Done and here are the new logs. Same as previous, so far I did not see the problem yet but I will monitor for some days and update you once it happens again. Thx!
=====================================================
ComboFix 08-05-15.3 - Ryan 2008-05-26 23:22:21.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.1.1028.18.1201 [GMT 8:00]
執行位置?: C:\Software\ComboFix.exe
Command switches used :: D:\Ryan\PC Problem\CFScript.txt
* 已建立新的還原點
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\swk.ini
.
(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\swk.ini
.
(((((((((((((((((((((((((((( 2008-04-26 - 2008-05-26 之間建立的檔案 )))))))))))))))))))))))))))))))))
.
2008-05-25 10:10 . 2008-05-25 10:10 <DIR> d-------- C:\Program Files\ffdshow
2008-05-25 10:10 . 2008-05-24 10:55 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-05-25 10:10 . 2008-05-24 10:55 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-25 10:10 . 2008-05-24 10:55 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-24 23:05 . 2008-05-24 23:05 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-19 00:54 . 2008-05-19 00:54 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-17 20:41 . 2008-05-17 20:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 20:41 . 2008-05-17 20:41 <DIR> d-------- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
2008-05-17 20:41 . 2008-05-17 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 20:41 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 20:41 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-14 22:47 . 2008-05-14 22:47 244 --ah----- C:\sqmnoopt02.sqm
2008-05-14 22:47 . 2008-05-14 22:47 232 --ah----- C:\sqmdata02.sqm
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 15:24 --------- d-----w C:\Documents and Settings\Ryan\Application Data\DNA
2008-05-26 00:41 2,071,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-26 00:41 182,341,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-25 14:28 --------- d-----w C:\Program Files\Winamp Toolbar
2008-05-25 14:28 --------- d-----w C:\Documents and Settings\Ryan\Application Data\BitTorrent
2008-05-25 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-24 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 14:50 --------- d-----w C:\Program Files\Winamp Remote
2008-05-24 01:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 01:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-20 16:05 5,621,047 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-19 14:18 --------- d-----w C:\Program Files\ZoneAlarmSB
2008-05-17 14:22 --------- d-----w C:\Program Files\BitTorrent
2008-05-16 00:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 00:16 --------- d-----w C:\Documents and Settings\Ryan\Application Data\AdobeUM
2008-05-15 00:01 2,769,408 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-05-15 00:01 2,156,544 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-05-14 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-06 13:35 201,216 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-05-06 13:35 2,141,696 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-05-06 00:01 2,842,112 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-05-06 00:01 2,141,184 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-04-26 14:56 2,302,976 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-04-26 14:56 2,131,456 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-04-23 14:22 2,650,112 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-04-23 14:22 2,129,920 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-04-21 14:25 --------- d-----w C:\Documents and Settings\Ryan\Application Data\ICAClient
2008-04-21 13:54 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks
2008-04-21 13:53 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Juniper Networks
2008-04-21 13:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Juniper Networks
2008-04-21 13:51 --------- d-----w C:\Program Files\Citrix
2008-04-21 13:48 --------- d-----w C:\Program Files\Juniper Networks
2008-04-21 13:48 --------- d-----w C:\Documents and Settings\Ryan\Application Data\Juniper Networks
2008-04-20 17:44 --------- d-----w C:\Program Files\MP4 Player
2008-04-14 14:51 2,939,904 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-04-14 14:51 2,106,880 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-04-12 11:16 --------- d-----w C:\Documents and Settings\Ryan\Application Data\ImgBurn
2008-04-12 08:19 --------- d-----w C:\Program Files\ImgBurn
2008-03-25 04:49 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:49 158,496 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:03 1,844,864 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 15:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 15:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-19_ 1.00.55.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 11:02:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-26 14:03:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-26 14:03:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4f8.dat
+ 2008-05-26 14:04:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [ ]
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:16 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43 90112]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2004-05-06 12:13 221696]
"Power2GoExpress"="C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-03-06 11:22 2475568]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 21:13 289088]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 21:00 639488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:31 208952]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 00:34 579584]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-10-22 07:09 24576]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 17:08 16342528 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 08:05 200704]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 20:41 2037352]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 18:23 341488]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-12 09:16 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 22:50 219136]
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27266:TCP"= 27266:TCP:BitComet 27266 TCP
"27266:UDP"= 27266:UDP:BitComet 27266 UDP
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"50001:TCP"= 50001:TCP:BitComet 50001 TCP
"50001:UDP"= 50001:UDP:BitComet 50001 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 NEOFLTR_550_11711;Juniper Networks TDI Filter Driver (NEOFLTR_550_11711);C:\WINDOWS\system32\Drivers\NEOFLTR_550_11711.SYS [2007-04-11 10:24]
R2 ATIWebPAM;ATI WebPAM;"C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe" -s wrapper.conf []
R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2007-10-22 07:09]
R3 RTHDMIAzAudService;Service for HDMI;C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 09:12]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-10-22 21:49]
.
排程工作資料夾的內容
"2008-05-26 15:11:01 C:\WINDOWS\Tasks\查看 Windows Live Toolbar 的更新資訊.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-26 23:25:24
Windows 5.1.2600 Service Pack 2 NTFS
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
folder error: C:\Documents and Settings\Ryan\「開始」功能表\程式集\啟動\
folder error: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
掃描完成
隱藏檔案?: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32"
.
完成時間?: 2008-05-26 23:26:28
ComboFix-quarantined-files.txt 2008-05-26 15:26:24
ComboFix2.txt 2008-05-20 16:34:21
ComboFix3.txt 2008-05-19 14:21:30
ComboFix4.txt 2008-05-18 17:01:15
11 個目錄 1,762,390,016 位元組可用
15 個目錄 1,919,229,952 位元組可用
184 --- E O F --- 2008-05-16 18:08:53
=====================================================
Logfile of HijackThis v1.99.1
Scan saved at 23:29:16, on 26/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI\WebPAM\_jvm\bin\java.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Alcohol Soft\Alcohol 120\alcohol.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [alcohol_.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\alcohol_.exe /startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\alcohol.exe /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 在新的前景索引標籤中開啟 - res://C:\Program Files\Windows Live Toolbar\Components\zh-hk\msntabres.dll.mui/230?5141d3746377489597f180bf6b20508d
O8 - Extra context menu item: 在新的背景索引標籤中開啟 - res://C:\Program Files\Windows Live Toolbar\Components\zh-hk\msntabres.dll.mui/229?5141d3746377489597f180bf6b20508d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\juniper networks\secure application manager\samnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\juniper networks\secure application manager\samnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe" -s wrapper.conf (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe