Active Search Engine Redirect and unable to access own local drive

[Active] Search Engine Redirect and unable to access own local drive

All my search results are been redirected to spam sites and when i try accessing my local drive or my external hard drive an error message would appear. With Windows Cannot Find "RECYCLER\S-05-49-100025795-100000054-1000023211-1452.com "

Here are the logs (Slight problem is my Laptop is run in chinese and logs are produced in chinese too....)

DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 5:17:20.09 on 11/02/2009 Wed
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.950.852.1028.18.511.144 [GMT 0:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 聲訊驅動程式\stacmon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mandi\My Documents\Q9\Q92k.exe
C:\Documents and Settings\Mandi\My Documents\Q9\QTRAYIME.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\桌面\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder network\webthunder\WebThunderBHO_Now.dll
BHO: ShowHKToolbar Class: {06433bfe-4946-4e89-823d-cd359c81cd06} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 聲配灑動程式\stacmon.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [WebThunder] c:\program files\thunder network\webthunder\WebThunder.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [syshtray] c:\windows\higeorge2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NodLogin] c:\program files\eset\eset nod32 antivirus\nodlogin.exe
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\「開始~1\程式集\啟動\q92k.lnk - c:\documents and settings\mandi\my documents\q9\Q92k.exe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files\thunder network\webthunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files\thunder network\webthunder\GetAllUrl.htm
IE: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\winavi flv converter\FLVTune.dll
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} - hxxp://download.pplive.com/webinstall/install.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/08d0f98b99f9bfd7eb05/netzip/RdxIE601.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230486415485
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187333450106
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU.cab?20080519
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - hxxp://tgnet.co.kr/vod/MagicLockOCX.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.freewebtown.com/community/image_uploader/ImageUploader3.cab
DPF: {B80CBA99-2493-4343-8A83-386E9F3CA5C2} - hxxp://www.isoshu.com/eread/WebReadOnLine_ATL.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/swflash.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs10u.cyworld.com.cn/common/activex/CyImgChina.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/pluginsetup.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {BF608A83-07CB-40DC-9F16-3E0D4F0D49D6} = 85.255.112.39,85.255.112.40
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: lwtkrs.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-2-20 10112]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-8 468240]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2003-10-22 14336]
S1 f7a48743;f7a48743;c:\windows\system32\drivers\f7a48743.sys --> c:\windows\system32\drivers\f7a48743.sys [?]

=============== Created Last 30 ================

2009-02-09 10:17 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-09 07:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-08 20:41 356 ---shr-- C:\autorun.inf
2009-01-23 03:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viper
2009-01-22 15:27 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-22 15:27 14,592 a------- c:\windows\system32\drivers\kbdhid.sys

==================== Find3M ====================

2008-12-23 16:25 407,644 a------- c:\windows\system32\prfh0404.dat
2008-12-23 16:25 148,674 a------- c:\windows\system32\prfc0404.dat
2008-12-23 16:25 3,626 a------- c:\windows\system32\PerfStringBackup.TMP
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-11-26 14:52 278,528 a------- c:\windows\system32\WinDll.dll

============= FINISH: 5:18:00.99 ===============




SECOND LOG


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2007 22:25:07
System Uptime: 2/11/2009 4:23:37 (-6335 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1.50GHz | uFC-PGA Socket | 1496/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 2.855 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\5CB84A3900
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\5CB84A3900
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Service: E100B

==== System Restore Points ===================

RP492: 24/11/2008 20:27:17 - Software Distribution Service 3.0
RP493: 24/11/2008 20:27:18 - Software Distribution Service 3.0
RP494: 24/11/2008 20:27:19 - ??????? Counter-Strike 1.6
RP495: 24/11/2008 20:27:19 - 系統檢查點
RP496: 24/11/2008 20:27:20 - Software Distribution Service 3.0
RP497: 24/11/2008 20:27:22 - Software Distribution Service 3.0
RP498: 24/11/2008 20:27:24 - Software Distribution Service 3.0
RP499: 24/11/2008 20:27:25 - Software Distribution Service 3.0
RP500: 24/11/2008 20:27:26 - Software Distribution Service 3.0
RP501: 24/11/2008 20:27:27 - 系統檢查點
RP502: 24/11/2008 20:27:27 - Software Distribution Service 3.0
RP503: 24/11/2008 20:27:28 - Software Distribution Service 3.0
RP504: 24/11/2008 20:27:28 - Software Distribution Service 3.0
RP505: 24/11/2008 20:27:29 - Software Distribution Service 3.0
RP506: 24/11/2008 20:27:30 - Software Distribution Service 3.0
RP507: 24/11/2008 20:27:32 - Software Distribution Service 3.0
RP508: 24/11/2008 20:27:33 - Software Distribution Service 3.0
RP509: 24/11/2008 20:27:34 - Software Distribution Service 3.0
RP510: 24/11/2008 20:27:36 - Software Distribution Service 3.0
RP511: 24/11/2008 20:27:38 - Software Distribution Service 3.0
RP512: 24/11/2008 20:27:39 - Software Distribution Service 3.0
RP513: 24/11/2008 20:27:40 - Software Distribution Service 3.0
RP514: 24/11/2008 20:27:41 - Software Distribution Service 3.0
RP515: 24/11/2008 20:27:41 - Software Distribution Service 3.0
RP516: 24/11/2008 20:27:41 - Software Distribution Service 3.0
RP517: 24/11/2008 20:27:42 - Software Distribution Service 3.0
RP518: 24/11/2008 20:27:42 - Software Distribution Service 3.0
RP519: 24/11/2008 20:27:43 - Software Distribution Service 3.0
RP520: 24/11/2008 20:27:43 - Software Distribution Service 3.0
RP521: 24/11/2008 20:27:43 - Software Distribution Service 3.0
RP522: 24/11/2008 20:27:44 - Software Distribution Service 3.0
RP523: 24/11/2008 20:27:44 - Software Distribution Service 3.0
RP524: 24/11/2008 20:27:45 - Software Distribution Service 3.0
RP525: 24/11/2008 20:27:46 - Software Distribution Service 3.0
RP526: 24/11/2008 20:27:48 - Software Distribution Service 3.0
RP527: 24/11/2008 20:27:48 - Software Distribution Service 3.0
RP528: 24/11/2008 20:27:49 - Software Distribution Service 3.0
RP529: 24/11/2008 20:27:49 - Software Distribution Service 3.0
RP530: 24/11/2008 20:27:49 - Software Distribution Service 3.0
RP531: 24/11/2008 20:27:50 - Software Distribution Service 3.0
RP532: 24/11/2008 20:27:50 - Software Distribution Service 3.0
RP533: 24/11/2008 20:27:50 - Software Distribution Service 3.0
RP534: 24/11/2008 20:27:51 - Software Distribution Service 3.0
RP535: 24/11/2008 20:27:52 - Software Distribution Service 3.0
RP536: 24/11/2008 20:27:53 - 系統檢查點
RP537: 24/11/2008 20:27:53 - 系統檢查點
RP538: 24/11/2008 20:27:57 - Software Distribution Service 3.0
RP539: 24/11/2008 20:28:00 - Software Distribution Service 3.0
RP540: 24/11/2008 20:28:04 - 系統檢查點
RP541: 24/11/2008 20:28:06 - 已移除 iTunes
RP542: 24/11/2008 20:28:11 - Software Distribution Service 3.0
RP543: 24/11/2008 20:28:12 - Software Distribution Service 3.0
RP544: 24/11/2008 20:28:13 - Software Distribution Service 3.0
RP545: 24/11/2008 20:28:13 - Software Distribution Service 3.0
RP546: 24/11/2008 20:28:14 - Software Distribution Service 3.0
RP547: 24/11/2008 20:28:14 - Software Distribution Service 3.0
RP548: 24/11/2008 20:28:16 - 系統檢查點
RP549: 24/11/2008 20:28:16 - Software Distribution Service 3.0
RP550: 24/11/2008 20:28:17 - Software Distribution Service 3.0
RP551: 24/11/2008 20:28:17 - Software Distribution Service 3.0
RP552: 24/11/2008 20:28:18 - 系統檢查點
RP553: 24/11/2008 20:28:19 - Software Distribution Service 3.0
RP554: 24/11/2008 20:28:19 - Software Distribution Service 3.0
RP555: 24/11/2008 20:28:20 - Software Distribution Service 3.0
RP556: 24/11/2008 20:28:21 - Software Distribution Service 3.0
RP557: 24/11/2008 20:28:21 - 已移除 Bonjour
RP558: 24/11/2008 20:28:21 - 系統檢查點
RP559: 24/11/2008 20:28:22 - 系統檢查點
RP560: 24/11/2008 20:28:24 - 系統檢查點
RP561: 24/11/2008 20:28:24 - 系統檢查點
RP562: 24/11/2008 20:28:25 - 系統檢查點
RP563: 24/11/2008 20:28:25 - 系統檢查點
RP564: 24/11/2008 20:28:26 - 系統檢查點
RP565: 24/11/2008 20:28:27 - 系統檢查點
RP566: 24/11/2008 20:28:28 - 系統檢查點
RP567: 24/11/2008 20:28:28 - 系統檢查點
RP568: 24/11/2008 20:28:28 - 系統檢查點
RP569: 24/11/2008 20:28:30 - 系統檢查點
RP570: 24/11/2008 20:28:30 - Software Distribution Service 3.0
RP571: 24/11/2008 20:28:31 - 系統檢查點
RP572: 24/11/2008 20:28:31 - 系統檢查點
RP573: 24/11/2008 20:28:31 - 系統檢查點
RP574: 24/11/2008 20:28:32 - 系統檢查點
RP575: 24/11/2008 20:28:32 - 系統檢查點
RP576: 24/11/2008 20:28:33 - 系統檢查點
RP577: 24/11/2008 20:28:33 - 已安裝 DirectX
RP578: 24/11/2008 20:28:44 - Last known good configuration
RP579: 26/11/2008 1:57:59 - 系統檢查點
RP580: 26/11/2008 18:18:25 - 已安裝 DirectX
RP581: 27/11/2008 3:59:18 - 還原操作
RP582: 29/11/2008 6:26:29 - 系統檢查點
RP583: 1/12/2008 22:43:50 - 系統檢查點
RP584: 5/12/2008 9:50:03 - 系統檢查點
RP585: 8/12/2008 3:26:57 - 系統檢查點
RP586: 9/12/2008 11:57:45 - 系統檢查點
RP587: 10/12/2008 12:45:00 - 系統檢查點
RP588: 11/12/2008 12:47:55 - 系統檢查點
RP589: 12/12/2008 13:30:23 - 系統檢查點
RP590: 13/12/2008 19:46:43 - 系統檢查點
RP591: 14/12/2008 6:03:17 - 已安裝 iTunes
RP592: 14/12/2008 6:46:11 - 已移除 iTunes
RP593: 14/12/2008 7:33:31 - 已安裝 iTunes
RP594: 15/12/2008 10:22:07 - 系統檢查點
RP595: 16/12/2008 12:21:12 - 系統檢查點
RP596: 17/12/2008 14:45:12 - 系統檢查點
RP597: 18/12/2008 17:49:21 - 系統檢查點
RP598: 20/12/2008 1:34:38 - 系統檢查點
RP599: 21/12/2008 6:22:11 - 系統檢查點
RP600: 22/12/2008 7:31:57 - 系統檢查點
RP601: 23/12/2008 10:24:14 - 已安裝 ESET NOD32 Antivirus
RP602: 23/12/2008 10:44:03 - 已安裝 ESET NOD32 Antivirus
RP603: 25/12/2008 13:11:38 - 系統檢查點
RP604: 26/12/2008 13:51:03 - 系統檢查點
RP605: 27/12/2008 17:25:29 - 系統檢查點
RP606: 28/12/2008 17:55:11 - Software Distribution Service 3.0
RP607: 28/12/2008 20:19:59 - Software Distribution Service 3.0
RP608: 29/12/2008 20:46:28 - 系統檢查點
RP609: 29/12/2008 22:42:50 - Software Distribution Service 3.0
RP610: 31/12/2008 9:24:39 - 系統檢查點
RP611: 1/1/2009 17:03:15 - 系統檢查點
RP612: 2/1/2009 20:42:09 - 系統檢查點
RP613: 4/1/2009 18:40:29 - 系統檢查點
RP614: 5/1/2009 21:47:24 - 系統檢查點
RP615: 7/1/2009 15:12:19 - 系統檢查點
RP616: 8/1/2009 19:19:42 - 系統檢查點
RP617: 10/1/2009 17:32:10 - 系統檢查點
RP618: 11/1/2009 18:25:26 - 系統檢查點
RP619: 12/1/2009 18:56:15 - 系統檢查點
RP620: 13/1/2009 21:31:32 - 系統檢查點
RP621: 14/1/2009 10:38:56 - Software Distribution Service 3.0
RP622: 14/1/2009 21:08:54 - Software Distribution Service 3.0
RP623: 15/1/2009 8:00:28 - Software Distribution Service 3.0
RP624: 16/1/2009 8:00:31 - Software Distribution Service 3.0
RP625: 17/1/2009 19:15:29 - 系統檢查點
RP626: 18/1/2009 17:05:23 - Software Distribution Service 3.0
RP627: 19/1/2009 8:00:22 - Software Distribution Service 3.0
RP628: 20/1/2009 8:00:39 - Software Distribution Service 3.0
RP629: 21/1/2009 8:00:48 - Software Distribution Service 3.0
RP630: 22/1/2009 8:00:38 - Software Distribution Service 3.0
RP631: 23/1/2009 8:00:36 - Software Distribution Service 3.0
RP632: 24/1/2009 8:00:34 - Software Distribution Service 3.0
RP633: 25/1/2009 8:01:49 - Software Distribution Service 3.0
RP634: 26/1/2009 8:00:33 - Software Distribution Service 3.0
RP635: 27/1/2009 8:00:34 - Software Distribution Service 3.0
RP636: 28/1/2009 8:00:34 - Software Distribution Service 3.0
RP637: 29/1/2009 8:00:28 - Software Distribution Service 3.0
RP638: 30/1/2009 8:00:33 - Software Distribution Service 3.0
RP639: 31/1/2009 8:00:28 - Software Distribution Service 3.0
RP640: 1/2/2009 11:33:19 - Software Distribution Service 3.0
RP641: 2/2/2009 8:00:33 - Software Distribution Service 3.0
RP642: 3/2/2009 9:05:45 - Software Distribution Service 3.0
RP643: 5/2/2009 1:43:47 - 系統檢查點
RP644: 6/2/2009 21:19:53 - 系統檢查點
RP645: 7/2/2009 21:30:36 - 系統檢查點
RP646: 8/2/2009 8:00:31 - Software Distribution Service 3.0
RP647: 9/2/2009 17:45:05 - 系統檢查點

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Bonjour
DirectVobSub (remove only)
DVD-RAM驅動程式
ESET NOD32 Antivirus
Football Manager 2009
Foxy v1.9.8
Hong Kong Toolbar 3.1.0.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wireless
iPhoneRingToneMaker 2.5.1
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.1.5 Standard
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - CHT
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 語言套件 - 繁體中文
Microsoft Base Smart Card Cryptographic Service Provider 封裝
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Chinese (Traditional)) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Windows 2000/XP Display Drivers
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
SigmaTel AC97 聲訊驅動程式
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
Toshiba Hotkey Utility for Display Devices
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.0.1
TOSHIBA Utilities
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
WebFldrs XP
WEB捃濘
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 Hotfix (KB947864)
Windows Internet Explorer 7 安全性更新 (KB938127)
Windows Internet Explorer 7 安全性更新 (KB944533)
Windows Internet Explorer 7 安全性更新 (KB950759)
Windows Internet Explorer 7 安全性更新 (KB953838)
Windows Internet Explorer 7 安全性更新 (KB956390)
Windows Internet Explorer 7 安全性更新 (KB958215)
Windows Internet Explorer 7 安全性更新 (KB960714)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live 登入小幫手
Windows Live 影像中心
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11 Hotfix (KB939683)
Windows Media Player 11 安全性更新 (KB936782)
Windows Media Player 11 安全性更新 (KB954154)
Windows Media Player 6.4 安全性更新 (KB925398)
Windows Media Player 9 安全性更新 (KB917734)
Windows Media Player 安全性更新 (KB911564)
Windows Media Player 安全性更新 (KB952069)
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix (KB914440)
Windows XP Hotfix (KB952287)
Windows XP Service Pack 2
Windows XP 安全性更新 (KB890046)
Windows XP 安全性更新 (KB893756)
Windows XP 安全性更新 (KB896358)
Windows XP 安全性更新 (KB896423)
Windows XP 安全性更新 (KB896424)
Windows XP 安全性更新 (KB896428)
Windows XP 安全性更新 (KB899587)
Windows XP 安全性更新 (KB899589)
Windows XP 安全性更新 (KB899591)
Windows XP 安全性更新 (KB900725)
Windows XP 安全性更新 (KB901017)
Windows XP 安全性更新 (KB901190)
Windows XP 安全性更新 (KB901214)
Windows XP 安全性更新 (KB902400)
Windows XP 安全性更新 (KB904706)
Windows XP 安全性更新 (KB905414)
Windows XP 安全性更新 (KB905749)
Windows XP 安全性更新 (KB908519)
Windows XP 安全性更新 (KB911562)
Windows XP 安全性更新 (KB911927)
Windows XP 安全性更新 (KB912919)
Windows XP 安全性更新 (KB913580)
Windows XP 安全性更新 (KB914388)
Windows XP 安全性更新 (KB914389)
Windows XP 安全性更新 (KB917344)
Windows XP 安全性更新 (KB917422)
Windows XP 安全性更新 (KB917953)
Windows XP 安全性更新 (KB918118)
Windows XP 安全性更新 (KB919007)
Windows XP 安全性更新 (KB920213)
Windows XP 安全性更新 (KB920670)
Windows XP 安全性更新 (KB920683)
Windows XP 安全性更新 (KB920685)
Windows XP 安全性更新 (KB921398)
Windows XP 安全性更新 (KB921503)
Windows XP 安全性更新 (KB921883)
Windows XP 安全性更新 (KB922616)
Windows XP 安全性更新 (KB922819)
Windows XP 安全性更新 (KB923191)
Windows XP 安全性更新 (KB923414)
Windows XP 安全性更新 (KB923689)
Windows XP 安全性更新 (KB923694)
Windows XP 安全性更新 (KB923980)
Windows XP 安全性更新 (KB924191)
Windows XP 安全性更新 (KB924270)
Windows XP 安全性更新 (KB924496)
Windows XP 安全性更新 (KB924667)
Windows XP 安全性更新 (KB925902)
Windows XP 安全性更新 (KB926255)
Windows XP 安全性更新 (KB926436)
Windows XP 安全性更新 (KB927779)
Windows XP 安全性更新 (KB927802)
Windows XP 安全性更新 (KB928255)
Windows XP 安全性更新 (KB928843)
Windows XP 安全性更新 (KB929123)
Windows XP 安全性更新 (KB929969)
Windows XP 安全性更新 (KB930178)
Windows XP 安全性更新 (KB931261)
Windows XP 安全性更新 (KB931768)
Windows XP 安全性更新 (KB931784)
Windows XP 安全性更新 (KB932168)
Windows XP 安全性更新 (KB933566)
Windows XP 安全性更新 (KB933729)
Windows XP 安全性更新 (KB935839)
Windows XP 安全性更新 (KB935840)
Windows XP 安全性更新 (KB936021)
Windows XP 安全性更新 (KB937143)
Windows XP 安全性更新 (KB937894)
Windows XP 安全性更新 (KB938127)
Windows XP 安全性更新 (KB938464)
Windows XP 安全性更新 (KB938829)
Windows XP 安全性更新 (KB939653)
Windows XP 安全性更新 (KB941202)
Windows XP 安全性更新 (KB941568)
Windows XP 安全性更新 (KB941569)
Windows XP 安全性更新 (KB941644)
Windows XP 安全性更新 (KB941693)
Windows XP 安全性更新 (KB942615)
Windows XP 安全性更新 (KB943055)
Windows XP 安全性更新 (KB943460)
Windows XP 安全性更新 (KB943485)
Windows XP 安全性更新 (KB944338)
Windows XP 安全性更新 (KB944533)
Windows XP 安全性更新 (KB944653)
Windows XP 安全性更新 (KB945553)
Windows XP 安全性更新 (KB946026)
Windows XP 安全性更新 (KB946648)
Windows XP 安全性更新 (KB947864)
Windows XP 安全性更新 (KB948590)
Windows XP 安全性更新 (KB948881)
Windows XP 安全性更新 (KB950749)
Windows XP 安全性更新 (KB950760)
Windows XP 安全性更新 (KB950762)
Windows XP 安全性更新 (KB950974)
Windows XP 安全性更新 (KB951066)
Windows XP 安全性更新 (KB951376-v2)
Windows XP 安全性更新 (KB951376)
Windows XP 安全性更新 (KB951698)
Windows XP 安全性更新 (KB951748)
Windows XP 安全性更新 (KB952954)
Windows XP 安全性更新 (KB953839)
Windows XP 安全性更新 (KB954211)
Windows XP 安全性更新 (KB954600)
Windows XP 安全性更新 (KB955069)
Windows XP 安全性更新 (KB956391)
Windows XP 安全性更新 (KB956802)
Windows XP 安全性更新 (KB956803)
Windows XP 安全性更新 (KB956841)
Windows XP 安全性更新 (KB957095)
Windows XP 安全性更新 (KB957097)
Windows XP 安全性更新 (KB958644)
Windows XP 安全性更新 (KB958687)
Windows XP 更新 (KB898461)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB904942)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB910437)
Windows XP 更新 (KB911280)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920342)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
Windows XP 更新 (KB925720)
Windows XP 更新 (KB925876)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB930916)
Windows XP 更新 (KB931836)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB933360)
Windows XP 更新 (KB936357)
Windows XP 更新 (KB938828)
Windows XP 更新 (KB942763)
Windows XP 更新 (KB942840)
Windows XP 更新 (KB946627)
Windows XP 更新 (KB951072-v2)
Windows XP 更新 (KB955839)
WinRAR 壓縮工具
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/2/2009 8:02:15, error: Windows Update Agent [20] - 安裝失敗: Windows 無法安裝下列更新，錯誤 0x8007054f: KB951748：Windows XP 安全性更新。
8/2/2009 8:01:17, error: NtServicePack [4373] - Windows XP KB951748 安裝失敗。
發生一個內部錯誤。
7/2/2009 19:06:28, error: Service Control Manager [7011] - stisvc 服務的異動回應等候逾時 (30000 毫秒)。
5/2/2009 19:11:09, error: Server [2505] - 伺服器無法與 \Device\NetBT_Tcpip_{BF608A83-07CB-40DC-9F16-3E0D4F0D49D6} 傳輸相連結，因為網路上的另一部電腦具有相同的名稱。伺服器無法啟動。
5/2/2009 19:10:53, error: IPRIP [29053] - IPRIP 無法在 IP 位址 192.168.0.2 的本機介面上加入多點 傳送群組 224.0.0.9。資料是錯誤碼。
5/2/2009 19:10:51, error: ipnathlp [32003] - 網路位址轉譯器 (NAT) 無法要求 核心模式轉譯模組進行操作。 這可能表示設定有錯誤，資源不足，或 是發生內部錯誤。 資料是錯誤碼。
4/2/2009 19:52:22, error: ipnathlp [32003] - 網路位址轉譯器 (NAT) 無法要求 核心模式轉譯模組進行操作。 這可能表示設定有錯誤，資源不足，或 是發生內部錯誤。 資料是錯誤碼。
8/2/2009 20:59:27, error: Service Control Manager [7011] - stisvc 服務的異動回應等候逾時 (30000 毫秒)。
9/2/2009 8:00:50, error: NtServicePack [4373] - Windows XP KB951748 安裝失敗。
發生一個內部錯誤。
9/2/2009 8:02:09, error: Windows Update Agent [20] - 安裝失敗: Windows 無法安裝下列更新，錯誤 0x8007054f: KB951748：Windows XP 安全性更新。
9/2/2009 10:09:59, error: IPRIP [29053] - IPRIP 無法在 IP 位址 192.168.0.2 的本機介面上加入多點 傳送群組 224.0.0.9。資料是錯誤碼。
10/2/2009 8:30:18, error: NtServicePack [4373] - Windows XP KB951748 安裝失敗。
發生一個內部錯誤。
10/2/2009 8:38:57, error: Windows Update Agent [20] - 安裝失敗: Windows 無法安裝下列更新，錯誤 0x8007054f: KB951748：Windows XP 安全性更新。

==== End Of File ===========================

 

Welcome to WindowsBBS lok811

First update MBAM.

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.

If you are connected to a router you will need to stay disconnected until completing all instructions. If there are other computers connected to the router, they will also need to have MBAM updated, then disconnected from the router as well.

If it is a wireless router with wireless connections, you will likely need to reconfigure the router when done using a wired connection. If you do not know how to access and configure the router, post the make and model prior to beginning the following steps.


Disconnect from the router (all computers) then on this computer, disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Close it for now.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Now open MBAM and do a complete system scan.

• Make sure that everything found is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Now run MBAM the same way on all other computers.

Next, you will need to reset the router to factory defaults. You will need something small such as a pencil lead to press and hold for at least 10 seconds, the recessed reset button located on the back of the router.

Once the router has been reset and all computers disinfected, reconnect to the router and login to it's control panel.
Change the default password and if able to, the login username.


Now post the contents of the MBAM log and the C:\ComboFix.txt log here.

I would also recommend posting DDS logs and MBAM reports from all other computers connected.

 

Thank for your time in helping me. There is one thing which I cannot do, there are many computers connected to the router and most i do not have access to. (shared flat.) But it seems to me this is only happening to my computer.

I have uploaded new logs, MBAM logs and combofix logs.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 16:35:42.20 on 11/02/2009 Wed
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.950.852.1028.18.511.129 [GMT 0:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\SigmaTel\SigmaTel AC97 聲訊驅動程式\stacmon.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mandi\My Documents\Q9\QTRAYIME.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\桌面\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder network\webthunder\WebThunderBHO_Now.dll
BHO: ShowHKToolbar Class: {06433bfe-4946-4e89-823d-cd359c81cd06} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Hong Kong Toolbar: {481ee3ec-c026-4f9a-ba22-fd07654adfc0} - c:\program files\881903\ietoolbar\hktbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 聲配灑動程式\stacmon.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [LTSMMSG] LTSMMSG.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [WebThunder] c:\program files\thunder network\webthunder\WebThunder.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NodLogin] c:\program files\eset\eset nod32 antivirus\nodlogin.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\admini~1\「開始~1\程式集\啟動\q92k.lnk - c:\documents and settings\mandi\my documents\q9\Q92k.exe
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files\thunder network\webthunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files\thunder network\webthunder\GetAllUrl.htm
IE: {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\winavi flv converter\FLVTune.dll
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} - hxxp://download.pplive.com/webinstall/install.CAB
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/08d0f98b99f9bfd7eb05/netzip/RdxIE601.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230486415485
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187333450106
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU.cab?20080519
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - hxxp://tgnet.co.kr/vod/MagicLockOCX.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.freewebtown.com/community/image_uploader/ImageUploader3.cab
DPF: {B80CBA99-2493-4343-8A83-386E9F3CA5C2} - hxxp://www.isoshu.com/eread/WebReadOnLine_ATL.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/swflash.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs10u.cyworld.com.cn/common/activex/CyImgChina.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/pluginsetup.cab
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: lwtkrs.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-2-20 10112]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-8 468240]
S1 f7a48743;f7a48743;c:\windows\system32\drivers\f7a48743.sys --> c:\windows\system32\drivers\f7a48743.sys [?]

=============== Created Last 30 ================

2009-02-11 14:38 161,792 a------- c:\windows\SWREG.exe
2009-02-11 14:38 98,816 a------- c:\windows\sed.exe
2009-02-11 14:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-09 10:17 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-02-09 07:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-23 03:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viper
2009-01-22 15:27 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-22 15:27 14,592 a------- c:\windows\system32\drivers\kbdhid.sys

==================== Find3M ====================

2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-23 16:25 407,644 a------- c:\windows\system32\prfh0404.dat
2008-12-23 16:25 148,674 a------- c:\windows\system32\prfc0404.dat
2008-12-23 16:25 3,626 a------- c:\windows\system32\PerfStringBackup.TMP
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-11-26 14:52 278,528 a------- c:\windows\system32\WinDll.dll

============= FINISH: 16:36:28.57 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/6/2007 22:25:07
System Uptime: 2/11/2009 15:04:46 (-6335 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1.50GHz | uFC-PGA Socket | 1496/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 6.362 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\5CB84A3900
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\5CB84A3900
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_103D&SUBSYS_00011179&REV_83\4&16793A72&0&40F0
Service: E100B

==== System Restore Points ===================

RP492: 24/11/2008 20:27:17 - Software Distribution Service 3.0
RP493: 24/11/2008 20:27:18 - Software Distribution Service 3.0
RP494: 24/11/2008 20:27:19 - ??????? Counter-Strike 1.6
RP495: 24/11/2008 20:27:19 - 系統檢查點
RP496: 24/11/2008 20:27:20 - Software Distribution Service 3.0
RP497: 24/11/2008 20:27:22 - Software Distribution Service 3.0
RP498: 24/11/2008 20:27:24 - Software Distribution Service 3.0
RP499: 24/11/2008 20:27:25 - Software Distribution Service 3.0
RP500: 24/11/2008 20:27:26 - Software Distribution Service 3.0
RP501: 24/11/2008 20:27:27 - 系統檢查點
RP502: 24/11/2008 20:27:27 - Software Distribution Service 3.0
RP503: 24/11/2008 20:27:28 - Software Distribution Service 3.0
RP504: 24/11/2008 20:27:28 - Software Distribution Service 3.0
RP505: 24/11/2008 20:27:29 - Software Distribution Service 3.0
RP506: 24/11/2008 20:27:30 - Software Distribution Service 3.0
RP507: 24/11/2008 20:27:32 - Software Distribution Service 3.0
RP508: 24/11/2008 20:27:33 - Software Distribution Service 3.0
RP509: 24/11/2008 20:27:34 - Software Distribution Service 3.0
RP510: 24/11/2008 20:27:36 - Software Distribution Service 3.0
RP511: 24/11/2008 20:27:38 - Software Distribution Service 3.0
RP512: 24/11/2008 20:27:39 - Software Distribution Service 3.0
RP513: 24/11/2008 20:27:40 - Software Distribution Service 3.0
RP514: 24/11/2008 20:27:41 - Software Distribution Service 3.0
RP515: 24/11/2008 20:27:41 - Software Distribution Service 3.0
RP516: 24/11/2008 20:27:41 - Software Distribution Service 3.0
RP517: 24/11/2008 20:27:42 - Software Distribution Service 3.0
RP518: 24/11/2008 20:27:42 - Software Distribution Service 3.0
RP519: 24/11/2008 20:27:43 - Software Distribution Service 3.0
RP520: 24/11/2008 20:27:43 - Software Distribution Service 3.0
RP521: 24/11/2008 20:27:43 - Software Distribution Service 3.0
RP522: 24/11/2008 20:27:44 - Software Distribution Service 3.0
RP523: 24/11/2008 20:27:44 - Software Distribution Service 3.0
RP524: 24/11/2008 20:27:45 - Software Distribution Service 3.0
RP525: 24/11/2008 20:27:46 - Software Distribution Service 3.0
RP526: 24/11/2008 20:27:48 - Software Distribution Service 3.0
RP527: 24/11/2008 20:27:48 - Software Distribution Service 3.0
RP528: 24/11/2008 20:27:49 - Software Distribution Service 3.0
RP529: 24/11/2008 20:27:49 - Software Distribution Service 3.0
RP530: 24/11/2008 20:27:49 - Software Distribution Service 3.0
RP531: 24/11/2008 20:27:50 - Software Distribution Service 3.0
RP532: 24/11/2008 20:27:50 - Software Distribution Service 3.0
RP533: 24/11/2008 20:27:50 - Software Distribution Service 3.0
RP534: 24/11/2008 20:27:51 - Software Distribution Service 3.0
RP535: 24/11/2008 20:27:52 - Software Distribution Service 3.0
RP536: 24/11/2008 20:27:53 - 系統檢查點
RP537: 24/11/2008 20:27:53 - 系統檢查點
RP538: 24/11/2008 20:27:57 - Software Distribution Service 3.0
RP539: 24/11/2008 20:28:00 - Software Distribution Service 3.0
RP540: 24/11/2008 20:28:04 - 系統檢查點
RP541: 24/11/2008 20:28:06 - 已移除 iTunes
RP542: 24/11/2008 20:28:11 - Software Distribution Service 3.0
RP543: 24/11/2008 20:28:12 - Software Distribution Service 3.0
RP544: 24/11/2008 20:28:13 - Software Distribution Service 3.0
RP545: 24/11/2008 20:28:13 - Software Distribution Service 3.0
RP546: 24/11/2008 20:28:14 - Software Distribution Service 3.0
RP547: 24/11/2008 20:28:14 - Software Distribution Service 3.0
RP548: 24/11/2008 20:28:16 - 系統檢查點
RP549: 24/11/2008 20:28:16 - Software Distribution Service 3.0
RP550: 24/11/2008 20:28:17 - Software Distribution Service 3.0
RP551: 24/11/2008 20:28:17 - Software Distribution Service 3.0
RP552: 24/11/2008 20:28:18 - 系統檢查點
RP553: 24/11/2008 20:28:19 - Software Distribution Service 3.0
RP554: 24/11/2008 20:28:19 - Software Distribution Service 3.0
RP555: 24/11/2008 20:28:20 - Software Distribution Service 3.0
RP556: 24/11/2008 20:28:21 - Software Distribution Service 3.0
RP557: 24/11/2008 20:28:21 - 已移除 Bonjour
RP558: 24/11/2008 20:28:21 - 系統檢查點
RP559: 24/11/2008 20:28:22 - 系統檢查點
RP560: 24/11/2008 20:28:24 - 系統檢查點
RP561: 24/11/2008 20:28:24 - 系統檢查點
RP562: 24/11/2008 20:28:25 - 系統檢查點
RP563: 24/11/2008 20:28:25 - 系統檢查點
RP564: 24/11/2008 20:28:26 - 系統檢查點
RP565: 24/11/2008 20:28:27 - 系統檢查點
RP566: 24/11/2008 20:28:28 - 系統檢查點
RP567: 24/11/2008 20:28:28 - 系統檢查點
RP568: 24/11/2008 20:28:28 - 系統檢查點
RP569: 24/11/2008 20:28:30 - 系統檢查點
RP570: 24/11/2008 20:28:30 - Software Distribution Service 3.0
RP571: 24/11/2008 20:28:31 - 系統檢查點
RP572: 24/11/2008 20:28:31 - 系統檢查點
RP573: 24/11/2008 20:28:31 - 系統檢查點
RP574: 24/11/2008 20:28:32 - 系統檢查點
RP575: 24/11/2008 20:28:32 - 系統檢查點
RP576: 24/11/2008 20:28:33 - 系統檢查點
RP577: 24/11/2008 20:28:33 - 已安裝 DirectX
RP578: 24/11/2008 20:28:44 - Last known good configuration
RP579: 26/11/2008 1:57:59 - 系統檢查點
RP580: 26/11/2008 18:18:25 - 已安裝 DirectX
RP581: 27/11/2008 3:59:18 - 還原操作
RP582: 29/11/2008 6:26:29 - 系統檢查點
RP583: 1/12/2008 22:43:50 - 系統檢查點
RP584: 5/12/2008 9:50:03 - 系統檢查點
RP585: 8/12/2008 3:26:57 - 系統檢查點
RP586: 9/12/2008 11:57:45 - 系統檢查點
RP587: 10/12/2008 12:45:00 - 系統檢查點
RP588: 11/12/2008 12:47:55 - 系統檢查點
RP589: 12/12/2008 13:30:23 - 系統檢查點
RP590: 13/12/2008 19:46:43 - 系統檢查點
RP591: 14/12/2008 6:03:17 - 已安裝 iTunes
RP592: 14/12/2008 6:46:11 - 已移除 iTunes
RP593: 14/12/2008 7:33:31 - 已安裝 iTunes
RP594: 15/12/2008 10:22:07 - 系統檢查點
RP595: 16/12/2008 12:21:12 - 系統檢查點
RP596: 17/12/2008 14:45:12 - 系統檢查點
RP597: 18/12/2008 17:49:21 - 系統檢查點
RP598: 20/12/2008 1:34:38 - 系統檢查點
RP599: 21/12/2008 6:22:11 - 系統檢查點
RP600: 22/12/2008 7:31:57 - 系統檢查點
RP601: 23/12/2008 10:24:14 - 已安裝 ESET NOD32 Antivirus
RP602: 23/12/2008 10:44:03 - 已安裝 ESET NOD32 Antivirus
RP603: 25/12/2008 13:11:38 - 系統檢查點
RP604: 26/12/2008 13:51:03 - 系統檢查點
RP605: 27/12/2008 17:25:29 - 系統檢查點
RP606: 28/12/2008 17:55:11 - Software Distribution Service 3.0
RP607: 28/12/2008 20:19:59 - Software Distribution Service 3.0
RP608: 29/12/2008 20:46:28 - 系統檢查點
RP609: 29/12/2008 22:42:50 - Software Distribution Service 3.0
RP610: 31/12/2008 9:24:39 - 系統檢查點
RP611: 1/1/2009 17:03:15 - 系統檢查點
RP612: 2/1/2009 20:42:09 - 系統檢查點
RP613: 4/1/2009 18:40:29 - 系統檢查點
RP614: 5/1/2009 21:47:24 - 系統檢查點
RP615: 7/1/2009 15:12:19 - 系統檢查點
RP616: 8/1/2009 19:19:42 - 系統檢查點
RP617: 10/1/2009 17:32:10 - 系統檢查點
RP618: 11/1/2009 18:25:26 - 系統檢查點
RP619: 12/1/2009 18:56:15 - 系統檢查點
RP620: 13/1/2009 21:31:32 - 系統檢查點
RP621: 14/1/2009 10:38:56 - Software Distribution Service 3.0
RP622: 14/1/2009 21:08:54 - Software Distribution Service 3.0
RP623: 15/1/2009 8:00:28 - Software Distribution Service 3.0
RP624: 16/1/2009 8:00:31 - Software Distribution Service 3.0
RP625: 17/1/2009 19:15:29 - 系統檢查點
RP626: 18/1/2009 17:05:23 - Software Distribution Service 3.0
RP627: 19/1/2009 8:00:22 - Software Distribution Service 3.0
RP628: 20/1/2009 8:00:39 - Software Distribution Service 3.0
RP629: 21/1/2009 8:00:48 - Software Distribution Service 3.0
RP630: 22/1/2009 8:00:38 - Software Distribution Service 3.0
RP631: 23/1/2009 8:00:36 - Software Distribution Service 3.0
RP632: 24/1/2009 8:00:34 - Software Distribution Service 3.0
RP633: 25/1/2009 8:01:49 - Software Distribution Service 3.0
RP634: 26/1/2009 8:00:33 - Software Distribution Service 3.0
RP635: 27/1/2009 8:00:34 - Software Distribution Service 3.0
RP636: 28/1/2009 8:00:34 - Software Distribution Service 3.0
RP637: 29/1/2009 8:00:28 - Software Distribution Service 3.0
RP638: 30/1/2009 8:00:33 - Software Distribution Service 3.0
RP639: 31/1/2009 8:00:28 - Software Distribution Service 3.0
RP640: 1/2/2009 11:33:19 - Software Distribution Service 3.0
RP641: 2/2/2009 8:00:33 - Software Distribution Service 3.0
RP642: 3/2/2009 9:05:45 - Software Distribution Service 3.0
RP643: 5/2/2009 1:43:47 - 系統檢查點
RP644: 6/2/2009 21:19:53 - 系統檢查點
RP645: 7/2/2009 21:30:36 - 系統檢查點
RP646: 8/2/2009 8:00:31 - Software Distribution Service 3.0
RP647: 9/2/2009 17:45:05 - 系統檢查點
RP648: 11/2/2009 14:29:44 - Removed Java(TM) 6 Update 11
RP649: 11/2/2009 14:31:00 - 已安裝 Java(TM) 6 Update 12
RP650: 11/2/2009 14:39:42 - ComboFix created restore point

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
Bonjour
DirectVobSub (remove only)
DVD-RAM驅動程式
ESET NOD32 Antivirus
Football Manager 2009
Foxy v1.9.8
Hong Kong Toolbar 3.1.0.1
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wireless
iPhoneRingToneMaker 2.5.1
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 12
K-Lite Codec Pack 3.1.5 Standard
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - CHT
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 語言套件 - 繁體中文
Microsoft Base Smart Card Cryptographic Service Provider 封裝
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Chinese (Traditional)) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSXML 6 Service Pack 2 (KB954459)
NVIDIA Windows 2000/XP Display Drivers
QuickTime
RealPlayer
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
SigmaTel AC97 聲訊驅動程式
Synaptics Pointing Device Driver
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Display Devices Change Utility
Toshiba Hotkey Utility for Display Devices
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA TouchPad On/Off Utility V2.05.0.1
TOSHIBA Utilities
Tweak UI
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
WebFldrs XP
WEB捃濘
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 Hotfix (KB947864)
Windows Internet Explorer 7 安全性更新 (KB938127)
Windows Internet Explorer 7 安全性更新 (KB944533)
Windows Internet Explorer 7 安全性更新 (KB950759)
Windows Internet Explorer 7 安全性更新 (KB953838)
Windows Internet Explorer 7 安全性更新 (KB956390)
Windows Internet Explorer 7 安全性更新 (KB958215)
Windows Internet Explorer 7 安全性更新 (KB960714)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live 登入小幫手
Windows Live 影像中心
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11 Hotfix (KB939683)
Windows Media Player 11 安全性更新 (KB936782)
Windows Media Player 11 安全性更新 (KB954154)
Windows Media Player 6.4 安全性更新 (KB925398)
Windows Media Player 9 安全性更新 (KB917734)
Windows Media Player 安全性更新 (KB911564)
Windows Media Player 安全性更新 (KB952069)
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix (KB914440)
Windows XP Hotfix (KB952287)
Windows XP Service Pack 2
Windows XP 安全性更新 (KB890046)
Windows XP 安全性更新 (KB893756)
Windows XP 安全性更新 (KB896358)
Windows XP 安全性更新 (KB896423)
Windows XP 安全性更新 (KB896424)
Windows XP 安全性更新 (KB896428)
Windows XP 安全性更新 (KB899587)
Windows XP 安全性更新 (KB899589)
Windows XP 安全性更新 (KB899591)
Windows XP 安全性更新 (KB900725)
Windows XP 安全性更新 (KB901017)
Windows XP 安全性更新 (KB901190)
Windows XP 安全性更新 (KB901214)
Windows XP 安全性更新 (KB902400)
Windows XP 安全性更新 (KB904706)
Windows XP 安全性更新 (KB905414)
Windows XP 安全性更新 (KB905749)
Windows XP 安全性更新 (KB908519)
Windows XP 安全性更新 (KB911562)
Windows XP 安全性更新 (KB911927)
Windows XP 安全性更新 (KB912919)
Windows XP 安全性更新 (KB913580)
Windows XP 安全性更新 (KB914388)
Windows XP 安全性更新 (KB914389)
Windows XP 安全性更新 (KB917344)
Windows XP 安全性更新 (KB917422)
Windows XP 安全性更新 (KB917953)
Windows XP 安全性更新 (KB918118)
Windows XP 安全性更新 (KB919007)
Windows XP 安全性更新 (KB920213)
Windows XP 安全性更新 (KB920670)
Windows XP 安全性更新 (KB920683)
Windows XP 安全性更新 (KB920685)
Windows XP 安全性更新 (KB921398)
Windows XP 安全性更新 (KB921503)
Windows XP 安全性更新 (KB921883)
Windows XP 安全性更新 (KB922616)
Windows XP 安全性更新 (KB922819)
Windows XP 安全性更新 (KB923191)
Windows XP 安全性更新 (KB923414)
Windows XP 安全性更新 (KB923689)
Windows XP 安全性更新 (KB923694)
Windows XP 安全性更新 (KB923980)
Windows XP 安全性更新 (KB924191)
Windows XP 安全性更新 (KB924270)
Windows XP 安全性更新 (KB924496)
Windows XP 安全性更新 (KB924667)
Windows XP 安全性更新 (KB925902)
Windows XP 安全性更新 (KB926255)
Windows XP 安全性更新 (KB926436)
Windows XP 安全性更新 (KB927779)
Windows XP 安全性更新 (KB927802)
Windows XP 安全性更新 (KB928255)
Windows XP 安全性更新 (KB928843)
Windows XP 安全性更新 (KB929123)
Windows XP 安全性更新 (KB929969)
Windows XP 安全性更新 (KB930178)
Windows XP 安全性更新 (KB931261)
Windows XP 安全性更新 (KB931768)
Windows XP 安全性更新 (KB931784)
Windows XP 安全性更新 (KB932168)
Windows XP 安全性更新 (KB933566)
Windows XP 安全性更新 (KB933729)
Windows XP 安全性更新 (KB935839)
Windows XP 安全性更新 (KB935840)
Windows XP 安全性更新 (KB936021)
Windows XP 安全性更新 (KB937143)
Windows XP 安全性更新 (KB937894)
Windows XP 安全性更新 (KB938127)
Windows XP 安全性更新 (KB938464)
Windows XP 安全性更新 (KB938829)
Windows XP 安全性更新 (KB939653)
Windows XP 安全性更新 (KB941202)
Windows XP 安全性更新 (KB941568)
Windows XP 安全性更新 (KB941569)
Windows XP 安全性更新 (KB941644)
Windows XP 安全性更新 (KB941693)
Windows XP 安全性更新 (KB942615)
Windows XP 安全性更新 (KB943055)
Windows XP 安全性更新 (KB943460)
Windows XP 安全性更新 (KB943485)
Windows XP 安全性更新 (KB944338)
Windows XP 安全性更新 (KB944533)
Windows XP 安全性更新 (KB944653)
Windows XP 安全性更新 (KB945553)
Windows XP 安全性更新 (KB946026)
Windows XP 安全性更新 (KB946648)
Windows XP 安全性更新 (KB947864)
Windows XP 安全性更新 (KB948590)
Windows XP 安全性更新 (KB948881)
Windows XP 安全性更新 (KB950749)
Windows XP 安全性更新 (KB950760)
Windows XP 安全性更新 (KB950762)
Windows XP 安全性更新 (KB950974)
Windows XP 安全性更新 (KB951066)
Windows XP 安全性更新 (KB951376-v2)
Windows XP 安全性更新 (KB951376)
Windows XP 安全性更新 (KB951698)
Windows XP 安全性更新 (KB951748)
Windows XP 安全性更新 (KB952954)
Windows XP 安全性更新 (KB953839)
Windows XP 安全性更新 (KB954211)
Windows XP 安全性更新 (KB954600)
Windows XP 安全性更新 (KB955069)
Windows XP 安全性更新 (KB956391)
Windows XP 安全性更新 (KB956802)
Windows XP 安全性更新 (KB956803)
Windows XP 安全性更新 (KB956841)
Windows XP 安全性更新 (KB957095)
Windows XP 安全性更新 (KB957097)
Windows XP 安全性更新 (KB958644)
Windows XP 安全性更新 (KB958687)
Windows XP 更新 (KB898461)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB904942)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB910437)
Windows XP 更新 (KB911280)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920342)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
Windows XP 更新 (KB925720)
Windows XP 更新 (KB925876)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB930916)
Windows XP 更新 (KB931836)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB933360)
Windows XP 更新 (KB936357)
Windows XP 更新 (KB938828)
Windows XP 更新 (KB942763)
Windows XP 更新 (KB942840)
Windows XP 更新 (KB946627)
Windows XP 更新 (KB951072-v2)
Windows XP 更新 (KB955839)
WinRAR 壓縮工具
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

4/2/2009 19:52:22, error: ipnathlp [32003] - 網路位址轉譯器 (NAT) 無法要求 核心模式轉譯模組進行操作。 這可能表示設定有錯誤，資源不足，或 是發生內部錯誤。 資料是錯誤碼。
5/2/2009 19:10:51, error: ipnathlp [32003] - 網路位址轉譯器 (NAT) 無法要求 核心模式轉譯模組進行操作。 這可能表示設定有錯誤，資源不足，或 是發生內部錯誤。 資料是錯誤碼。
5/2/2009 19:10:53, error: IPRIP [29053] - IPRIP 無法在 IP 位址 192.168.0.2 的本機介面上加入多點 傳送群組 224.0.0.9。資料是錯誤碼。
5/2/2009 19:11:09, error: Server [2505] - 伺服器無法與 \Device\NetBT_Tcpip_{BF608A83-07CB-40DC-9F16-3E0D4F0D49D6} 傳輸相連結，因為網路上的另一部電腦具有相同的名稱。伺服器無法啟動。
7/2/2009 19:06:28, error: Service Control Manager [7011] - stisvc 服務的異動回應等候逾時 (30000 毫秒)。
8/2/2009 8:01:17, error: NtServicePack [4373] - Windows XP KB951748 安裝失敗。
發生一個內部錯誤。
8/2/2009 8:02:15, error: Windows Update Agent [20] - 安裝失敗: Windows 無法安裝下列更新，錯誤 0x8007054f: KB951748：Windows XP 安全性更新。
8/2/2009 20:59:27, error: Service Control Manager [7011] - stisvc 服務的異動回應等候逾時 (30000 毫秒)。
9/2/2009 8:00:50, error: NtServicePack [4373] - Windows XP KB951748 安裝失敗。
發生一個內部錯誤。
9/2/2009 8:02:09, error: Windows Update Agent [20] - 安裝失敗: Windows 無法安裝下列更新，錯誤 0x8007054f: KB951748：Windows XP 安全性更新。
9/2/2009 10:09:59, error: IPRIP [29053] - IPRIP 無法在 IP 位址 192.168.0.2 的本機介面上加入多點 傳送群組 224.0.0.9。資料是錯誤碼。
10/2/2009 8:30:18, error: NtServicePack [4373] - Windows XP KB951748 安裝失敗。
發生一個內部錯誤。
10/2/2009 8:38:57, error: Windows Update Agent [20] - 安裝失敗: Windows 無法安裝下列更新，錯誤 0x8007054f: KB951748：Windows XP 安全性更新。

==== End Of File ===========================

 

You are awesome man!!! Its all fixed. How would i prevent this kind of thing from happening again?

Thank you for your time!!!



Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

11/2/2009 16:31:27
mbam-log-2009-02-11 (16-31-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 140196
Time elapsed: 1 hour(s), 14 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP604\A0074432.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP604\A0074682.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP604\A0074708.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP604\A0074758.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP605\A0074828.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP605\A0074856.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4D216029-C929-450B-AC64-5216E08EE2CB}\RP605\A0074879.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.





ComboFix 09-02-10.03 - Administrator 2009-02-11 14:54:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.511.287 [GMT 0:00]
執行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* 成功創造新還原點
* Resident AV is active


注意 - 這台電腦沒有安裝恢復控制台 ！！
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\Mandi\Local Settings\Temporary Internet Files\hgstarterjp_verinfo.dat
c:\recycler\S-9-4-52-100032644-100019180-100028805-9962.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\gaopdxamrqhopc.sys
c:\windows\system32\drivers\gaopdxirwbobvc.sys
c:\windows\system32\drivers\gaopdxiuirqhes.sys
c:\windows\system32\drivers\gaopdxmrmpfait.sys
c:\windows\system32\drivers\gaopdxmxobrrpu.sys
c:\windows\system32\drivers\gaopdxqqpfvakc.sys
c:\windows\system32\drivers\gaopdxqyxdetku.sys
c:\windows\system32\drivers\gaopdxvspucfmi.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxwcdjbnyl.dll
c:\windows\Tasks\zqmcebqx.job
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( 2009-01-11 至 2009-02-11 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-02-11 14:31 . 2009-02-11 14:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-09 10:17 . 2009-02-09 10:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-09 07:46 . 2009-02-11 14:31 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-23 03:43 . 2009-01-23 03:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viper
2009-01-22 15:27 . 2004-08-12 02:11 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2009-01-22 15:27 . 2004-08-12 02:11 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2009-01-12 02:14 . 2004-08-04 07:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-12 02:14 . 2004-08-04 07:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 14:32 --------- d-----w c:\documents and settings\Administrator\Application Data\881903
2009-02-11 14:31 --------- d-----w c:\program files\Java
2009-02-11 06:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-09 09:28 --------- d-----w c:\program files\iPhoneRingToneMaker
2009-02-09 08:45 --------- d-----w c:\program files\ESET
2009-01-14 21:14 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-14 16:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 05:27 --------- d-----w c:\program files\Moyea
2009-01-13 05:27 --------- d-----w c:\documents and settings\Mandi\Application Data\Moyea
2009-01-10 04:56 --------- d-----w c:\documents and settings\Administrator\Application Data\iPhoneRingToneMaker
2009-01-10 04:39 --------- d-----w c:\documents and settings\Mandi\Application Data\iPhoneRingToneMaker
2009-01-03 01:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Moyea
2008-12-31 01:55 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-12-29 17:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2008-12-29 12:19 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2008-12-28 19:57 --------- d-----w c:\program files\LimeWire
2008-12-28 19:36 --------- d-----w c:\documents and settings\Administrator\Application Data\Sports Interactive
2008-12-28 19:35 --------- d-----w c:\program files\QuickTime
2008-12-28 19:03 --------- d-----w c:\documents and settings\Mandi\Application Data\881903
2008-12-28 18:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-28 16:34 --------- d-----w c:\documents and settings\Mandi\Application Data\Malwarebytes
2008-12-28 16:31 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 12:43 --------- d-----w c:\documents and settings\All Users\Application Data\vucache
2008-12-26 18:00 --------- d-----w c:\program files\Common Files\Totem Shared
2008-12-23 17:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-23 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-16 20:25 --------- d-----w c:\program files\Bonjour
2008-12-14 07:38 --------- d-----w c:\program files\iTunes
2008-12-14 07:35 --------- d-----w c:\program files\iPod
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:47 --------- d-sh--w c:\documents and settings\All Users\Application Data\thunder_vod_cache
.

------- Sigcheck -------

2006-04-20 11:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 12:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 16:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 10:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 11:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 11:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-04-20 11:38 340480 b8158e2a6112c0a5ca67bc158fc70218 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-04 06:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2002-09-13 12:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys
2006-04-20 11:51 359808 b4e29943b4b04bd5e7381546848e6669 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:20 360064 fb71513a2b527adfc0ce0c8d4f653205 c:\windows\$NtUninstallKB951748$\tcpip.sys
2004-08-04 06:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys
2008-04-13 19:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\44efa6227a0729b233508b6f95c3fb71\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\903a14300681efd6d9fe9766c1acaf2e\sp2gdr\tcpip.sys
2008-06-20 10:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
md5deep: c:\windows\system32\drivers\tcpip.sys: Permission denied

2007-06-18 11:39 977920 3ddb98936b29019549c6fbabd86846e7 c:\windows\explorer.exe
2007-06-18 11:41 977920 d1822278f43e2850e03ef36d29686d4f c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-09-13 12:00 948736 adb0e1dc3b406d5eb210df2a79233bde c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-12 01:16 976896 211358ae74733075c22142b3ac519a19 c:\windows\$NtUninstallKB938828$\explorer.exe
2004-08-12 01:16 976896 211358ae74733075c22142b3ac519a19 c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-15 10:54 978432 88057e7b74236c11098e4d4eeac7df5e c:\windows\SoftwareDistribution\Download\44efa6227a0729b233508b6f95c3fb71\explorer.exe
2007-06-18 11:39 977920 3ddb98936b29019549c6fbabd86846e7 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"NvCplDaemon "= "c:\windows\System32\NvCpl.dll" [2003-09-24 4861952]
"SigmaTel StacMon "= "c:\program files\SigmaTel\SigmaTel AC97 聲訊驅動程式\stacmon.exe" [2003-08-03 86073]
"00THotkey "= "c:\windows\System32\00THotkey.exe" [2003-04-15 12:01 258048]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 614400]
"TouchED "= "c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-06-13 122880]
"MSPY2002 "= "c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-09-13 59392]
"PRONoMgr.exe "= "c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"WebThunder "= "c:\program files\Thunder Network\WebThunder\WebThunder.exe" [2008-10-17 677280]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"egui "= "c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-08 185896]
"NodLogin "= "c:\program files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-08-25 359202]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-11 148888]
"nwiz "= "nwiz.exe" [2003-09-24 c:\windows\system32\nwiz.exe]
"000StTHK "= "000StTHK.exe" [2001-06-23 12:28 24576 c:\windows\system32\000StTHK.exe]
"TFNF5 "= "TFNF5.exe" [2003-07-18 c:\windows\system32\TFNF5.exe]
"TPSMain "= "TPSMain.exe" [2003-10-14 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]
"LTSMMSG "= "LTSMMSG.exe" [2003-04-18 c:\windows\ltsmmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\System32\CTFMON.EXE" [2004-08-12 15360]

c:\documents and settings\Administrator\「開始」功能表\程式集\啟動\
Q92k.lnk - c:\documents and settings\Mandi\My Documents\Q9\Q92k.exe [2006-04-29 1216000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 07:32 110592 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=lwtkrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Foxy\\Foxy.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\881903\\IETOOLBAR\\AudioUpdMgr.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Thunder Network\\WebThunder\\WebThunder.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26708:TCP "= 26708:TCP:BitComet 26708 TCP
"26708:UDP "= 26708:UDP:BitComet 26708 UDP
"24912:TCP "= 24912:TCP:BitComet 24912 TCP
"24912:UDP "= 24912:UDP:BitComet 24912 UDP
"21009:TCP "= 21009:TCP:BitComet 21009 TCP
"21009:UDP "= 21009:UDP:BitComet 21009 UDP
"6772:TCP "= 6772:TCP:Foxy (61.10.56.114:6772) 6772 TCP
"6772:UDP "= 6772:UDP:Foxy (61.10.56.114:6772) 6772 UDP
"9090:TCP "= 9090:TCP:TINYPROXY
"53:TCP "= 53:TCP:TINYPROXY
"3587:TCP "= 3587:TCP:Windows 對等式群組
"3540:UDP "= 3540:UDP:對等名稱解析通訊協定 (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2004-02-20 10112]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-08 468240]
S1 f7a48743;f7a48743;c:\windows\system32\drivers\f7a48743.sys --> c:\windows\system32\drivers\f7a48743.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
"˜計劃任務’ 文件夾 裡的內容

2009-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
HKLM-Run-syshtray - c:\windows\higeorge2.exe


.
------- 而外的掃描 -------
.
uStart Page = about:blank
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files\Thunder Network\WebThunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files\Thunder Network\WebThunder\GetAllUrl.htm
IE: {{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com
IE: {{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71} - c:\program files\WinAVI FLV Converter\FLVTune.dll
DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10217.cab
DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} - hxxp://download.pplive.com/webinstall/install.CAB
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/08d0f98b99f9bfd7eb05/netzip/RdxIE601.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU.cab?20080519
DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - hxxp://tgnet.co.kr/vod/MagicLockOCX.cab
DPF: {B80CBA99-2493-4343-8A83-386E9F3CA5C2} - hxxp://www.isoshu.com/eread/WebReadOnLine_ATL.cab
DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} - hxxp://fs10u.cyworld.com.cn/common/activex/CyImgChina.cab
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/pluginsetup.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 15:06:57
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 。。。

c:\windows\explorer.exe [1720] 0x82D16020

掃描被隱藏的啟動組 。。。

掃描被隱藏的文件 。。。

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@= "c:\\Program Files\\NetMeeting\\Blip.wav "

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@= "c:\\Program Files\\NetMeeting\\Blip.wav "

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@= "c:\\Program Files\\NetMeeting\\Blip.wav "

[HKEY_USERS\Administrator\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@= "c:\\Program Files\\NetMeeting\\Blip.wav "

[HKEY_USERS\Administrator\Software\G*e*n*i*e* "!\FM Genie Scout 2009 XE]
"GameDir "= "c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2009\\games "
"ShortlistDir "= "c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2009\\shortlists "
"ScreenshotsDir "= "c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2009 "
"SaveDir "= "c:\\Documents and Settings\\Administrator\\My Documents\\Sports Interactive\\Football Manager 2009\\ "
"HistoryDir "= "c:\\Documents and Settings\\Administrator\\桌面\\FM Genie Scout 2009 XE\\History Points "
"LangDB "= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat "
"LastSaveGame "=" "
"Language "= "English "
"LoadLangDB "=dword:00000001
"CompressHistoryPoints "=dword:00000000
"HighlightedAttributes "=dword:00000000
"MinCondition "=dword:00000050
"SkinName "= "Champions League "
"LastUpdateCheck "=dword:00000000
"HighQualityGUI "=dword:00000001
"AutomaticallyUpdateCheck "=dword:00000001
"AdvancedGeneration "=dword:00000000
"TranslateStaffSkills "=dword:00000001
"TranslatePlayerSkills "=dword:00000001
"TranslatePositions "=dword:00000001
"ShowHistory "=dword:00000001
"Version "=dword:00000066
"UniqueID "= "24-79EF-001D "
"Currency "=dword:00000056
"UseProxy "=dword:00000000
"ProxyHost "=" "
"ProxyPort "=" "
"UseAuthentication "=dword:00000000
"UserName "=" "
"UserPassword "=" "

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@= "{809B6661-94C4-49E6-B6EC-3F0F862215AA} "

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@= "BDATuner.元件.1 "
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\System32\LgNotify.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\conime.exe
c:\windows\system32\1XConfig.exe
c:\program files\SigmaTel\SigmaTel AC97 c:\windows\system32\00THotkey.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\documents and settings\Mandi\My Documents\Q9\QTRAYIME.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
完成時間: 2009-02-11 15:11:04 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2009-02-11 15:11:00

Pre-Run: 3,726,589,952 位元組可用
Post-Run: 6,815,936,512 位元組可用

292 --- E O F --- 2009-02-11 12:19:42

 

Do you have intentions of installing Service Pack 3 once the machine is clean?


Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Rootkit::
c:\windows\system32\drivers\f7a48743.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
 "AppInit_DLLs "=" "
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "9090:TCP "=-
 "53:TCP "=-
Driver::
f7a48743

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed when prompted.