Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91845 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Aware agent.BN kill and return


  • This topic is locked This topic is locked
40 replies to this topic

#16 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 05 May 2008 - 07:13 PM

moreover, I can run the scan ,cause:Oh! You need Internet Explorer or Firefox to use ActiveScan 2.0. We have detected that your PC is using a version of Microsoft Internet Explorer or Firefox, or other browser that is not compatible with ActiveScan 2.0. To perform the scan, you must use ActiveScan 2.0 with Internet Explorer (6 or 7) or Mozilla Firefox (1.5 or 2). * Windows Operating system Windows 2000/XP (32- and 64-bit)/Vista (32 and 64-bit) * RAM RAM 128 MB, or more. * Internet Explorer, Firefox Browser Internet Explorer 6 or 7, 32-bit version Mozilla Firefox 1.5 or 2 Have Javascript execution enabled * Disk space 150 MB * Processor 300 MHz or faster * Permissions to install ActiveX Administrator ps i'm now using firefox 3 beta5

    Advertisements

Register to Remove


#17 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 05 May 2008 - 07:20 PM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
CPU 1: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 3069.97 MiB / 2288.35 MiB
Pagefile Memory (total/avail): 5978.62 MiB / 5176.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1895.2 MiB

C: is Fixed (NTFS) - 109.21 GiB total, 76.63 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1246GSX - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 78.41 MiB
\PARTITION1 (bootable) - Installable File System - 109.21 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"="C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe"="C:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe:*:Enabled:超级旋风"
"C:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe"="C:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe:*:Enabled:AutoUpdate Module"
"C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe:*:Enabled:Flashget2"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Tencent\\QQ\\QQ.exe"="C:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ"
"C:\\Program Files\\Tencent\\QQ\\QZone\\Qzone.exe"="C:\\Program Files\\Tencent\\QQ\\QZone\\Qzone.exe:*:Enabled:QzoneClient1.3Beta04 V01.3.104.021"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\StormII\\Storm.exe"="C:\\Program Files\\StormII\\Storm.exe:*:Enabled:暴风影音"
"C:\\Program Files\\StormII\\stormliv.exe"="C:\\Program Files\\StormII\\stormliv.exe:*:Enabled:暴风影音媒体控制中心"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe:*:Enabled:Kingsoft PowerWord Online Update"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\gigi\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DGY0LZF1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\gigi
LOGONSERVER=\\DGY0LZF1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\StormII\Codec;C:\Program Files\StormII
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\gigi\LOCALS~1\Temp
TMP=C:\DOCUME~1\gigi\LOCALS~1\Temp
USERDOMAIN=DGY0LZF1
USERNAME=gigi
USERPROFILE=C:\Documents and Settings\gigi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

gigi (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\SETUP.EXE" -l0x9
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced Audio FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Dell Automated PC TuneUp --> MsiExec.exe /X{FE34691C-4298-4667-9758-D7F534DD0B94}
Dell DataSafe Online --> MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
eMule VeryCD版 --> C:\Program Files\eMule\uninstall.exe
Encyclopaedia Britannica 2008 Ultimate Reference Suite --> "C:\Program Files\Britannica 8.0\Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall_Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall Encyclopaedia Britannica 2008 Ultimate Reference Suite.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\gigi\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Laptop Integrated Webcam Driver (1.03.02.0719) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Learning Essentials for Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Math --> MsiExec.exe /I{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Student 2007 for Learning Essentials --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft Student with Encarta Premium 2008 --> MsiExec.exe /I{08041881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Text-to-Speech Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mouse Suite for Laptop Computers --> C:\Program Files\InstallShield Installation Information\{BF13AA9D-E4CE-4015-9778-ECC1D4FB06E4}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0b5) --> C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Powerword 2007 --> "C:\Program Files\Kingsoft\Powerword 2007\unins000.exe"
QQ2007II 正式版 --> C:\Program Files\Tencent\QQ\uninst.exe
QQ游戏 --> C:\Program Files\Tencent\QQGame\Uninstall.EXE
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype? 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sogou Chinese Input 3.2 (3.2.0.0605) --> "C:\Program Files\SogouInput\Uninstall.exe"
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SOSO AddressBar Search --> Rundll32.exe C:\WINDOWS\system32\Scrax.dll,Uninstall
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Versal FileDownload ActiveX Control Trial Version --> C:\Program Files\Universal\UFileDownloadD\USetup.exe
Windows Live installer --> MsiExec.exe /X{75F9C7CC-1EF0-4E03-BCD5-DF715CD7AFD1}
Windows Live Messenger --> MsiExec.exe /X{3DD5CE10-6673-499D-8FC0-66C953121B1D}
Windows Live 登录助手 --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR 压缩文件管理器 --> C:\Program Files\WinRAR\uninstall.exe
快车(FlashGet)2-正式版 --> C:\Program Files\FlashGet Network\Flashget\uninst.exe
暴风影音 --> C:\Program Files\StormII\uninst.exe
超级旋风 1.8.195.202 --> C:\Program Files\Tencent\QQDownload\uninst.exe
飞速土豆 1.10 --> C:\Program Files\Tudou\飞速Tudou\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1832 / Error
Event Submitted/Written: 05/04/2008 11:14:43 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1831 / Error
Event Submitted/Written: 05/04/2008 10:20:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application stax.exe, version 2.3.3.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1785 / Error
Event Submitted/Written: 05/04/2008 09:22:41 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Roxio Creator DE -- Error 1706. An installation package for the product Roxio Creator DE cannot be found. Try the installation again using a valid copy of the installation package 'RCPCORE.msi'.

Event Record #/Type1784 / Warning
Event Submitted/Written: 05/04/2008 09:22:26 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}', feature 'SoleFeature' failed during request for component '{D7D326F6-4C51-4551-95FF-8F42C8A314D1}'

Event Record #/Type1783 / Warning
Event Submitted/Written: 05/04/2008 09:22:26 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}', feature 'SoleFeature', component '{A3308C5F-C546-4EDB-8C4B-539F285C5C4D}' failed. The resource 'C:\WINDOWS\system32\PxSFS.DLL' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7973 / Error
Event Submitted/Written: 05/05/2008 05:18:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type7950 / Error
Event Submitted/Written: 05/05/2008 05:12:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type7949 / Error
Event Submitted/Written: 05/05/2008 05:10:23 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type7948 / Error
Event Submitted/Written: 05/05/2008 05:08:07 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ADProt
AFD
APPDRV
AVG Anti-Spyware Driver
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SAVRT
SYMTDI
Tcpip

Event Record #/Type7947 / Error
Event Submitted/Written: 05/05/2008 05:08:07 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-05-05 18:19:00 ------------







Deckard's System Scanner v20071014.68
Run by gigi on 2008-05-05 18:16:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2008-05-06 01:16:51 UTC - RP68 - Deckard's System Scanner Restore Point
67: 2008-05-05 04:33:15 UTC - RP67 - Removed Sonic Activation Module
66: 2008-05-05 04:27:31 UTC - RP66 - Removed Roxio Update Manager
65: 2008-05-05 04:27:05 UTC - RP65 - Removed Roxio Express Labeler
64: 2008-05-05 04:26:20 UTC - RP64 - Removed Roxio Drag-to-Disc


-- First Restore Point --
1: 2008-04-11 03:10:52 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as gigi.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:55 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\gigi\desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\gigi\Desktop\gigi.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live μ?????3D - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [JdsEnglishSpirit] C:\Program Files\jdssoftware\wabdc8\flyenglishspirit.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10576 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\gigi\Desktop\backups\) ----------------

backup-20080505-172018-157 O4 - HKLM\..\Run: [KuGoo3] C:\PROGRA~1\KUGOO2~1\KuGoo.exe
backup-20080505-172018-281 O4 - HKLM\..\Run: [Windows木马防火墙] C:\Documents and Settings\gigi\Desktop\rj07091004\112777_Windows?????μ 8[1].8??????¢2?y???\www.asp1.com.cn\ftcsetup\Trojanwall.exe
backup-20080505-172018-687 O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\SSup.dll
backup-20080505-172018-886 O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
backup-20080505-172018-980 O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
backup-20080505-172018-981 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

.chm - chm.file - shell\open\command - "hh.exe" %1
.ini - inifile - shell\open\command - C:\WINDOWS\System32\NOTEPAD.EXE %1
.txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ADProt - c:\windows\system32\drivers\adprot.sys (file missing)
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 npkcrypt - c:\program files\tencent\qq\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>
R3 DXEC02 - c:\windows\system32\drivers\dxec02.sys <Not Verified; Knowles Acoustics; DXEC.02 Speech Enhancement>
R3 PTproct - c:\program files\dellautomatedpctuneup\gtaction\triggers\ptproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink ™ Fast Ethernet
Device ID: PCI\VEN_14E4&DEV_1713&SUBSYS_02271028&REV_02\4&1E93A591&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink ™ Fast Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1713&SUBSYS_02271028&REV_02\4&1E93A591&0&00E5
Service: b57w2k


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 736)
2007-03-16 02:10:48 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2007-08-28 14:06:28 1060864 --a------ C:\WINDOWS\system32\MFC71.DLL <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2007-08-28 14:06:30 348160 --a------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2007-08-28 14:06:28 499712 --a------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2003-03-18 20:44:38 57344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 976)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1048)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1088)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1184)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 1244)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\explorer.exe (pid 1620)
2008-04-21 20:17:25 6066176 --a------ C:\WINDOWS\system32\ieframe.dll <Not Verified; Microsoft Corporation; Windows? Internet Explorer>
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
2006-09-14 08:28:10 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
2007-09-07 15:46:08 98304 --a------ C:\Program Files\Dell\QuickSet\dadkeyb.dll
2007-09-23 20:12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll

C:\WINDOWS\system32\rundll32.exe (pid 576)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\rundll32.exe (pid 604)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\rundll32.exe (pid 1224)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 2732)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>

C:\WINDOWS\system32\svchost.exe (pid 488)
2008-01-22 15:15:02 99328 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>


-- Scheduled Tasks -------------------------------------------------------------

2008-05-02 14:19:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-06-28 15:22:45 0 d-------- C:\Program Files\Enigma Software Group
2008-06-28 14:26:57 0 d-------- C:\Documents and Settings\gigi\Application Data\TrojanHunter
2008-06-28 12:56:50 0 d-------- C:\Program Files\Iparmor
2008-06-28 12:55:00 0 d-------- C:\Documents and Settings\gigi\update
2008-06-28 12:44:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-28 12:31:00 0 d-------- C:\Documents and Settings\gigi\Application Data\TmpRecentIcons
2008-06-28 11:47:10 0 d-------- C:\WINDOWS\empty
2008-06-27 20:07:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-27 17:24:10 0 d-------- C:\Documents and Settings\gigi\Application Data\Reallusion
2008-06-27 17:24:09 0 d-------- C:\Documents and Settings\gigi\Application Data\tmp
2008-05-04 21:34:47 0 d-------- C:\Program Files\GB18030Tools
2008-05-04 21:34:46 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-04 21:33:53 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-04 21:33:38 0 d-------- C:\WINDOWS\system32\DLA
2008-05-04 21:33:36 0 d-------- C:\Program Files\Roxio
2008-05-04 11:46:32 0 d-------- C:\Program Files\jdssoftware
2008-05-04 11:34:19 0 d-------- C:\Documents and Settings\gigi\Application Data\WebCatcher
2008-05-03 17:27:30 0 d-------- C:\temp
2008-05-03 15:29:20 0 d-------- C:\WINDOWS\speech
2008-05-03 11:39:20 0 d-------- C:\WINDOWS\新托福词汇王
2008-05-02 21:34:58 5090 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-02 21:34:33 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-02 21:34:33 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-02 21:34:33 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-02 21:34:33 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-02 21:34:33 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-02 21:34:33 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-02 21:34:33 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-02 21:34:32 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-02 20:29:56 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 20:29:54 0 d-------- C:\Documents and Settings\gigi\Application Data\skypePM
2008-05-02 20:25:38 0 d-------- C:\Documents and Settings\gigi\Application Data\Skype
2008-05-02 20:25:17 0 d-------- C:\Program Files\Skype
2008-05-02 20:25:17 0 d-------- C:\Program Files\Common Files\Skype
2008-05-02 20:25:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-02 14:29:01 0 d-------- C:\KuGoo
2008-05-02 14:26:28 6096 --a------ C:\WINDOWS\LoginUsers.dat
2008-05-01 22:03:01 0 d-------- C:\Program Files\Universal
2008-04-30 16:07:25 0 d-------- C:\Program Files\Spyware Doctor
2008-04-30 16:07:25 0 d-------- C:\Documents and Settings\gigi\Application Data\PC Tools
2008-04-29 12:18:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-29 12:18:05 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-28 22:41:34 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-04-28 21:15:51 0 d-------- C:\WINDOWS\pss
2008-04-28 19:23:09 0 d-------- C:\Documents and Settings\gigi\Application Data\Grisoft
2008-04-28 19:22:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-28 19:18:58 0 d-------- C:\Documents and Settings\gigi\Application Data\MxBoost
2008-04-26 23:04:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-26 23:04:05 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-26 11:55:13 0 d-------- C:\Program Files\Microsoft Student
2008-04-26 11:54:36 0 d-------- C:\Program Files\Learning Essentials
2008-04-26 11:08:16 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 11:07:14 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-26 10:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-24 23:09:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-24 22:48:38 0 d-------- C:\Documents and Settings\gigi\Application Data\Apple Computer
2008-04-24 22:39:35 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-04-24 21:58:04 0 d-------- C:\Documents and Settings\gigi\Application Data\Mozilla
2008-04-24 21:49:55 0 d-------- C:\Program Files\QuickTime
2008-04-24 21:49:38 0 d-------- C:\Program Files\Apple Software Update
2008-04-24 21:49:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-24 21:40:37 0 d--h----- C:\Program Files\Zero G Registry
2008-04-24 21:40:37 0 d-------- C:\Program Files\Britannica 8.0
2008-04-24 21:38:45 0 d--h----- C:\Documents and Settings\gigi\InstallAnywhere
2008-04-24 12:41:31 0 d-------- C:\Program Files\Tudou
2008-04-22 14:24:02 0 d-------- C:\Program Files\EPSON
2008-04-22 08:25:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-19 10:46:28 7904 --a------ C:\WINDOWS\system32\BDGuardS.DAT
2008-04-19 10:46:28 1464 --a------ C:\WINDOWS\system32\BDGuard.DAT
2008-04-18 22:51:44 0 d-------- C:\Program Files\eREAD
2008-04-18 22:27:11 0 d-------- C:\Program Files\MSXML 4.0
2008-04-18 20:26:47 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-04-18 12:39:27 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-18 12:39:24 0 d-------- C:\Documents and Settings\gigi\Application Data\DAEMON Tools
2008-04-18 09:31:22 0 d-------- C:\WINDOWS\system32\Redist
2008-04-18 09:31:21 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-18 09:31:21 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-18 09:31:11 1712128 --a------ C:\WINDOWS\system32\GdiPlus.dll <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-04-18 09:30:53 0 d-------- C:\Program Files\Common Files\Kingsoft
2008-04-17 20:40:28 0 d-------- C:\Documents and Settings\gigi\Application Data\Real
2008-04-15 20:47:33 0 d-------- C:\Program Files\Common Files\Real
2008-04-15 20:46:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-04-15 20:46:55 0 d-------- C:\Documents and Settings\gigi\Application Data\Application Data
2008-04-15 20:46:36 0 d-------- C:\Program Files\StormII
2008-04-15 20:37:14 0 d-------- C:\Program Files\eMule
2008-04-13 09:28:01 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 21:54:50 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 21:54:50 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 21:54:50 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-12 21:54:50 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-12 21:54:49 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 21:54:47 0 d-------- C:\Documents and Settings\gigi\Application Data\Simply Super Software
2008-04-11 22:21:41 0 d-------- C:\WINDOWS\Sun
2008-04-11 22:21:41 0 d-------- C:\Documents and Settings\gigi\Application Data\Sun
2008-04-11 21:39:13 0 d-------- C:\Documents and Settings\gigi\Application Data\DataSafeOnline
2008-04-10 20:10:42 274800 --ahs---- C:\WINDOWS\system32\FffgPXbc.ini2
2008-04-08 22:02:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-07 07:38:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-05 08:39:41 0 d-------- C:\Downloads
2008-04-05 08:39:24 0 d-------- C:\Documents and Settings\gigi\Application Data\BITS
2008-04-05 08:38:47 0 d-------- C:\Program Files\FlashGet Network
2008-04-05 08:26:17 0 d-------- C:\Program Files\Symantec
2008-04-05 08:26:13 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-05 08:26:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 08:26:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 08:19:13 0 d-------- C:\Documents and Settings\gigi\Application Data\Kingsoft
2008-04-05 08:18:20 0 d-------- C:\Program Files\Kingsoft
2008-04-05 07:59:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SogouPY
2008-04-05 07:59:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SogouPY.users


-- Find3M Report ---------------------------------------------------------------

2008-06-28 15:17:06 51528 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-28 13:03:31 0 d-------- C:\Program Files\Google
2008-06-28 13:03:31 0 d-------- C:\Program Files\Creative
2008-06-28 12:47:00 0 d-------- C:\Program Files\Dell
2008-06-27 17:45:46 0 d-------- C:\Documents and Settings\gigi\Application Data\Adobe
2008-06-27 15:16:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-27 12:01:20 0 d-------- C:\Program Files\Java
2008-06-27 11:51:17 0 d-------- C:\Documents and Settings\gigi\Application Data\QQDoctor
2008-05-04 21:35:35 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-04 21:34:49 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-04 21:34:46 0 d-------- C:\Program Files\Common Files
2008-05-04 11:47:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 16:39:29 2110 --a------ C:\Documents and Settings\gigi\Application Data\wklnhst.dat
2008-04-26 14:45:50 0 d-------- C:\Documents and Settings\gigi\Application Data\Google
2008-04-23 19:51:53 0 d-------- C:\Documents and Settings\gigi\Application Data\SogouPY
2008-04-18 20:33:39 0 d-------- C:\Documents and Settings\gigi\Application Data\Macromedia
2008-04-05 08:56:16 0 d-------- C:\Documents and Settings\gigi\Application Data\QQUpdate
2008-04-04 22:38:05 0 d-------- C:\Documents and Settings\gigi\Application Data\QQ
2008-04-04 22:38:03 0 d-------- C:\Program Files\Tencent
2008-04-04 22:38:03 0 d-------- C:\Documents and Settings\gigi\Application Data\Tencent
2008-04-04 22:13:15 0 d-------- C:\Program Files\SogouInput
2008-04-04 22:13:08 0 d-------- C:\Documents and Settings\gigi\Application Data\SogouPY.users
2008-04-04 21:32:29 0 d-------- C:\Program Files\Windows Live
2008-04-04 21:32:17 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 16:13:53 0 d-------- C:\Documents and Settings\gigi\Application Data\MSNInstaller
2008-04-01 14:40:09 0 d-------- C:\Documents and Settings\gigi\Application Data\CyberLink
2008-04-01 14:23:46 0 d--h----- C:\Documents and Settings\gigi\Application Data\GTek
2008-04-01 13:48:19 0 d-------- C:\Documents and Settings\gigi\Application Data\Dell
2008-04-01 13:01:54 0 d-------- C:\Documents and Settings\gigi\Application Data\Template
2008-04-01 12:42:47 0 d-------- C:\Documents and Settings\gigi\Application Data\Roxio
2008-04-01 12:31:50 0 d-------- C:\Documents and Settings\gigi\Application Data\Creative
2008-03-28 11:29:13 0 d-------- C:\Program Files\Microsoft Works
2008-03-28 11:28:43 0 d-------- C:\Program Files\DellAutomatedPCTuneUp
2008-03-28 11:27:57 0 d-------- C:\Program Files\MSECache
2008-03-28 11:27:04 0 d-------- C:\Program Files\CyberLink
2008-03-28 11:26:08 0 d-------- C:\Program Files\Dell Support Center
2008-03-28 11:26:05 0 d-------- C:\Program Files\Common Files\supportsoft
2008-03-28 11:26:01 0 d-------- C:\Program Files\Dell DataSafe Online
2008-03-28 11:24:54 0 d-------- C:\Program Files\Dell Network Assistant
2008-03-28 11:22:37 0 d-------- C:\Program Files\Sigmatel
2008-03-28 11:21:02 0 d-------- C:\Program Files\CONEXANT
2008-03-28 11:20:10 0 d-------- C:\Program Files\Digital Line Detect
2008-03-28 11:20:07 0 d-------- C:\Program Files\NetWaiting
2008-03-28 11:20:02 0 d-------- C:\Program Files\Modem Diagnostic Tool
2008-03-28 11:19:17 0 d-------- C:\Program Files\Common Files\Reallusion
2008-03-28 11:19:13 0 d-------- C:\Program Files\Common Files\Creative
2008-03-28 11:19:09 0 d-------- C:\Program Files\Creative Live! Cam
2008-03-28 11:18:36 0 d-------- C:\Documents and Settings\gigi\Application Data\InstallShield
2008-03-28 11:17:21 0 d-------- C:\Program Files\Messenger
2008-03-28 11:16:30 0 d-------- C:\Program Files\Common Files\Java
2008-03-28 11:15:14 0 d-------- C:\Program Files\MSXML 6.0
2008-03-28 11:02:52 0 d-------- C:\Program Files\DellTPad


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-12C9-4305-82F9-43058F20E8D2}]
04/20/2008 10:11 PM 255296 --a------ C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
04/05/2008 04:54 AM 104008 --a------ C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
03/10/2008 10:08 AM 81920 --a------ C:\Program Files\eREAD\eREAD\WebHook.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [09/23/2007 05:27 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/23/2007 08:12 PM]
"nwiz"="nwiz.exe" [09/23/2007 08:12 PM C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [09/23/2007 08:12 PM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/23/2007 08:12 PM]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [08/28/2007 01:54 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 02:10 AM]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [07/27/2007 02:43 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [09/07/2007 03:49 PM]
"SigmatelSysTrayApp"="stsystra.exe" [09/16/2007 01:44 PM C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [01/17/2008 07:41 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [02/13/2008 05:21 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [11/01/2007 01:39 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/05/2004 07:25 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04/19/2004 04:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/2007 10:54 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" [06/11/2007 02:25 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"JdsEnglishSpirit"="C:\Program Files\jdssoftware\wabdc8\flyenglishspirit.exe" []
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [08/17/2006 09:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" [10/11/2007 07:49 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [02/13/2008 05:21 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [12/02/2007 02:30 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 02:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-05-05 18:19:00 ------------

#18 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 05 May 2008 - 08:33 PM

after I run the spy doctor and AVG and spyhunter scan , no virus any more. my laptop performed well expect for the IE problem.

#19 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 05 May 2008 - 09:37 PM

Hi jpshortstuff~~ Thank u again to deal with my laptop problems~~~ :thumbup: I just opened a new topic in the " Browsers, Internet and email" section , cause I think the menber who help sb is specilizing in one field surprisingly , Tomk told me u could continue helping with this IE problem. So , I will still be here, waiting for ur help. ^_^ and, be patient.

#20 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 06 May 2008 - 10:14 AM

Hi

You appear to have Internet Explorer 7 installed, please use that to run the Panda Activescan.

To repair the faulty file associations, please do the following:

  • Make sure that DSS.exe is located on your Desktop.
  • Click on your START button, then choose Run. A little box will appear.
  • Now copy and paste all the following in bold (including the "" marks into the run box and click OK.

    "%userprofile%\desktop\dss.exe" /daft

  • This will start DSS in a different way. A small window will appear.
  • Click on the Scan button.
  • If it finds faulty file associations, they will appear in red beside a checkbox. If this occurs, just place a tick in the boxes in question. (Note: If you have set any of these associations yourself you can omit the from the fix).
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt.
Post the contents of that logfile with your next post.

After you have run the Panda scan, please post the report along with a new HijackThis log. Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.

A question for you:
You appear to be running Symantec Software - could you please tell me what version/type you are running?

Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#21 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 06 May 2008 - 04:05 PM

DAFT Log saved on 2008-05-06 15:01:33 ----------------------------------------------------------------------- All associations okay!

#22 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 06 May 2008 - 04:17 PM

hi I have problems in using IE7 ,so I cant run the Panda Activescan. that's a big problem! and I decrided this problem in the " Browsers, Internet and email" section u can click my name and find my topic there. thanks ps my symantec antivirus is 9.0.0.338, and there are 15 items in its quarantine

#23 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 06 May 2008 - 06:26 PM

Hi

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here, along with a new HijackThis log.
Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#24 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 07 May 2008 - 12:47 PM

I dont know what happend when it currently sacn c:\...OTMoveIt\Moved files\05052008-172959\WINDOWS\system\drivers\prfnifp.sys it didnt go on scanning , but the objects infected number increase to 2005,and go on increasing...... I restart it , but same thing happened.

#25 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 08 May 2008 - 11:00 AM

Hi

How long did you leave the tool running for? Did you happen to catch the type of infection on any of those infected objects?

We need to disable security programs before continuing.

AVG Anti-Spyware
  • Launch AVG Anti-Spyware.
  • From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
Spyware Doctor
  • Click the Spyware Doctor icon in the System Tray.
  • Click Settings.
  • Click Startup Settings under Pick a Category.
  • Uncheck "Run at Windows startup".
  • Click Apply and Exit Spyware Doctor.
  • From within Spyware Doctor, click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".
  • (When we are done, you can reenable Spyware Doctor)
Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

    Advertisements

Register to Remove


#26 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 09 May 2008 - 11:28 AM

HI:

i didnt catch the the type of infection ...sorry

and, the combofix make my laptop hanged 4times!!!

but finally, I make it.

ComboFix 08-05-07.1 - gigi 2008-05-09 10:18:23.3 - NTFSx86
Running from: C:\Documents and Settings\gigi\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\FffgPXbc.ini2
.
---- Previous Run -------
.
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\sexit.dat

.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-06-28 15:22 . 2008-06-28 15:22 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-28 14:26 . 2008-06-28 14:26 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\TrojanHunter
2008-06-28 12:56 . 2008-06-28 13:00 <DIR> d-------- C:\Program Files\Iparmor
2008-06-28 12:55 . 2008-06-28 12:55 <DIR> d-------- C:\Documents and Settings\gigi\update
2008-06-28 12:51 . 2001-01-17 07:01 260,096 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-06-28 12:51 . 2000-12-06 00:00 211,968 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-28 12:51 . 2000-05-22 00:00 117,248 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-28 12:44 . 2008-06-28 13:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-28 12:31 . 2008-04-28 20:33 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\TmpRecentIcons
2008-06-28 11:47 . 2008-06-28 11:47 <DIR> d-------- C:\WINDOWS\empty
2008-06-27 17:24 . 2008-06-27 17:24 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\tmp
2008-06-27 17:24 . 2008-06-27 17:24 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Reallusion
2008-06-27 12:01 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-06 23:12 . 2008-05-06 23:12 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Malwarebytes
2008-05-06 23:11 . 2008-05-06 23:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 23:11 . 2008-05-06 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-06 23:11 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 23:11 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-05 19:40 . 2008-05-07 17:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-05 19:40 . 2008-05-05 19:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-05 17:29 . 2008-05-05 17:29 <DIR> d-------- C:\_OTMoveIt
2008-05-04 21:34 . 2008-05-04 21:34 <DIR> d-------- C:\Program Files\GB18030Tools
2008-05-04 21:34 . 2008-05-04 21:34 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-04 21:33 . 2008-05-04 21:37 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-05-04 21:33 . 2008-05-04 21:33 <DIR> d-------- C:\Program Files\Roxio
2008-05-04 21:33 . 2008-05-04 21:33 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-04 21:33 . 2006-07-21 11:21 99,176 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-05-04 21:33 . 2006-08-18 13:17 92,920 --a------ C:\WINDOWS\DLA.EXE
2008-05-04 21:33 . 2006-08-18 13:17 56,056 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2008-05-04 21:33 . 2006-08-11 11:05 51,768 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-05-04 21:33 . 2006-08-11 10:35 28,184 --a------ C:\WINDOWS\system32\drivers\DLARTL_M.SYS
2008-05-04 21:33 . 2006-08-11 10:35 12,920 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-05-04 11:46 . 2008-05-04 11:46 <DIR> d-------- C:\Program Files\jdssoftware
2008-05-04 11:34 . 2008-05-04 11:34 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\WebCatcher
2008-05-03 17:27 . 2008-05-03 17:27 <DIR> d-------- C:\temp
2008-05-03 17:27 . 2008-05-03 17:27 1,409 --a------ C:\WINDOWS\system\ksphonet.fot
2008-05-03 15:29 . 2008-05-03 15:29 <DIR> d-------- C:\WINDOWS\speech
2008-05-03 15:29 . 2008-05-03 15:29 288 --a------ C:\WINDOWS\ODBC.INI
2008-05-03 11:39 . 2008-05-03 11:39 <DIR> d-------- C:\WINDOWS\新托福词汇王
2008-05-02 21:44 . 2008-05-02 21:44 <DIR> d-------- C:\Deckard
2008-05-02 21:34 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-02 21:34 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-02 21:34 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-02 21:34 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-02 21:34 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-02 21:34 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-02 21:34 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-02 21:34 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-02 21:34 . 2008-05-05 17:07 5,090 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-02 20:29 . 2008-05-03 09:57 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\skypePM
2008-05-02 20:29 . 2008-05-02 20:29 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-02 20:25 . 2008-05-02 20:25 <DIR> d-------- C:\Program Files\Skype
2008-05-02 20:25 . 2008-05-02 20:25 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-02 20:25 . 2008-05-03 09:57 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Skype
2008-05-02 20:25 . 2008-05-02 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-02 14:29 . 2008-05-02 14:29 <DIR> d-------- C:\KuGoo
2008-05-02 14:26 . 2007-08-14 09:21 503,808 --a------ C:\WINDOWS\system32\KuGoo3DownXControl.ocx
2008-05-02 14:26 . 2008-05-02 14:33 33,280 --a------ C:\WINDOWS\LoginUsers.idx
2008-05-02 14:26 . 2008-05-02 14:33 6,096 --a------ C:\WINDOWS\LoginUsers.dat
2008-05-02 14:26 . 2008-05-02 14:26 25 --ah----- C:\WINDOWS\dbisam.lck
2008-05-01 22:03 . 2008-05-01 22:03 <DIR> d-------- C:\Program Files\Universal
2008-04-30 16:07 . 2008-05-05 01:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-30 16:07 . 2008-04-30 16:07 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\PC Tools
2008-04-30 16:07 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-30 16:07 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-30 16:07 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-30 16:07 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-29 12:18 . 2008-05-09 10:07 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-29 12:18 . 2008-04-29 12:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-28 22:41 . 2008-04-28 22:41 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-04-28 19:23 . 2008-04-28 19:23 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Grisoft
2008-04-28 19:22 . 2008-04-28 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-28 19:22 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-28 19:18 . 2008-04-28 22:43 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\MxBoost
2008-04-26 23:04 . 2008-04-26 23:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-26 23:04 . 2008-04-26 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-26 11:55 . 2008-04-26 11:58 <DIR> d-------- C:\Program Files\Microsoft Student
2008-04-26 11:54 . 2008-04-26 11:54 <DIR> d-------- C:\Program Files\Learning Essentials
2008-04-26 11:54 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-04-26 11:08 . 2008-04-26 11:08 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 11:08 . 2006-10-04 07:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-26 11:08 . 2006-10-04 07:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-26 11:08 . 2006-10-04 07:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-26 11:07 . 2008-04-26 11:07 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-26 10:14 . 2008-04-26 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-24 22:48 . 2008-04-24 22:48 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Apple Computer
2008-04-24 21:49 . 2008-04-24 21:50 <DIR> d-------- C:\Program Files\QuickTime
2008-04-24 21:49 . 2008-04-24 21:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-24 21:49 . 2008-04-24 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-24 21:40 . 2008-04-24 21:40 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-04-24 21:40 . 2008-04-24 21:52 <DIR> d-------- C:\Program Files\Britannica 8.0
2008-04-24 21:38 . 2008-04-24 21:38 <DIR> d--h----- C:\Documents and Settings\gigi\InstallAnywhere
2008-04-24 12:41 . 2008-04-24 12:41 <DIR> d-------- C:\Program Files\Tudou
2008-04-22 14:24 . 2008-04-22 14:24 <DIR> d-------- C:\Program Files\EPSON
2008-04-22 14:24 . 2002-09-02 23:02 166,400 --a------ C:\WINDOWS\system32\EBAPI3.DLL
2008-04-22 14:24 . 2002-02-28 23:00 69,120 --a------ C:\WINDOWS\system32\EAL.EXE
2008-04-22 14:24 . 2002-06-26 23:02 60,969 --a------ C:\WINDOWS\system32\EBPMON3.DLL
2008-04-22 14:24 . 2002-02-28 23:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-04-22 14:24 . 2000-06-06 23:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-04-22 14:24 . 2001-03-08 08:23 145 --a------ C:\WINDOWS\system32\EBPPORT3.DAT
2008-04-22 14:21 . 2008-04-22 14:21 91,002 --a------ C:\WINDOWS\EPSTPLOG.BAK
2008-04-22 14:14 . 2004-08-03 21:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-22 14:14 . 2004-08-03 21:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-22 08:25 . 2008-04-26 11:07 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-20 20:00 . 2007-03-20 09:26 227 --a------ C:\WINDOWS\sosuo.col
2008-04-19 10:46 . 2008-04-19 10:46 7,904 --a------ C:\WINDOWS\system32\BDGuardS.DAT
2008-04-19 10:46 . 2008-04-19 10:46 1,464 --a------ C:\WINDOWS\system32\BDGuard.DAT
2008-04-18 22:51 . 2008-04-18 22:51 <DIR> d-------- C:\Program Files\eREAD
2008-04-18 22:27 . 2008-04-18 22:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-18 20:34 . 2000-09-08 09:00 24,480 -ra------ C:\WINDOWS\system\Ksphonet.ttf
2008-04-18 20:26 . 2008-04-18 21:13 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-18 12:39 . 2008-04-18 12:39 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\DAEMON Tools
2008-04-18 12:39 . 2008-04-18 12:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-18 09:30 . 2008-04-18 09:30 <DIR> d-------- C:\Program Files\Common Files\Kingsoft
2008-04-15 20:47 . 2008-04-15 20:47 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-15 20:46 . 2008-04-22 08:25 <DIR> d-------- C:\Program Files\StormII
2008-04-15 20:46 . 2008-04-15 20:46 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Application Data
2008-04-15 20:46 . 2008-04-29 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-04-15 20:37 . 2008-05-04 11:42 <DIR> d-------- C:\Program Files\eMule
2008-04-13 09:28 . 2008-04-13 09:28 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-12 21:54 . 2008-04-12 21:54 <DIR> d-------- C:\Documents and Settings\gigi\Application Data\Simply Super Software
2008-04-12 21:54 . 2006-05-25 13:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-12 21:54 . 2003-02-02 18:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-12 21:54 . 2005-08-25 23:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-12 21:54 . 2002-03-05 23:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 20:03 --------- d-----w C:\Program Files\Google
2008-06-28 20:03 --------- d-----w C:\Program Files\Creative
2008-06-28 19:47 --------- d-----w C:\Program Files\Dell
2008-06-27 22:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-27 19:01 --------- d-----w C:\Program Files\Java
2008-06-27 18:51 --------- d-----w C:\Documents and Settings\gigi\Application Data\QQDoctor
2008-05-09 17:17 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-09 08:58 --------- d-----w C:\Documents and Settings\gigi\Application Data\BITS
2008-05-09 05:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 04:35 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-05 04:34 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-04 18:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 23:39 2,110 ----a-w C:\Documents and Settings\gigi\Application Data\wklnhst.dat
2008-04-24 02:51 --------- d-----w C:\Documents and Settings\gigi\Application Data\SogouPY
2008-04-18 16:33 --------- d-----w C:\Program Files\Kingsoft
2008-04-15 03:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-10 04:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-05 15:56 --------- d-----w C:\Documents and Settings\gigi\Application Data\QQUpdate
2008-04-05 15:38 --------- d-----w C:\Program Files\FlashGet Network
2008-04-05 15:26 --------- d-----w C:\Program Files\Symantec
2008-04-05 15:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-05 15:19 --------- d-----w C:\Documents and Settings\gigi\Application Data\Kingsoft
2008-04-05 14:59 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\SogouPY.users
2008-04-05 14:59 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\SogouPY
2008-04-05 05:38 --------- d-----w C:\Program Files\Tencent
2008-04-05 05:38 --------- d-----w C:\Documents and Settings\gigi\Application Data\Tencent
2008-04-05 05:38 --------- d-----w C:\Documents and Settings\gigi\Application Data\QQ
2008-04-05 05:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SogouPY.users
2008-04-05 05:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SogouPY
2008-04-05 05:13 --------- d-----w C:\Program Files\SogouInput
2008-04-05 05:13 --------- d-----w C:\Documents and Settings\gigi\Application Data\SogouPY.users
2008-04-05 04:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-05 04:32 --------- d-----w C:\Program Files\Windows Live
2008-04-05 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 03:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-04-02 23:13 --------- d-----w C:\Documents and Settings\gigi\Application Data\MSNInstaller
2008-04-01 21:40 --------- d-----w C:\Documents and Settings\gigi\Application Data\CyberLink
2008-04-01 21:23 --------- d--h--w C:\Documents and Settings\gigi\Application Data\GTek
2008-04-01 20:48 --------- d-----w C:\Documents and Settings\gigi\Application Data\Dell
2008-04-01 20:01 --------- d-----w C:\Documents and Settings\gigi\Application Data\Template
2008-04-01 19:42 --------- d-----w C:\Documents and Settings\gigi\Application Data\Roxio
2008-04-01 19:31 --------- d-----w C:\Documents and Settings\gigi\Application Data\Creative
2008-03-28 18:29 --------- d-----w C:\Program Files\Microsoft Works
2008-03-28 18:28 --------- d--h--w C:\WINDOWS\system32\config\systemprofile\Application Data\GTek
2008-03-28 18:28 --------- d-----w C:\Program Files\DellAutomatedPCTuneUp
2008-03-28 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2008-03-28 18:27 --------- d-----w C:\Program Files\MSECache
2008-03-28 18:27 --------- d-----w C:\Program Files\CyberLink
2008-03-28 18:26 --------- d-----w C:\Program Files\Dell Support Center
2008-03-28 18:26 --------- d-----w C:\Program Files\Dell DataSafe Online
2008-03-28 18:26 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-03-28 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-28 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-28 18:24 --------- d-----w C:\Program Files\Dell Network Assistant
2008-03-28 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\SingleClick Systems
2008-03-28 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-28 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-28 18:22 --------- d-----w C:\Program Files\Sigmatel
2008-03-28 18:21 --------- d-----w C:\Program Files\CONEXANT
2008-03-28 18:20 --------- d-----w C:\Program Files\NetWaiting
2008-03-28 18:20 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-03-28 18:20 --------- d-----w C:\Program Files\Digital Line Detect
2008-03-28 18:19 --------- d-----w C:\Program Files\Creative Live! Cam
2008-03-28 18:19 --------- d-----w C:\Program Files\Common Files\Reallusion
2008-03-28 18:19 --------- d-----w C:\Program Files\Common Files\Creative
2008-03-28 18:18 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2008-03-28 18:18 --------- d-----w C:\Documents and Settings\gigi\Application Data\InstallShield
2008-03-28 18:16 --------- d-----w C:\Program Files\Common Files\Java
2008-03-28 18:15 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-28 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-28 18:03 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-03-28 18:02 --------- d-----w C:\Program Files\DellTPad
2008-03-28 17:57 7,265 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_VOS_VOSTRO_1400.mrk
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 23:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.
<pre>
----a-w			98,606 2008-01-05 01:59:20  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\AVGantiSpyware7.5.1.43-3399-path .exe
</pre>


------- Sigcheck -------

2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 10:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-12C9-4305-82F9-43058F20E8D2}]
2008-04-20 22:11 255296 --a------ C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
2008-04-05 04:54 104008 --a------ C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-03-10 10:08 81920 --a------ C:\Program Files\eREAD\eREAD\WebHook.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 07:49 465136]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 17:21 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Dell DataSafe Scheduler"="C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" [2007-12-02 14:30 308464]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 02:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-23 17:27 159744]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-23 20:12 8466432]
"nwiz"="nwiz.exe" [2007-09-23 20:12 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-09-23 20:12 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-23 20:12 81920]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 13:54 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 02:10 1392640]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 14:43 118784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-09-07 15:49 1236992]
"SigmatelSysTrayApp"="stsystra.exe" [2007-09-16 13:44 405504 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-17 19:41 17920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 17:21 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 13:39 189736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-04-05 07:25 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-04-19 16:07 124160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"JdsEnglishSpirit"="C:\Program Files\jdssoftware\wabdc8\flyenglishspirit.exe" [ ]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"stup.exe"="C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll" [2008-03-27 07:42 173376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 04:00 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe"=
"C:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdate.exe"=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe"=
"C:\\Program Files\\Tencent\\QQ\\QQ.exe"=
"C:\\Program Files\\Tencent\\QQ\\QZone\\Qzone.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\StormII\\Storm.exe"=
"C:\\Program Files\\StormII\\stormliv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe"=
"C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 21:19:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 10:19:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-09 10:20:32
ComboFix-quarantined-files.txt 2008-05-09 17:20:21

Pre-Run: 81,920,368,640 bytes free
Post-Run: 81,908,592,640 bytes free

327 --- E O F --- 2008-06-28 20:18:45

Edited by kaitlyn L, 09 May 2008 - 11:37 AM.


#27 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 09 May 2008 - 11:34 AM

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:23 AM, on 5/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\StormII\stormliv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\STacSV.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\WINDOWS\OEM02Mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\Program Files\Kingsoft\Powerword 2007\xdict.exe C:\Program Files\Tencent\QQ\QQ.exe C:\Program Files\Tencent\QQ\TXPlatform.exe C:\Documents and Settings\gigi\Desktop\hijackthis.exe O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live μ?????3D - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [JdsEnglishSpirit] C:\Program Files\jdssoftware\wabdc8\flyenglishspirit.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: 使用快车(Flas&hGet)下载 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm O8 - Extra context menu item: 使用快车(Flash&Get)下载全部链接 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10279 bytes

#28 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 10 May 2008 - 11:03 AM

Hi

Please disable AVG and Spyware Doctor as before.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

DirLook::
C:\WINDOWS\新托福词汇王
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JdsEnglishSpirit"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt.

Open HijackThis. Hit Do A System Scan Only. Place a check next to the following items (if present):
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present


Close all browsers and windows except for HijackThis and click Fix Checked.


Any changes to your computer's behavior? Please post a new HijackThis log as well.

Thanks.

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#29 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 10 May 2008 - 07:56 PM

everytime I run combofix . exe , my laptop is frozen!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! after trying to run it 3 times , I gave up. sorry .....

#30 kaitlyn L

kaitlyn L

    Authentic Member

  • Authentic Member
  • PipPip
  • 27 posts

Posted 10 May 2008 - 07:57 PM

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:51, on 2008-05-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\StormII\stormliv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\SogouInput\ImeUtil.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\STacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\OEM02Mon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineTrayIcon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\gigi\Desktop\hijackthis.exe O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD\eREAD\WebHook.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live μ?????3D - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [JdsEnglishSpirit] C:\Program Files\jdssoftware\wabdc8\flyenglishspirit.exe O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\CRavgas.exe" /minimized O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Dell DataSafe Scheduler] "C:\Program Files\Dell DataSafe Online\Bin\DataSafeOnlineScheduler.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: 使用快车(Flas&hGet)下载 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm O8 - Extra context menu item: 使用快车(Flash&Get)下载全部链接 - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 10366 bytes

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users