Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Search File goes to hijacked ie web page


Recommended Posts

Posted

When I try to use Search function (by clicking Start and Search), a hijacked Windows Internet Explorer redirected to a website. This problem happens before I have the chance to select the option under "what do you want to search for?"

 

This problem does not occur if launch IE from the IE icon. I tried to fix this problem by using Microsoft Security Essential, Advanced SystemCare's malware scan and Malware Fighter 3.0 beta. All of these software fail to locate the problem.

 

Please help to fix the issue. Thanks in advance.

 

Regards,

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

****************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*******************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

Posted

Thanks Superdave for your inputs...

 

Here is the log from SuperAntispware:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 06/07/2011 at 09:16 PM

 

Application Version : 4.53.1000

 

Core Rules Database Version : 7226

Trace Rules Database Version: 5038

 

Scan type : Complete Scan

Total Scan Time : 01:27:09

 

Memory items scanned : 550

Memory threats detected : 0

Registry items scanned : 9588

Registry threats detected : 2

File items scanned : 34230

File threats detected : 51

 

Trojan.Agent/Gen-Sino[TAO]

HKU\S-1-5-21-3472770984-2411261846-4188912960-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01443AEC-0FD1-40FD-9C87-E93D1494C233}

HKCR\CLSID\{01443AEC-0FD1-40FD-9C87-E93D1494C233}

 

Adware.Tracking Cookie

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftsto.112.2o7[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adtechus[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@segment-pixel.invitemedia[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda.at.atwola[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@legolas-media[1].txt

ads2.msads.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\8FXXL8M6 ]

.doubleclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.ru4.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.mm.chitika.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.kontera.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.legolas-media.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.legolas-media.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.invitemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

ad.yieldmanager.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.media6degrees.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.statcounter.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.visitvictoriacounty.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.visitvictoriacounty.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.casalemedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

.adcentriconline.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

http://www.googleadservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\cookies.sqlite ]

Posted

Log produced by Malwarebytes' AntiNalware:

 

Log produced by Malwarebytes' AntiNalware:

 

Malwarebytes' Anti-Malware 1.51.0.1200

http://www.malwarebytes.org

 

Database version: 6806

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

08/06/2011 1:58:40 AM

mbam-log-2011-06-08 (01-58-40).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 292816

Time elapsed: 1 hour(s), 41 minute(s), 11 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Posted

DDS.txt

 

.

DDS (Ver_2011-06-03.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by HP_Administrator at 7:14:21 on 2011-06-08

Microsoft Windows XP Professional 5.1.2600.3.950.886.1033.18.959.231 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Nero\Tools\InCD\InCDSrv.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\WINDOWS\arservice.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\HP\KBD\KBD.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Nero\Tools\InCD\NBHGui.exe

C:\Program Files\Nero\Tools\InCD\InCD.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\IObit\Advanced SystemCare 4\Asc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [NBHGui] c:\program files\nero\tools\incd\NBHGui.exe

mRun: [inCD] c:\program files\nero\tools\incd\InCD.exe

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: kuaiche.com\software

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://help.live.com/ContactUs/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{596A5114-F932-4284-A45F-5CB8C6899441} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ivcx6fm8.default\

FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ivcx6fm8.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll

FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(196).dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\windows media player\np-mswmp.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker

FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-5 13496]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]

R1 MpKsl9a10b7db;MpKsl9a10b7db;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f91242d-172d-4285-b521-a02a010f55f4}\MpKsl9a10b7db.sys [2011-6-7 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-8-29 532224]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-27 353168]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-5 821080]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 26872]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 493048]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\tools\incd\NBHRegInCDSrv.exe [2009-10-16 53560]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-5 239472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-7 22712]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-5 30368]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-5 16080]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 MpKsl40b36e1c;MpKsl40b36e1c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1466fd97-9f1a-4dc5-bd70-5a6e7e4a36d3}\mpksl40b36e1c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1466fd97-9f1a-4dc5-bd70-5a6e7e4a36d3}\MpKsl40b36e1c.sys [?]

S1 MpKsl4f825b30;MpKsl4f825b30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2bf3279d-4467-48f1-bb20-a09fe8682746}\mpksl4f825b30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2bf3279d-4467-48f1-bb20-a09fe8682746}\MpKsl4f825b30.sys [?]

S1 MpKsl6c8f46bf;MpKsl6c8f46bf;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c8daf2-90cb-44ea-b952-55a8b2e4fc5f}\mpksl6c8f46bf.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{21c8daf2-90cb-44ea-b952-55a8b2e4fc5f}\MpKsl6c8f46bf.sys [?]

S1 MpKsl760e2d97;MpKsl760e2d97;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4749219f-2599-454d-a5b6-a943591b2085}\mpksl760e2d97.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4749219f-2599-454d-a5b6-a943591b2085}\MpKsl760e2d97.sys [?]

S1 MpKsl821ec266;MpKsl821ec266;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5df53b9f-c803-48a0-97cf-c7e123fc663a}\mpksl821ec266.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5df53b9f-c803-48a0-97cf-c7e123fc663a}\MpKsl821ec266.sys [?]

S1 MpKsl83fba8fb;MpKsl83fba8fb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e973ada7-ed71-423f-9c69-1238dfd55103}\mpksl83fba8fb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e973ada7-ed71-423f-9c69-1238dfd55103}\MpKsl83fba8fb.sys [?]

S1 MpKsl91da0479;MpKsl91da0479;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60f343ff-455e-4c57-9f90-9147b39df9d0}\mpksl91da0479.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60f343ff-455e-4c57-9f90-9147b39df9d0}\MpKsl91da0479.sys [?]

S1 MpKsl9b42900b;MpKsl9b42900b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf94f658-20f0-49aa-b9e1-a3850c818d78}\mpksl9b42900b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf94f658-20f0-49aa-b9e1-a3850c818d78}\MpKsl9b42900b.sys [?]

S1 MpKsla1ddf45a;MpKsla1ddf45a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2232d131-8aae-4984-a7a0-64386e5b0ed9}\mpksla1ddf45a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2232d131-8aae-4984-a7a0-64386e5b0ed9}\MpKsla1ddf45a.sys [?]

S1 MpKsla30007e6;MpKsla30007e6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e72cec9-1d71-4f89-821e-d0d085271b87}\mpksla30007e6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3e72cec9-1d71-4f89-821e-d0d085271b87}\MpKsla30007e6.sys [?]

S1 MpKslbc86c71e;MpKslbc86c71e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9035c7ae-ec95-41ec-a2fd-89e2bc43ff54}\mpkslbc86c71e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9035c7ae-ec95-41ec-a2fd-89e2bc43ff54}\MpKslbc86c71e.sys [?]

S1 MpKsld57116b2;MpKsld57116b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03c6f155-c50b-45d7-bcea-1ed7879e340d}\mpksld57116b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03c6f155-c50b-45d7-bcea-1ed7879e340d}\MpKsld57116b2.sys [?]

S1 MpKslda3d2aea;MpKslda3d2aea;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f910d6f9-ca91-4624-b8fc-3526174e13b9}\mpkslda3d2aea.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f910d6f9-ca91-4624-b8fc-3526174e13b9}\MpKslda3d2aea.sys [?]

S1 MpKslfccafaf1;MpKslfccafaf1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c69866f6-3ae0-42ea-a418-5bd0c6c28c25}\mpkslfccafaf1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c69866f6-3ae0-42ea-a418-5bd0c6c28c25}\MpKslfccafaf1.sys [?]

S1 MpKslfd5cdca6;MpKslfd5cdca6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f791dc0-f0d9-4e7f-846c-eed37ee3d7bd}\mpkslfd5cdca6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f791dc0-f0d9-4e7f-846c-eed37ee3d7bd}\MpKslfd5cdca6.sys [?]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-9 14336]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

.

=============== Created Last 30 ================

.

2011-06-08 05:25:04 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f91242d-172d-4285-b521-a02a010f55f4}\MpKsl9a10b7db.sys

2011-06-08 05:23:05 711728 ----a-w- c:\windows\isRS-000.tmp

2011-06-08 05:19:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-08 05:19:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-08 05:19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-08 02:44:36 -------- d-----w- c:\documents and settings\hp_administrator\application data\SUPERAntiSpyware.com

2011-06-08 02:44:36 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-06-08 02:44:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-07 16:58:30 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f91242d-172d-4285-b521-a02a010f55f4}\mpengine.dll

2011-06-06 04:43:41 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-06-06 04:43:39 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-05-24 05:24:16 19096 ----a-w- c:\windows\system32\drivers\InCDRec.sys

2011-05-24 05:24:12 130200 ----a-w- c:\windows\system32\drivers\InCDFs.sys

2011-05-24 05:24:07 48280 ----a-w- c:\windows\system32\drivers\InCDPass.sys

2011-05-24 05:24:00 -------- d-----w- c:\program files\Nero

2011-05-22 07:25:05 -------- d-----w- c:\program files\Microsoft

.

==================== Find3M ====================

.

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

.

============= FINISH: 7:17:29.62 ===============

 

Attach.txt to be followed....

Posted

Attach.txt zipped and attached

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-03.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 23/11/2009 11:21:52 PM

System Uptime: 08/06/2011 9:29:44 PM (0 hours ago)

.

Motherboard: Hewleet-Packard | | Asterope2

Processor: Intel® Pentium® D CPU 2.66GHz | CPU 1 | 2665/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 178 GiB total, 140.337 GiB free.

D: is FIXED (FAT32) - 9 GiB total, 0.773 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP399: 12/03/2011 1:16:01 AM - System Checkpoint

RP400: 12/03/2011 12:19:13 PM - Software Distribution Service 3.0

RP401: 14/03/2011 7:36:37 PM - Software Distribution Service 3.0

RP402: 15/03/2011 8:46:39 PM - Software Distribution Service 3.0

RP403: 17/03/2011 7:46:53 PM - Software Distribution Service 3.0

RP404: 18/03/2011 11:15:02 PM - Software Distribution Service 3.0

RP405: 20/03/2011 6:51:19 PM - Software Distribution Service 3.0

RP406: 21/03/2011 9:03:50 PM - Software Distribution Service 3.0

RP407: 23/03/2011 4:57:44 PM - Software Distribution Service 3.0

RP408: 23/03/2011 7:33:14 PM - Software Distribution Service 3.0

RP409: 24/03/2011 10:13:35 PM - Software Distribution Service 3.0

RP410: 26/03/2011 6:36:36 PM - Software Distribution Service 3.0

RP411: 27/03/2011 12:57:53 AM - Software Distribution Service 3.0

RP412: 28/03/2011 7:37:09 PM - Software Distribution Service 3.0

RP413: 30/03/2011 6:06:54 PM - Installed %1 %2.

RP414: 30/03/2011 6:07:45 PM - Installed Windows XP Update for Microsoft Windows (KB971513).

RP415: 30/03/2011 6:08:20 PM - Installed %1 %2.

RP416: 30/03/2011 6:11:48 PM - Installed Windows XP KB2447568.

RP417: 30/03/2011 6:12:16 PM - Software Distribution Service 3.0

RP418: 30/03/2011 6:27:28 PM - Installed Windows XP Media Center Edition 2005 KB925766.

RP419: 03/04/2011 12:33:29 PM - Software Distribution Service 3.0

RP420: 04/04/2011 7:04:39 PM - Software Distribution Service 3.0

RP421: 05/04/2011 7:18:21 PM - System Checkpoint

RP422: 05/04/2011 7:20:43 PM - Software Distribution Service 3.0

RP423: 06/04/2011 8:59:03 PM - Software Distribution Service 3.0

RP424: 06/04/2011 11:37:36 PM - Software Distribution Service 3.0

RP425: 08/04/2011 9:17:24 PM - Software Distribution Service 3.0

RP426: 10/04/2011 10:17:56 PM - Software Distribution Service 3.0

RP427: 13/04/2011 7:53:11 PM - Software Distribution Service 3.0

RP428: 16/04/2011 6:32:54 PM - Software Distribution Service 3.0

RP429: 16/04/2011 7:00:40 PM - Software Distribution Service 3.0

RP430: 16/04/2011 7:42:40 PM - Software Distribution Service 3.0

RP431: 17/04/2011 2:21:55 PM - Software Distribution Service 3.0

RP432: 17/04/2011 4:27:48 PM - Removed HP Deskjet Printer Preload

RP433: 18/04/2011 7:29:29 PM - Software Distribution Service 3.0

RP434: 20/04/2011 9:38:11 PM - Software Distribution Service 3.0

RP435: 20/04/2011 10:32:13 PM - Software Distribution Service 3.0

RP436: 22/04/2011 10:07:51 PM - Software Distribution Service 3.0

RP437: 23/04/2011 1:14:22 AM - Software Distribution Service 3.0

RP438: 23/04/2011 10:15:49 PM - Software Distribution Service 3.0

RP439: 25/04/2011 8:14:00 PM - Software Distribution Service 3.0

RP440: 26/04/2011 8:13:15 PM - Software Distribution Service 3.0

RP441: 26/04/2011 8:53:34 PM - Software Distribution Service 3.0

RP442: 26/04/2011 11:27:57 PM - Configured easy Internet sign-up

RP443: 26/04/2011 11:33:22 PM - Software Distribution Service 3.0

RP444: 27/04/2011 12:02:29 AM - Restore Operation

RP445: 27/04/2011 12:24:30 AM - Installed Windows XP KB2492386.

RP446: 30/04/2011 9:48:54 PM - Software Distribution Service 3.0

RP447: 02/05/2011 12:39:55 PM - System Checkpoint

RP448: 02/05/2011 9:53:17 PM - Software Distribution Service 3.0

RP449: 04/05/2011 12:12:35 PM - Software Distribution Service 3.0

RP450: 04/05/2011 7:31:01 PM - Software Distribution Service 3.0

RP451: 06/05/2011 12:15:57 PM - Software Distribution Service 3.0

RP452: 08/05/2011 9:04:09 PM - Software Distribution Service 3.0

RP453: 13/05/2011 10:51:49 AM - Software Distribution Service 3.0

RP454: 13/05/2011 11:58:25 AM - Software Distribution Service 3.0

RP455: 14/05/2011 12:25:54 PM - System Checkpoint

RP456: 15/05/2011 12:53:26 PM - System Checkpoint

RP457: 15/05/2011 9:13:24 PM - Software Distribution Service 3.0

RP458: 16/05/2011 10:29:38 PM - Software Distribution Service 3.0

RP459: 20/05/2011 10:38:13 AM - Software Distribution Service 3.0

RP460: 21/05/2011 10:56:38 PM - Software Distribution Service 3.0

RP461: 23/05/2011 2:11:22 PM - Software Distribution Service 3.0

RP462: 23/05/2011 10:23:57 PM - Installed Nero InCD.

RP463: 24/05/2011 10:29:54 PM - System Checkpoint

RP464: 25/05/2011 11:40:57 AM - Software Distribution Service 3.0

RP465: 25/05/2011 11:12:11 PM - Software Distribution Service 3.0

RP466: 28/05/2011 12:33:14 AM - Software Distribution Service 3.0

RP467: 29/05/2011 10:13:36 PM - Software Distribution Service 3.0

RP468: 30/05/2011 10:27:37 PM - System Checkpoint

RP469: 31/05/2011 1:41:25 AM - IObit Uninstaller restore point

RP470: 01/06/2011 10:00:06 AM - Software Distribution Service 3.0

RP471: 01/06/2011 3:36:57 PM - Software Distribution Service 3.0

RP472: 02/06/2011 4:13:09 PM - Software Distribution Service 3.0

RP473: 03/06/2011 7:58:16 PM - Software Distribution Service 3.0

RP474: 04/06/2011 8:10:53 PM - System Checkpoint

RP475: 05/06/2011 1:40:49 PM - Software Distribution Service 3.0

RP476: 07/06/2011 9:58:12 AM - Software Distribution Service 3.0

RP477: 08/06/2011 9:42:07 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2007 Microsoft Office Suite Service Pack 2 (SP2)

32 Bit HP CIO Components Installer

360¦w¥ş?¤h

Acrobat.com

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4

Advanced SystemCare 4

APlayer Codec Lite version 2.0.1.230

ATI Control Panel

ATI Display Driver

AviSynth 2.5

Bing Bar

BufferChm

CCleaner

Chinese Traditional Fonts Support For Adobe Reader 9

Copy

Cossacks - Back To War

Coupon Printer for Windows

Customer Experience Enhancement

Data Fax SoftModem with SmartCP

Destinations

DeviceDiscovery

DISCover

DJ_AIO_05_F4400_Software_Min

DocProc

DocumentViewer

East India Company and Pirate Bay Addon

Easy Internet Sign-up

easyMule

Enhanced Multimedia Keyboard Solution

ffdshow [rev 2583] [2009-01-05]

GemMaster Mystic

Google Toolbar for Internet Explorer

GPBaseService2

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB951830)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB971314)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP Customer Participation Program 14.0

HP Deskjet F4400 Printer Driver 14.0 Rel. 5

HP DigitalMedia Archive

HP Document Viewer 6.1

HP DVD Play 2.1

HP Imaging Device Functions 14.0

HP Photo Creations

HP Rhapsody

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HP Web Helper

HPPhotoSmartExpress

HPProductAssistant

HpSdpAppCoreApp

HPSSupply

Internet Explorer (Enable DEP)

IObit Malware Fighter

iTudou 2.6.10.0

J2SE Runtime Environment 5.0 Update 5

Java Auto Updater

Java 6 Update 24

LightScribe 1.4.84.1

Malwarebytes' Anti-Malware version 1.51.0.1200

MarketResearch

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHT

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CHT

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 Language Pack - cht

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 »y¨¥®M¥ó - ÁcÅ餤¤å

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft AppLocale

Microsoft Automated Troubleshooting Services Shim

Microsoft Away Mode

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Fix it Center

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Money 2006

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Management Objects

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files (English)

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server VSS Writer

Microsoft Visual C# 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Windows Application Compatibility Database

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft Works

Mozilla Firefox (3.6.17)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

muvee autoProducer 5.0

muvee autoProducer unPlugged 2.0

Nero InCD

Otto

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

Quicken 2006

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Scan

SCRABBLE

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950582)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953155)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982316)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shop for HP Supplies

Smart Defrag 2

SmartWebPrinting

SolutionCenter

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sql Server Customer Experience Improvement Program

SQL Server System CLR Types

Status

SUPERAntiSpyware

Toolbox

TrayApp

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Windows (KB971513)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2264107)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB951978)

Update for Windows XP (KB955704)

Update for Windows XP (KB955759)

Update for Windows XP (KB958752)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Updates from HP (remove only)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WildTangent Web Driver

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Management Framework Core

Windows Media Format Runtime

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR archiver

WinSPMBT CD Edition

WinSPWW2v1 DL Edition

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Yahoo! Toolbar

ZoneAlarm

ZoneAlarm Toolbar

¤T?§Ó11¤¤¤å«Â¤O¥[?ª© 1.0

·L?HCPº|¬}?«æ«Ì½ª?¤B

¨³¹p¬İ¬İ¼½©ñ¾¹

.

==== Event Viewer Messages From Past Week ========

.

07/06/2011 9:50:01 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

07/06/2011 5:04:17 PM, error: PlugPlayManager [12] - The device 'SoftV92 Data Fax Modem' (PCI\VEN_14F1&DEV_2F00&SUBSYS_202C14F1&REV_00\4&b4b0d3&0&10A4) disappeared from the system without first being prepared for removal.

05/06/2011 9:40:34 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).

04/06/2011 6:33:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

.

==== End Of File ===========================

 

 

 

 

 

 

 

 

 

Attach.txt zipped and attached...

attach.zip

Posted

P2P - I see you have P2P software installed on your machine (easyMule). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

 

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

**********************************************

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

 

If you choose to follow my advice, please follow these instructions.

 

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

 

WildTangent Web Driveror anything related to WildTangent.

*******************************************************

Could you please tell me what these are? They are showing in your programs installed list.

¤T?§Ó11¤¤¤å«Â¤O¥[?ª© 1.0

·L?HCPº|¬}?«æ«Ì½ª?¤B

¨³¹p¬I¬I¼½©ñ¾¹

 

*****************************************************

Download OTL to your desktop.

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Alcmtr] ALCMTR.EXE
Trusted Zone: kuaiche.com\software
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

*********************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Posted

Hi Superdave,

 

I have deleted the easymule (the P2P program) and its player (the 3rd program its name cannot be show properly "¨³¹p¬I¬I¼½©ñ¾¹")

 

 

¤T?§Ó11¤¤¤å«Â¤O¥[?ª© 1.0 is a game in chinese (San11)

 

·L?HCPº|¬}?«æ«Ì½ª?¤B (Its name is written in chinese but I cannot identify the program from the control panel. The program IS NOT on the add/remove programs.

 

¨³¹p¬I¬I¼½©ñ¾¹ is the media player for easymule (deleted).

 

 

 

 

All processes killed

========== OTL ==========

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 31612 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 31612 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41620 bytes

 

User: HP_Administrator

->Temp folder emptied: 8674539 bytes

->Temporary Internet Files folder emptied: 11420151 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 83623865 bytes

->Flash cache emptied: 1213 bytes

 

User: LocalService

->Temp folder emptied: 2049416 bytes

->Temporary Internet Files folder emptied: 139365 bytes

 

User: NetworkService

->Temp folder emptied: 3979838 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2712946 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77488 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 11381457 bytes

 

Total Files Cleaned = 119.00 mb

 

 

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_212138

 

Files\Folders moved on Reboot...

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1E8.tmp moved successfully.

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\26HIXPRX\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\26HIXPRX\showthread[1].htm moved successfully.

C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl moved successfully.

File\Folder C:\WINDOWS\temp\ZLT06086.TMP not found!

 

Registry entries deleted on Reboot...

Posted

ComboFix 11-06-10.09 - HP_Administrator 10/06/2011 22:00:46.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.950.886.1033.18.959.229 [GMT -7:00]

執行位置: c:\documents and settings\HP_Administrator\My Documents\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\Application Data\360SE

c:\documents and settings\HP_Administrator\Application Data\360SE\360SE.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\data\360sefav.db

c:\documents and settings\HP_Administrator\Application Data\360SE\data\DailyBackup\360sefav_2010_07_10.favdb

c:\documents and settings\HP_Administrator\Application Data\360SE\data\history.dat

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\avc.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\cn.bing.com.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\cz.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\ddt.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\dgcs.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\dh.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\farm.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\hao.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\hero.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\mcsd.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\me.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\plsm.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\poker.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\se.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\search8.taobao.com.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\http://www.baidu.com.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\http://www.google.com.hk.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\http://www.qihoo.com.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\http://www.sogou.com.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\http://www.youdao.com.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\wxfy.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\yahoo.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\ico\zqjl.wan.360.cn.ico

c:\documents and settings\HP_Administrator\Application Data\360SE\data\user.dat

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\ExtAddons\ExtStats.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\ExtAddons\ExtStats.ini.cfg

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\ExtAddons\ganzhi.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\ExtAdfilter\extadfilter.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\ExtChongzhi\stat.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\ExtProxy\proxy.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\Favorites\Favorites.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\Favorites\Log\360log_2010_07_10.log

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\SafeCentral\esimple.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\SafeCentral\SafeCentral.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\SafeCentral\SafeProtect.dat

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\SafeCentral\sc.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\extensions\SafeCentral\urllibauth.dat

c:\documents and settings\HP_Administrator\Application Data\360SE\stat.ini

c:\documents and settings\HP_Administrator\Application Data\360SE\Update\extdoctor.zip

c:\documents and settings\HP_Administrator\WINDOWS

c:\program files\Internet Explorer\Connection Wizard\iexplore.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\system32\config\systemprofile\WINDOWS

.

.

((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ZHUDONGFANGYU

.

.

((((((((((((((((((((((((( 2011-05-11 至 2011-06-11 的新的檔案 )))))))))))))))))))))))))))))))

.

.

2011-06-11 04:32 . 2011-06-11 04:32 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F407DF3C-962C-4B07-8B2D-4AE408D81816}\MpKsl7e2affb9.sys

2011-06-11 04:21 . 2011-06-11 04:21 -------- d-----w- C:\_OTL

2011-06-11 03:33 . 2011-06-11 03:33 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Wildtangent

2011-06-11 01:39 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F407DF3C-962C-4B07-8B2D-4AE408D81816}\mpengine.dll

2011-06-08 05:19 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-08 05:19 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-08 05:19 . 2011-06-08 05:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-08 02:44 . 2011-06-08 02:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com

2011-06-08 02:44 . 2011-06-08 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-08 02:44 . 2011-06-11 01:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-06-06 04:43 . 2011-02-23 23:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-06-06 04:43 . 2011-02-24 00:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-05-24 05:24 . 2009-10-16 17:42 19096 ----a-w- c:\windows\system32\drivers\InCDRec.sys

2011-05-24 05:24 . 2009-10-16 17:43 130200 ----a-w- c:\windows\system32\drivers\InCDFs.sys

2011-05-24 05:24 . 2009-10-16 17:42 48280 ----a-w- c:\windows\system32\drivers\InCDPass.sys

2011-05-24 05:24 . 2011-05-24 05:24 -------- d-----w- c:\program files\Nero

2011-05-22 07:25 . 2011-05-22 07:25 -------- d-----w- c:\program files\Microsoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-09 20:46 . 2010-09-22 05:52 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-05-11 15:21 . 2010-05-20 06:06 79664 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll

.

.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2010-12-01 19:27 2735200 ----a-w- c:\program files\ZoneAlarm_Security\tbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\tbZone.dll" [2010-12-01 2735200]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2009-10-16 17:44 97072 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-11 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-03-03 273544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-09-02 738808]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]

"NBHGui"="c:\program files\Nero\Tools\InCD\NBHGui.exe" [2009-10-16 1600816]

"InCD"="c:\program files\Nero\Tools\InCD\InCD.exe" [2009-10-16 1060136]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-05-12 4379480]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-4 27136]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk

backup=c:\windows\pss\Updates From HP.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^雄iTudou.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\雄iTudou.lnk

backup=c:\windows\pss\雄iTudou.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-05-20 03:42 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Application Data\\FlashgetSetup\\fgmini.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [05/06/2011 9:43 PM 13496]

R1 MpKsl7e2affb9;MpKsl7e2affb9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F407DF3C-962C-4B07-8B2D-4AE408D81816}\MpKsl7e2affb9.sys [10/06/2011 9:32 PM 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 11:41 AM 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [27/04/2011 12:07 AM 353168]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [05/06/2011 9:43 PM 821080]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [02/09/2010 5:26 AM 26872]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [02/09/2010 5:26 AM 493048]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/06/2011 10:19 PM 366640]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Tools\InCD\NBHRegInCDSrv.exe [16/10/2009 10:44 AM 53560]

R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [05/06/2011 9:43 PM 239472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/06/2011 10:19 PM 22712]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [05/06/2011 9:43 PM 30368]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [05/06/2011 9:43 PM 16080]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 MpKsl0e81f3df;MpKsl0e81f3df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F407DF3C-962C-4B07-8B2D-4AE408D81816}\MpKsl0e81f3df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F407DF3C-962C-4B07-8B2D-4AE408D81816}\MpKsl0e81f3df.sys [?]

S1 MpKsl1e35ffec;MpKsl1e35ffec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1449460-549B-4FC0-AA6B-D12E6E52CC10}\MpKsl1e35ffec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1449460-549B-4FC0-AA6B-D12E6E52CC10}\MpKsl1e35ffec.sys [?]

S1 MpKsl40b36e1c;MpKsl40b36e1c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1466FD97-9F1A-4DC5-BD70-5A6E7E4A36D3}\MpKsl40b36e1c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1466FD97-9F1A-4DC5-BD70-5A6E7E4A36D3}\MpKsl40b36e1c.sys [?]

S1 MpKsl4f825b30;MpKsl4f825b30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BF3279D-4467-48F1-BB20-A09FE8682746}\MpKsl4f825b30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2BF3279D-4467-48F1-BB20-A09FE8682746}\MpKsl4f825b30.sys [?]

S1 MpKsl6c8f46bf;MpKsl6c8f46bf;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C8DAF2-90CB-44EA-B952-55A8B2E4FC5F}\MpKsl6c8f46bf.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{21C8DAF2-90CB-44EA-B952-55A8B2E4FC5F}\MpKsl6c8f46bf.sys [?]

S1 MpKsl760e2d97;MpKsl760e2d97;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4749219F-2599-454D-A5B6-A943591B2085}\MpKsl760e2d97.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4749219F-2599-454D-A5B6-A943591B2085}\MpKsl760e2d97.sys [?]

S1 MpKsl821ec266;MpKsl821ec266;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DF53B9F-C803-48A0-97CF-C7E123FC663A}\MpKsl821ec266.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5DF53B9F-C803-48A0-97CF-C7E123FC663A}\MpKsl821ec266.sys [?]

S1 MpKsl83fba8fb;MpKsl83fba8fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E973ADA7-ED71-423F-9C69-1238DFD55103}\MpKsl83fba8fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E973ADA7-ED71-423F-9C69-1238DFD55103}\MpKsl83fba8fb.sys [?]

S1 MpKsl91da0479;MpKsl91da0479;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60F343FF-455E-4C57-9F90-9147B39DF9D0}\MpKsl91da0479.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60F343FF-455E-4C57-9F90-9147B39DF9D0}\MpKsl91da0479.sys [?]

S1 MpKsl9b42900b;MpKsl9b42900b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF94F658-20F0-49AA-B9E1-A3850C818D78}\MpKsl9b42900b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF94F658-20F0-49AA-B9E1-A3850C818D78}\MpKsl9b42900b.sys [?]

S1 MpKsla1ddf45a;MpKsla1ddf45a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2232D131-8AAE-4984-A7A0-64386E5B0ED9}\MpKsla1ddf45a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2232D131-8AAE-4984-A7A0-64386E5B0ED9}\MpKsla1ddf45a.sys [?]

S1 MpKsla30007e6;MpKsla30007e6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E72CEC9-1D71-4F89-821E-D0D085271B87}\MpKsla30007e6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3E72CEC9-1D71-4F89-821E-D0D085271B87}\MpKsla30007e6.sys [?]

S1 MpKslbc86c71e;MpKslbc86c71e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9035C7AE-EC95-41EC-A2FD-89E2BC43FF54}\MpKslbc86c71e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9035C7AE-EC95-41EC-A2FD-89E2BC43FF54}\MpKslbc86c71e.sys [?]

S1 MpKsld57116b2;MpKsld57116b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03C6F155-C50B-45D7-BCEA-1ED7879E340D}\MpKsld57116b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03C6F155-C50B-45D7-BCEA-1ED7879E340D}\MpKsld57116b2.sys [?]

S1 MpKslda3d2aea;MpKslda3d2aea;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F910D6F9-CA91-4624-B8FC-3526174E13B9}\MpKslda3d2aea.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F910D6F9-CA91-4624-B8FC-3526174E13B9}\MpKslda3d2aea.sys [?]

S1 MpKslfccafaf1;MpKslfccafaf1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C69866F6-3AE0-42EA-A418-5BD0C6C28C25}\MpKslfccafaf1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C69866F6-3AE0-42EA-A418-5BD0C6C28C25}\MpKslfccafaf1.sys [?]

S1 MpKslfd5cdca6;MpKslfd5cdca6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F791DC0-F0D9-4E7F-846C-EED37EE3D7BD}\MpKslfd5cdca6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F791DC0-F0D9-4E7F-846C-EED37EE3D7BD}\MpKslfd5cdca6.sys [?]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [01/03/2011 9:23 PM 183560]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 2:10 AM 267568]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [09/08/2004 9:00 PM 14336]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [09/08/2004 9:00 PM 14336]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 5:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10/07/2008 3:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10/07/2008 5:28 PM 369688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

‘計劃任務’ 文件夾 裡的內容

.

2011-06-11 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-27 21:46]

.

2011-06-11 c:\windows\Tasks\ConfigExec.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 09:09]

.

2011-06-11 c:\windows\Tasks\DataUpload.job

- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 09:09]

.

2011-06-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]

.

2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]

.

2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3472770984-2411261846-4188912960-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]

.

2011-05-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]

.

2011-06-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3472770984-2411261846-4188912960-1008.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 22:25]

.

.

------- 而外的掃描 -------

.

Trusted Zone: kuaiche.com\software

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ivcx6fm8.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker

FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-10 22:16

Windows 5.1.2600 Service Pack 3 NTFS

.

掃描被隱藏的進程 ...

.

掃描被隱藏的啟動組 ...

.

掃描被隱藏的文件 ...

.

掃描完成

被隱藏的檔案: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,de,09,45,8e,f9,6f,4f,a4,e4,28,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,de,09,45,8e,f9,6f,4f,a4,e4,28,\

.

[HKEY_USERS\S-1-5-21-3472770984-2411261846-4188912960-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ N莤1*1*-N]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"Order"=hex:08,00,00,00,02,00,00,00,32,02,00,00,01,00,00,00,04,00,00,00,8a,00,

00,00,00,00,00,00,7c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6a,00,36,\

.

--------------------- 運行進程下的動態鏈接庫 ---------------------

.

- - - - - - - > 'winlogon.exe'(780)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

.

- - - - - - - > 'lsass.exe'(836)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'explorer.exe'(7168)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll

c:\program files\Nero\Tools\InCD\NBHshx.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

------------------------ 其他運行進程 ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Nero\Tools\InCD\InCDSrv.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\conime.exe

c:\windows\system32\LEXBCES.EXE

c:\windows\system32\LEXPPS.EXE

c:\windows\arservice.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\ARPWRMSG.EXE

c:\windows\eHome\ehmsas.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

完成時間: 2011-06-10 22:28:20 - 電腦已重新啟動

ComboFix-quarantined-files.txt 2011-06-11 05:28

.

Pre-Run: 150,314,496,000 bytes free

Post-Run: 150,061,314,048 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 349F74C07D3BA5DFF8D4778F75236EB2

Posted

Hi Superdave,

 

It looks like the problem has been fixed! :smile: The search function resume to normal. Thanks for your help!!!

 

Is there any way I can remove the unknow program (the "·L?HCPº|¬}?«æ«Ì½ª?¤B"?

Posted
It looks like the problem has been fixed! The search function resume to normal. Thanks for your help!!!

 

That's good news but we still have a few things to do yet to make sure everything is clean.

 

Is there any way I can remove the unknow program (the "·L?HCPº|¬}?«æ«Ì½ª?¤B"?

Let's try this:

 

* Open OTL

* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

 

:OTL
Trusted Zone: kuaiche.com\software

:folders
·L?HCPº|¬}?«æ«Ì½ª?¤B

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

 

* Click Run Fix

* OTLI2 may ask to reboot the machine. Please do so if asked.

* Click OK

* A report will open. Copy and Paste that report in your next reply.

 

***************************************************

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Posted

Here is the log from OTL report:

 

All processes killed

========== OTL ==========

Error: Unable to interpret <:folders> in the current context!

Error: Unable to interpret <·L?HCPº|¬}?«æ«Ì½ª?¤B> in the current context!

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: HP_Administrator

->Temp folder emptied: 1565377 bytes

->Temporary Internet Files folder emptied: 1371200 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 993736 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 996904 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1010753 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 6.00 mb

 

 

OTL by OldTimer - Version 3.2.23.0 log created on 06122011_111743

 

Files\Folders moved on Reboot...

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF58C7.tmp moved successfully.

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\HFSEUBTR\df949936-2850-4e26-af65-c14d91c5c48b[1].htm moved successfully.

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\EN6KWSQX\showthread[1].htm moved successfully.

File\Folder C:\WINDOWS\temp\IswTmp\Logs\ISWSHEX.swl not found!

File\Folder C:\WINDOWS\temp\ZLT02f2a.TMP not found!

 

Registry entries deleted on Reboot...

Posted

Here is the report from RootRepeal:

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2011/06/12 11:51

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

 

SSDT

-------------------

SYSENTER/INT2E Hooked [0x80541580]!

 

==EOF==

Posted

Please ignore the previous report as I have forgotten to check all boxes to scan.

 

Here is the report with check to all boxes to scan.

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2011/06/12 11:55

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

 

Drivers

-------------------

Name: MpKsl95f35a8e.sys

Image Path: c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8201E514-40FC-4B14-B5B8-40AD470A505B}\MpKsl95f35a8e.sys

Address: 0xF7A64000 Size: 22784 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEDA58000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: C:\RootRepeal report 06-12-11 (11-55-38).txt

Status: Visible to the Windows API, but not on disk.

 

Path: C:\WINDOWS\Temp\IswTmp\Logs\ISWSHEX.swl

Status: Locked to the Windows API!

 

Path: c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\log\log_626.trc

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\M0DBGD55.H4N\CCV7TMVM.83N\manifests\KankanClickOnce.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\M0DBGD55.H4N\CCV7TMVM.83N\manifests\KankanClickOnce.exe.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\M0DBGD55.H4N\CCV7TMVM.83N\manifests\KankanClickOnce.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Apps\2.0\M0DBGD55.H4N\CCV7TMVM.83N\manifests\KankanClickOnce.manifest

Status: Locked to the Windows API!

 

SSDT

-------------------

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1985534

 

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf197f782

 

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf199e6dc

 

#: 046 Function Name: NtCreatePort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1985cc0

 

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1998eb4

 

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19992a2

 

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a2916

 

#: 056 Function Name: NtCreateWaitablePort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1985df6

 

#: 062 Function Name: NtDeleteFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1980398

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf199ffe4

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf199f93c

 

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1997df0

 

#: 098 Function Name: NtLoadKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a093c

 

#: 099 Function Name: NtLoadKey2

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a0b44

 

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf197ffaa

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf199b1ce

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf199adf8

 

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a18d2

 

#: 193 Function Name: NtReplaceKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a1208

 

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19850f4

 

#: 204 Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a22a4

 

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19857dc

 

#: 224 Function Name: NtSetInformationFile

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf198075c

 

#: 237 Function Name: NtSetSecurityObject

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19a1e12

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf199f0c4

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1999f0a

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xf192a620

 

Shadow SSDT

-------------------

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1983f38

 

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf198407a

 

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19841b2

 

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf1981b4c

 

#: 502 Function Name: NtUserSendInput

Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf19845a6

 

==EOF==

Posted

Please download: HiJackThis to your Desktop.

•Start HijackThis

•Click on the Misc Tools button

•Click on the Open Uninstall Manager button.

•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.

Copy and paste this file in your next reply.

***********************************************

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Posted

Uninstall_list

 

?T?§O11???a?A?O¥[?ac 1.0

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

2007 Microsoft Office Suite Service Pack 2 (SP2)

32 Bit HP CIO Components Installer

Acrobat.com

Acrobat.com

Adobe AIR

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.4

Advanced SystemCare 4

APlayer Codec Lite version 2.0.1.230

ATI Control Panel

ATI Display Driver

AviSynth 2.5

Bing Bar

CCleaner

Chinese Traditional Fonts Support For Adobe Reader 9

Cossacks - Back To War

Coupon Printer for Windows

Customer Experience Enhancement

Data Fax SoftModem with SmartCP

DISCover

Posted

List of found threats

 

C:\WINDOWS\cachtmp\??-???.Html Win32/StartPage.NYP trojan cleaned by deleting - quarantined

 

 

Hi Superdave,

 

I will be away from home town for the coming week so as I cannot access my desktop until return home on the 18th.

Posted

I can't see that folder in the uninstall list. The only things I can suggest is to look in your programs for that one and see if there's an uninstaller. Or, look in your C drive and delete the folder.

 

If there are no other issues, let's do some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************

To remove all of the tools we used and the files and folders they created do the following:

Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

******************************************************

To turn off Windows XP System Restore:

 

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

 

1. Click Start.

2. Right-click the My Computer icon, and then click Properties.

3. Click the System Restore tab.

4. Check "Turn off System Restore" or "Turn off System Restore on all drives"

5. Click Apply.

6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.

7. Click OK.

8. Restart the computer and follow the instructions in the next section to turn on System Restore.

 

To turn on Windows XP System Restore:

 

1. Click Start.

2. Right-click My Computer, and then click Properties.

3. Click the System Restore tab.

4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."

5. Click Apply, and then click OK.

**********************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

**************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Posted

Hi Superdave,

 

1. "Quoted" I can't see that folder in the uninstall list. The only things I can suggest is to look in your programs for that one and see if there's an uninstaller. Or, look in your C drive and delete the folder. "Unquoted"

 

==>There is no uninstaller for the program and I have deleted the folder directly as advised.

 

 

2. ComboFix has been deleted.

 

3. "Quoted" Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. "unquoted"

 

==> There are other several programs have been used such as SuperAntispyware, Malwarebytes', and HijackThis. Should I uninstall these program too?

 

4. I have no problem to downloaded the TFC and to clean up temp files. However the desktop hang-up during the restart process. I tired several times and the desktop hang-up every time while the PC was shutting down. I did turn-off the power to reboot the PC. Is it OK?

 

5. The next step (using Secunia Software Inspector to check for update) is pending until I got a green light from you.

 

Regards,

Posted
There are other several programs have been used such as SuperAntispyware, Malwarebytes', and HijackThis. Should I uninstall these program too?

You may uninstall Hijackthis. You may keep SAS and MBAM, if you wish. Update them and run them on regular basis.

However the desktop hang-up during the restart process. I tired several times and the desktop hang-up every time while the PC was shutting down. I did turn-off the power to reboot the PC. Is it OK?

I don't know why it would hang like that. At least, you were able to run it and clean the files.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...