The following is the logfile of Rooter and OtListIt2:
logfile of Rooter:
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:107301 Mo/Free:1735 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
Z:\ [Network] (Total:238355 Mo/Free:1654 Mo)
03/31/2009 Tue|21:10
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
---------- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\Program Files\Dantz\Retrospect\retrorun.exe
---------- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
---------- C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe
---------- C:\WINDOWS\system32\igfxext.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\WINDOWS\system32\igfxsrvc.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe
---------- C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
---------- C:\WINDOWS\system32\conime.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Apoint\Apoint.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
---------- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
---------- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
---------- C:\Program Files\Apoint\Apvfb.exe
---------- C:\Program Files\Apoint\Apntex.exe
---------- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
---------- C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
---------- C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
---------- C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Program Files\Internet Explorer\Iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
----------------------\\ Cracks & Keygens..
C:\DOCUME~1\Yulan\Cookies\yulan@crackle[1].txt
1 - "C:\Rooter$\Rooter_1.txt" - 03/31/2009 Tue|21:12
----------------------\\ Scan completed at 21:12
The logfile of OtListIt2:
OTListIt logfile created on: 3/31/2009 21:14:19 - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Yulan\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.11 Mb Total Physical Memory | 202.33 Mb Available Physical Memory | 19.95% Memory free
2.38 Gb Paging File | 1.69 Gb Available in Paging File | 70.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 25.69 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 232.77 Gb Total Space | 157.62 Gb Free Space | 67.71% Space Free | Partition Type: NTFS
Computer Name: WATE
Current User Name: Yulan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\WFPUser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\wfpasieve.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Apoint\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Yulan\My Documents\Downloads\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSCSPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (NSCTOP [Auto | Running]) -- C:\Program Files\Symantec\Symantec System Center\NscTop.exe (Symantec Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PACSPTISVR [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Helper [Auto | Stopped]) -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe (Dantz Development Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SonicStageMonitoring [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VAIO Event Service [Auto | Running]) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Vcsw [On_Demand | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VzFw [Auto | Running]) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (WFPService [Auto | Running]) -- C:\Program Files\Microsoft Windows Feedback Panel\WFPService.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsVga [System | Running]) -- C:\WINDOWS\system32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.049\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.049\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw3x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys (Intel? Corporation)
DRV - (P0630VID [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\P0630Vid.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SNC [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SonyNC.sys (Sony Corporation)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (ti21sony [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (toshidpt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfbnp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (yukonwxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys (Marvell)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
[2007/02/15 13:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\mozilla\Firefox\Profiles\fo6wca78.default\extensions
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Yulan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WFPUser.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpuser.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Yulan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 转换为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换选定的链接为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 转换选定的链接为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 转换选项为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换选项为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 转换链接目标为 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 转换链接目标为现有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra Button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll (金山软件股份有限公司)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {45091AA2-1574-4EC8-B520-4C27E29CF889} http://www.gmarket.c.../gifFreezer.cab (GifFreezerCtrl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://yulan25.space...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://mn102.coolsav...oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.co.../downloader.cab (DLoader Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://yulan25.space...ad/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} http://ps.itv.mop.co...0.95_signed.cab (pCastPanel Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dic {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\Program Files\Kingsoft\Powerword 2003\XDictExB.dll (金山软件股份有限公司)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\system32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{ade3f5a8-5d75-11dd-932f-0018de621fa8}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/03/31 21:10:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/31 20:53:29 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\DOCUME~1\Yulan\Desktop\HJTInstall.exe
[2009/03/31 20:43:40 | 10,634,40384 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 13:58:20 | 02,938,310 | ---- | C] () -- C:\DOCUME~1\Yulan\Desktop\ComboFix.exe
[2009/03/31 10:53:19 | 00,000,162 | -H-- | C] () -- C:\DOCUME~1\Yulan\My Documents\~$mments-1.docx
[2009/03/27 23:42:41 | 02,131,091 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Thesis_03_25_09_1.pdf
[2009/03/27 23:37:13 | 02,179,470 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\YulanDissertation.pdf
[2009/03/27 18:45:39 | 00,018,016 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\PrelimPages2.pdf
[2009/03/26 15:23:44 | 00,089,575 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Using odds ratio to estimate the contribution of.pptx
[2009/03/15 17:35:05 | 00,029,513 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Paycheck030109-The University of Iowa.pdf
[2009/03/11 01:01:48 | 00,024,576 | -HS- | C] () -- C:\DOCUME~1\Yulan\Desktop\Thumbs.db
[2009/03/08 11:40:23 | 00,085,778 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\f24.pdf
[2009/03/06 12:58:47 | 00,027,476 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\7450165.jpg
[2009/03/06 12:08:39 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Documents\microsoft
[2009/03/04 22:58:53 | 01,074,443 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Proposal_Ch2_Experimental Plan03052009c.docx
[2009/03/02 18:46:00 | 00,026,832 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Comments-1.docx
[2009/03/02 15:38:24 | 00,024,316 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Comments.docx
[2009/03/02 02:32:17 | 00,076,288 | ---- | C] () -- C:\DOCUME~1\Yulan\My Documents\Drawing2.vsd
========== Files - Modified Within 30 Days ==========
[6 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/31 20:48:52 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/03/31 20:48:49 | 00,000,125 | -HS- | M] () -- C:\DOCUME~1\ALLUSE~1\Application Data\.zreglib
[2009/03/31 20:48:11 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/31 20:47:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/31 20:47:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/31 20:47:31 | 10,634,40384 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/31 15:05:29 | 00,024,576 | -HS- | M] () -- C:\DOCUME~1\Yulan\Desktop\Thumbs.db
[2009/03/31 14:57:50 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/03/31 14:57:50 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/03/31 14:52:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/03/31 14:52:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/31 14:51:30 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-19288672-3673173615-1739268137-1005.job
[2009/03/31 13:52:05 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\DOCUME~1\Yulan\Desktop\HJTInstall.exe
[2009/03/31 13:46:34 | 02,938,310 | ---- | M] () -- C:\DOCUME~1\Yulan\Desktop\ComboFix.exe
[2009/03/31 12:22:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/03/31 12:22:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/03/31 11:56:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/03/31 11:56:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/03/31 11:51:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/31 11:51:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/31 11:20:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/03/31 11:20:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/03/31 10:53:19 | 00,000,162 | -H-- | M] () -- C:\DOCUME~1\Yulan\My Documents\~$mments-1.docx
[2009/03/31 10:43:25 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/03/31 10:43:24 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/03/31 10:32:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/03/31 10:32:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/03/30 19:35:23 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/30 18:21:29 | 00,001,854 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat
[2009/03/30 18:20:11 | 00,000,101 | ---- | M] () -- C:\WINDOWS\System32\xlhcc.dat
[2009/03/30 18:16:21 | 00,000,767 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts1
[2009/03/29 14:27:19 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/27 23:49:04 | 02,179,470 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\YulanDissertation.pdf
[2009/03/27 23:42:41 | 02,131,091 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Thesis_03_25_09_1.pdf
[2009/03/27 18:45:39 | 00,018,016 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\PrelimPages2.pdf
[2009/03/26 15:24:23 | 00,089,575 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Using odds ratio to estimate the contribution of.pptx
[2009/03/25 23:38:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\matlab.ini
[2009/03/24 01:31:16 | 02,641,664 | -H-- | M] () -- C:\DOCUME~1\Yulan\Local Settings\Application Data\IconCache.db
[2009/03/18 15:49:20 | 00,030,104 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\败家志.xlsx
[2009/03/15 17:35:05 | 00,029,513 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Paycheck030109-The University of Iowa.pdf
[2009/03/12 10:26:22 | 00,484,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/12 10:26:22 | 00,411,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/12 10:26:22 | 00,065,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/12 10:25:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/03/12 10:25:03 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/03/12 10:21:15 | 00,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 10:03:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/08 11:40:23 | 00,085,778 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\f24.pdf
[2009/03/06 12:58:47 | 00,027,476 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\7450165.jpg
[2009/03/05 14:35:08 | 01,074,443 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Proposal_Ch2_Experimental Plan03052009c.docx
[2009/03/03 03:10:22 | 00,026,832 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Comments-1.docx
[2009/03/02 16:22:42 | 00,076,288 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Drawing2.vsd
[2009/03/02 15:39:53 | 00,024,316 | ---- | M] () -- C:\DOCUME~1\Yulan\My Documents\Comments.docx
========== LOP Check ==========
[2008/09/13 00:13:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Yulan\Application Data
[2008/02/13 11:59:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Adobe
[2007/01/11 16:46:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\AdobeUM
[2007/01/11 18:09:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Apple Computer
[2008/05/28 19:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\ArcSoft
[2008/05/15 23:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Audacity
[2008/06/29 20:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\BitTorrent
[2007/06/23 22:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\CoreCodec
[2007/06/19 14:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\EndNote
[2007/01/11 17:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Google
[2008/06/09 17:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\gtk-2.0
[2007/01/18 19:49:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Help
[2007/01/13 01:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\ICAClient
[2006/08/10 02:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Identities
[2007/03/09 16:28:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\IDMComp
[2007/06/13 19:47:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\InterVideo
[2006/09/14 15:16:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Intuit
[2007/01/11 18:29:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Kingsoft
[2007/01/11 18:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Leadertech
[2007/01/11 16:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Macromedia
[2007/01/13 15:37:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\MathWorks
[2007/02/03 14:00:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Media Player Classic
[2008/09/08 12:13:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Yulan\Application Data\Microsoft
[2009/03/27 19:17:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Yulan\Application Data\Move Networks
[2007/02/15 13:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Mozilla
[2007/10/13 18:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\PPLive
[2008/09/14 13:14:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\ppstream
[2008/05/21 16:32:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Publish Providers
[2008/11/06 13:59:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Real
[2008/02/20 12:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\SAS
[2008/05/17 10:04:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Seeing Machines
[2008/05/03 13:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Skype
[2007/01/11 18:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sonic
[2008/05/21 16:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sony
[2007/01/11 16:37:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sony Corporation
[2007/01/13 12:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Sun
[2007/02/15 13:45:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Talkback
[2007/01/11 16:28:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Template
[2007/02/01 22:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\U3
[2007/01/12 11:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Unispim
[2008/04/15 09:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Yulan\Application Data\Weather Clock
[2006/03/15 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/03/31 14:51:30 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-19288672-3673173615-1739268137-1005.job
[2007/06/14 13:06:16 | 00,000,856 | ---- | M] () -- C:\WINDOWS\Tasks\Regular.job
[2009/03/31 20:47:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
Sign In
Create Account
