll
and post the results here.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#36 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 09 June 2007 - 11:30 AM

Okay now,

there are 2 engine scanned with virus..

AntiVir
Found ADSPY/Webnav

VBA32
Found Trojan-Downloader.Agent.23 (paranoid heuristics) (probable variant)

so it is needed to be clear?

#37 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 09 June 2007 - 12:03 PM

Hi again,

Yes, that's good enough for me, delete this file:

C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll

If it won't delete, boot into safe mode and delete it. Let me know how it goes.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#38 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 10 June 2007 - 01:33 AM

Okay..

It was deleted


I post new hijack log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:10:57 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WC3Banlist\WC3Banlist.exe
D:\Tools\JoyToKey\JoyToKey.exe
C:\WINDOWS\system32\conime.exe
D:\Downloads\HiJackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C68918F8 - Unknown owner - C:\WINDOWS\system32\C68918F8.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 10905 bytes

#39 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 June 2007 - 05:36 AM

Hi again,

Do Start > Run and type in cmd

Then at the command prompt, type sc delete C68918F8 and press enter.

Then please reboot your computer and post a fresh HijackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#40 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 10 June 2007 - 06:13 AM

HiHi

okay done...


Here's the report


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:12:52 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Prolink Hurricane 9000C\QuickStart.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
D:\Downloads\HiJackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 10601 bytes

#41 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 June 2007 - 12:21 PM

Hi again,

One last thing:

Scan with HiJackThis and put a check in the box next to the following items;

O2 - BHO: Editor - {D92EB6BE-C6CA-475D-8D3B-45F323A6B62B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\1LdrYPaJ8l_2007.dll (file missing)

Close all browsers and windows, click on fix selected and allow HJT to fix these entries.

Restart.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread, and we should be done.

jedi :)
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#42 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 10 June 2007 - 11:13 PM

It was clear now...


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:08:52 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\HiJackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Program Files\Common Files\snpstd3\tsnpstd3.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: 珊瑚虫.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 12306 bytes


I'm here to thank you for all your patient with me :wub:

There should not be any problem with my computer
after all your effort in clearing it

Thanks once again =.=

#43 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 03:36 AM

Hi again,

I'm here to thank you for all your patient with me

You're welcome. :D

There should not be any problem with my computer
after all your effort in clearing it

Well, your log looks clean now, how is your PC performing?

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#44 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 11 June 2007 - 06:19 AM

hmm... now the computer is like, struggling for speed..

the performance is lousier

But i think it should be okay with it...

And you can close the thread now..

Thanks

#45 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 07:31 AM

Hi again,

You may find this useful:

http://users.telenet...owcomputer.html

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#46 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 11 June 2007 - 09:52 AM

okay

This is rather useful Joker once given it to me, but i lost it

So i don't know where can i start,

Anyway, i will try to fix the rest

#47 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 11 June 2007 - 09:58 AM

Another thing you can do is run the performance tests at PCPitStop, they give good tips. I'll take a look at the results if you want.

Please register (it's free, don't worry) with PCPitStop and run the full tests here.

If you want to share the results with me, click "Share these results with TechExpress" on the left-hand side. Then copy the URL provided and post it here for me.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#48 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 11 June 2007 - 11:03 AM

I found it...

This is my result link

http://www.pcpitstop...78DHW671FVSV7TW

Do not care about the background program..

Because i am on a voice....

So the result was affect by this

#49 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 12 June 2007 - 01:26 PM

According to the tests your PC is running well, apart from a high CPU load, which you may improve by disabling some of the optionals listed here:
http://www.pcpitstop...top/Windows.asp
But it's looking good generally. :thumbsup:

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#50 mien Gemini

mien Gemini

    Member

  • Full Member
  • Pip
  • 83 posts

Posted 13 June 2007 - 01:22 AM

Thanks for help with my trouble again

---------------------

Yes, it looks good...
But i do feel that it
as not as good as before...

Realplayer RealNetworks, Inc. C:\Program Files\Common Files\Real\Update_OB\realsched.exe

Office XP speech Microsoft Corporation C:\WINDOWS\system32\ctfmon.exe


This 2 item i am unable to turn off...

For realplayer.. realsched.exe will be active after i run the realplayer..

As for ctfmon.exe it will run after i reboot my computer..

Apart from this 2, can you see if anything is needed to disable?

------------------------------

Recently my window SP2 firewall was turned off each time i reboot my computer...
And when i open the firewall, it would ask me to run the internet sharing service (if i remember clearly, it is this name)..

So is it that we had clear any important item?

------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button