Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help to remove packed.generic.200 and Trojan.metajuan

Started by wate , Mar 31 2009 08:23 PM

  • Please log in to reply

#1
wate
Posted 31 March 2009 - 08:23 PM

wate

    New Member

  • Member
  • Pip
  • 1 posts
My computer is infected by packed.generic.200 and Trojan.metajuan. The antivirus software (symantec Antivirus) that I have can not fix it. Symantec always asks me to restart the computer, but the problem is not fixed after rerooting. It also causes my computer frozen. In that case, I have to hard restart the computer. I hope that the experts at Geek To Go can help me fix the problem.

The following is the logfile of Rooter and OtListIt2:

logfile of Rooter:
Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:107301 Mo/Free:1735 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:238355 Mo/Free:1654 Mo)

03/31/2009 Tue|21:10

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\Program Files\Dantz\Retrospect\retrorun.exe
---------- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
---------- C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
---------- C:\WINDOWS\system32\igfxext.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
---------- C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
---------- C:\WINDOWS\system32\conime.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Apoint\Apoint.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
---------- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
---------- C:\Program Files\Apoint\Apvfb.exe
---------- C:\Program Files\Apoint\Apntex.exe
---------- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
---------- C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
---------- C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
---------- C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\Yulan\Cookies\[email protected][1].txt


1 - "C:\Rooter$\Rooter_1.txt" - 03/31/2009 Tue|21:12

----------------------\\ Scan completed at 21:12

The logfile of OtListIt2:

OTListIt logfile created on: 3/31/2009 21:14:19 - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Yulan\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 202.33 Mb Available Physical Memory | 19.95% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 25.69 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 232.77 Gb Total Space | 157.62 Gb Free Space | 67.71% Space Free | Partition Type: NTFS

Computer Name: WATE
Current User Name: Yulan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Yulan\My Documents\Downloads\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (NSCTOP [Auto | Running]) -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Auto | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SonicStageMonitoring [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WFPService [Auto | Running]) -- C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.049\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.049\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (Intel? Corporation)
DRV - (P0630VID [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\P0630Vid.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SNC [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Corporation)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (ti21sony [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (toshidpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



[2007/02/15 13:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\mozilla\Firefox\Profiles\fo6wca78.default\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Yulan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra Button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll (金山软件股份有限公司)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {45091AA2-1574-4EC8-B520-4C27E29CF889} http://www.gmarket.c.../gifFreezer.cab (GifFreezerCtrl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://yulan25.space...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://mn102.coolsav...oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://yulan25.space...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} http://ps.itv.mop.co...0.95_signed.cab (pCastPanel Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dic {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll (金山软件股份有限公司)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{ade3f5a8-5d75-11dd-932f-0018de621fa8}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/31 21:10:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/31 20:53:29 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\Yulan\Desktop\HJTInstall.exe
[2009/03/31 20:43:40 | 10,634,40384 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 13:58:20 | 02,938,310 | ---- | C] () -- C:\DOCUME~1\Yulan\Desktop\ComboFix.exe
[2009/03/31 10:53:19 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Yulan\My Documents\~$mments-1.docx
[2009/03/27 23:42:41 | 02,131,091 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Thesis_03_25_09_1.pdf
[2009/03/27 23:37:13 | 02,179,470 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\YulanDissertation.pdf
[2009/03/27 18:45:39 | 00,018,016 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\PrelimPages2.pdf
[2009/03/26 15:23:44 | 00,089,575 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Using odds ratio to estimate the contribution of.pptx
[2009/03/15 17:35:05 | 00,029,513 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Paycheck030109-The University of Iowa.pdf
[2009/03/11 01:01:48 | 00,024,576 | -HS- | C] () -- C:\DOCUME~1\Yulan\Desktop\Thumbs.db
[2009/03/08 11:40:23 | 00,085,778 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\f24.pdf
[2009/03/06 12:58:47 | 00,027,476 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\7450165.jpg
[2009/03/06 12:08:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\microsoft
[2009/03/04 22:58:53 | 01,074,443 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Proposal_Ch2_Experimental Plan03052009c.docx
[2009/03/02 18:46:00 | 00,026,832 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Comments-1.docx
[2009/03/02 15:38:24 | 00,024,316 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Comments.docx
[2009/03/02 02:32:17 | 00,076,288 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Drawing2.vsd

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/31 20:48:52 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/03/31 20:48:49 | 00,000,125 | -HS- | M] () -- C:\DOCUME~1\ALLUSE~1\Application Data\.zreglib
[2009/03/31 20:48:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/31 20:47:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/31 20:47:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/31 20:47:31 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/31 15:05:29 | 00,024,576 | -HS- | M] () -- C:\DOCUME~1\Yulan\Desktop\Thumbs.db
[2009/03/31 14:57:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/31 14:57:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/31 14:52:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/31 14:52:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/31 14:51:30 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-19288672-3673173615-1739268137-1005.job
[2009/03/31 13:52:05 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\Yulan\Desktop\HJTInstall.exe
[2009/03/31 13:46:34 | 02,938,310 | ---- | M] () -- C:\DOCUME~1\Yulan\Desktop\ComboFix.exe
[2009/03/31 12:22:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/31 12:22:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/31 11:56:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/31 11:56:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/31 11:51:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/31 11:51:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/31 11:20:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/31 11:20:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/03/31 10:53:19 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Yulan\My Documents\~$mments-1.docx
[2009/03/31 10:43:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/31 10:43:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/31 10:32:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/31 10:32:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/30 19:35:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/30 18:21:29 | 00,001,854 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2009/03/30 18:20:11 | 00,000,101 | ---- | M] () -- C:\WINDOWS\System32\xlhcc.dat
[2009/03/30 18:16:21 | 00,000,767 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts1
[2009/03/29 14:27:19 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/27 23:49:04 | 02,179,470 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\YulanDissertation.pdf
[2009/03/27 23:42:41 | 02,131,091 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Thesis_03_25_09_1.pdf
[2009/03/27 18:45:39 | 00,018,016 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\PrelimPages2.pdf
[2009/03/26 15:24:23 | 00,089,575 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Using odds ratio to estimate the contribution of.pptx
[2009/03/25 23:38:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/03/24 01:31:16 | 02,641,664 | -H-- | M] () -- C:\DOCUME~1\Yulan\Local Settings\Application Data\IconCache.db
[2009/03/18 15:49:20 | 00,030,104 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\败家志.xlsx
[2009/03/15 17:35:05 | 00,029,513 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Paycheck030109-The University of Iowa.pdf
[2009/03/12 10:26:22 | 00,484,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/12 10:26:22 | 00,411,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/12 10:26:22 | 00,065,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/12 10:25:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/12 10:25:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/12 10:21:15 | 00,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 10:03:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 11:40:23 | 00,085,778 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\f24.pdf
[2009/03/06 12:58:47 | 00,027,476 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\7450165.jpg
[2009/03/05 14:35:08 | 01,074,443 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Proposal_Ch2_Experimental Plan03052009c.docx
[2009/03/03 03:10:22 | 00,026,832 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Comments-1.docx
[2009/03/02 16:22:42 | 00,076,288 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Drawing2.vsd
[2009/03/02 15:39:53 | 00,024,316 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Comments.docx

========== LOP Check ==========

[2008/09/13 00:13:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Yulan\Application Data
[2008/02/13 11:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Adobe
[2007/01/11 16:46:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\AdobeUM
[2007/01/11 18:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Apple Computer
[2008/05/28 19:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\ArcSoft
[2008/05/15 23:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Audacity
[2008/06/29 20:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\BitTorrent
[2007/06/23 22:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\CoreCodec
[2007/06/19 14:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\EndNote
[2007/01/11 17:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Google
[2008/06/09 17:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\gtk-2.0
[2007/01/18 19:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Help
[2007/01/13 01:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\ICAClient
[2006/08/10 02:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Identities
[2007/03/09 16:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\IDMComp
[2007/06/13 19:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\InterVideo
[2006/09/14 15:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Intuit
[2007/01/11 18:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Kingsoft
[2007/01/11 18:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Leadertech
[2007/01/11 16:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Macromedia
[2007/01/13 15:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\MathWorks
[2007/02/03 14:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Media Player Classic
[2008/09/08 12:13:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Yulan\Application Data\Microsoft
[2009/03/27 19:17:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Yulan\Application Data\Move Networks
[2007/02/15 13:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Mozilla
[2007/10/13 18:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\PPLive
[2008/09/14 13:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\ppstream
[2008/05/21 16:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Publish Providers
[2008/11/06 13:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Real
[2008/02/20 12:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\SAS
[2008/05/17 10:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Seeing Machines
[2008/05/03 13:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Skype
[2007/01/11 18:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sonic
[2008/05/21 16:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sony
[2007/01/11 16:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sony Corporation
[2007/01/13 12:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sun
[2007/02/15 13:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Talkback
[2007/01/11 16:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Template
[2007/02/01 22:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\U3
[2007/01/12 11:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Unispim
[2008/04/15 09:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Weather Clock
[2006/03/15 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/31 14:51:30 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-19288672-3673173615-1739268137-1005.job
[2007/06/14 13:06:16 | 00,000,856 | ---- | M] () -- C:\WINDOWS\Tasks\Regular.job
[2009/03/31 20:47:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP