Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update goes to MSN.com


  • This topic is locked This topic is locked
17 replies to this topic

#1 BoboLiu

BoboLiu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 30 November 2008 - 04:26 AM

[size="3"]Hi, my computer recently got infected with some malwares.

Indications might be:
1. pop-up ads about mobile X-Ray scanner every time or 99% of the times when i open IE or goes to another link
2. Windows Update is disabled and cannot be enabled. When try to use IE>Tools> Windows Update or Start>Windows Update etc, the website will go to MSN.com

The following actions have been taken:
1. Complete antivirus scanned - infected objects removed
2. Ad-ware scan;
3. Windows Live OneCare Safety scanner - after scanning and deleter all detected items that are able to be deleted and reboot, no more "everywhere pop-up ads" and was able to enable Windows Update in system tray. BUT it has been a few days that i've got the Windows Update disabled, so i want to see if there's any update. Went to IE>Tools>Windows Update, same problem, got diverted to MSN.com
4. Read some more posts and downloaded SUPERAntiSpyware Pro Trial Version, was not able to update definition but scanned anyway and removed all detected items.

But after all these the Windows Update still goes to MSN.com.

And here is the log file:

FIRST info.txt::

info.txt logfile of random's system information tool 1.04 2008-11-30 20:18:14

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
ACDSee 6.0 PowerPack-->MsiExec.exe /I{271B64EE-3E1B-4381-A8FE-012390050492}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Aspire Arcade 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Aspire2000-->C:\Program Files\Aspire2000\uninstall.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CanoCraft CS-P-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\CanoCraft CS-P\Uninst.isu" -c"C:\Program Files\Canon\CanoCraft CS-P\scuninst.dll"
CRW Series Driver v1.17r019-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39AE0413-CEFC-4559-AC5F-855A1C006D2F}\setup.exe" -l0x804
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter v3.1.0.0 中文版-->C:\WINDOWS\unvise32.exe D:\Program Files\DVD Decrypter v3.1.0.0 中文版\uninstal.log
eMule VeryCD版-->C:\Program Files\eMule\uninstall.exe
FlashGet(JetCar)-->C:\PROGRA~1\FLASHGET\UNWISE.EXE C:\PROGRA~1\FLASHGET\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
InterVideo FilterSDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A15ED800-19FF-11D5-AF7F-0050BA1191E9}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Launch Manager-->C:\WINDOWS\UnInst32.exe CPLCL32.UNI
LimeWire 4.14.12-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft .NET Framework 1.1 Chinese (Simplified) Language Pack-->MsiExec.exe /X{D573D013-98B8-4DA4-B4B7-F75039B3BE19}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft GB18030 Support Package-->MsiExec.exe /I{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Lite Edition 2003-->MsiExec.exe /I{90110804-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows XP CD 写入向导 HighMAT 扩展-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Microsoft Windows 日记本查看器-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Mozilla Firefox (2.0.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PhotoShop CS 简体中文迷你版-->"C:\Program Files\PhotoShop CS\unins000.exe"
PowerDirector Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
QQ2007II Beta1-->C:\Program Files\Tencent\QQ\uninst.exe
QQ聊天室-->"C:\Program Files\Tencent\QQChat\uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x804 REMOVE
RegCure 1.3.0.2-->C:\Program Files\RegCure\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Videora iPod Converter 2.19-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp 5.53.1924-->C:\Program Files\Winamp\UninstWA.exe
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7 安全更新 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 安全更新 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 安全更新 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 安全更新 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 安全更新 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 安全更新 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7 修补程序 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{75F9C7CC-1EF0-4E03-BCD5-DF715CD7AFD1}
Windows Live Messenger-->MsiExec.exe /X{3DD5CE10-6673-499D-8FC0-66C953121B1D}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Writer-->MsiExec.exe /X{3988451B-F64B-44B0-9495-26A381C04543}
Windows Live 登录助手-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player (KB911564) 安全更新-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Windows Media Player 10 (KB911565) 安全更新-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Windows Media Player 10 (KB917734) 安全更新-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Windows Media Player 11 (KB936782) 安全更新-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Windows Media Player 11 (KB939683) 修补程序-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Windows Media Player 11 (KB954154) 安全更新-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 6.4 (KB925398) 安全更新-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Windows XP (KB923689) 安全更新-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Windows XP (KB941569) 安全更新-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows XP 安全更新 (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows XP 安全更新 (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows XP 更新 (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP 更新 (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Windows XP 更新 (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Windows XP 更新 (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Windows XP 更新 (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Windows XP 更新 (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Windows XP 更新 (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Windows XP 更新 (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Windows XP 更新 (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows XP 更新 (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows XP 更新 (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Windows XP 更新 (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Windows XP 更新 (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Windows XP 更新 (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Windows XP 更新 (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Windows XP 更新 (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Windows XP 更新 (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Windows XP 更新 (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Windows XP 更新 (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Windows XP 更新 (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Windows XP 更新 (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows XP 修补程序 (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB886677-->C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP 修补程序包 - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP 修补程序包 - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR 压缩文件管理器-->C:\Program Files\WinRAR\uninstall.exe
暴风影音-->C:\Program Files\StormII\uninst.exe
豪杰超级解霸V8-->C:\Herosoft\HeroV8\UNINST32.EXE
金山词霸2007-->"C:\Program Files\Kingsoft\Powerword 2007\unins000.exe"
卡卡上网安全助手-->C:\Program Files\Rising\AntiSpyware\KKUninst.exe
快速五笔-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\联想(北京)有限公司\快速五笔\Uninst.isu"
联想Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51FDEE8A-7CA8-42B9-BDC2-2DE557EE137A}\Setup.exe" -l0x804
礣orrent-->"C:\Program Files\uTorrent\uninstall.exe"
瑞星杀毒软件下载版 天空软件专版-->C:\Program Files\Rising\Rav\Update\Setup.exe /UNINSTALL
跳棋-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A02718D6-0665-43F1-A134-7650AA461E9B}
拖拉机-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{412117E3-742B-404B-BB75-07EEF5931C97}
网易电视(网易TV)安装包 1.0.8.0-->C:\Program Files\Netease\neteasetv\uninst.exe
五子棋-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{589A6340-016E-4854-9196-C2AFB887200C}

======Security center information======

AV: 瑞星杀毒软件下载版 天空软件专版
AV: AVG Anti-Virus (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_01\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"Rav"=C:\Documents and Settings\All Users\Application Data\Rising\Rav

-----------------EOF-----------------

SECOND Log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by jun at 2008-11-30 20:17:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (41%) free of 28 GB
Total RAM: 767 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:11, on 2008-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\StormII\stormliv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CRW\shwicon.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jun\桌面\RSIT.exe
C:\Program Files\trend micro\jun.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CShowKuroBar Class - {59062B7A-61BD-4A26-A7A6-6A213F2601F7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8369650D-536C-4B75-BA0B-8286E86EDA0A} - C:\WINDOWS\system32\geBuSKBQ.dll (file missing)
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {C17A85AD-143A-4125-B299-C7AA287B3867} - C:\WINDOWS\system32\ljJDUmMc.dll (file missing)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Lenovo L350 USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer 中的“写入日志”(&:thumbsup: - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} (UUSeeInstaller Control) - http://swf.news.163.com/2008/v/NetEaseTV_GZ.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/...afeControls.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://duck-it.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C50341E9-CDC1-4377-AB88-3486CCD0FDA1} (cycnset Class) - http://ms1.cyworld.com.cn/music/package/cycnset.cab
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.icbc.com.cn/left/IcbcSslCacheCleaner.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll pttmzm.dll,kmon.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

--
End of file - 9726 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59062B7A-61BD-4A26-A7A6-6A213F2601F7}]
CShowKuroBar Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8369650D-536C-4B75-BA0B-8286E86EDA0A}]
C:\WINDOWS\system32\geBuSKBQ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live 登录帮助程序 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FLASHGET\jccatch.dll [2002-01-16 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C17A85AD-143A-4125-B299-C7AA287B3867}]
C:\WINDOWS\system32\ljJDUmMc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - []
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FLASHGET\fgiebar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-08 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-08 455168]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2003-09-12 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-08-12 335872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-07-12 54784]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-08-29 88267]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-08-29 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-08-29 618496]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PCMService"=C:\Program Files\Aspire Arcade\PCMService.exe [2003-09-29 73728]
"ShowIcon_Chander_CRW Series Driver v1.17r019"=C:\Program Files\CRW\shwicon.exe [2003-01-09 73728]
"LManager"=C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE [2003-10-18 352256]
"SysExplr"=C:\Herosoft\HeroV8\SYSEXPLR.EXE [2004-07-13 69632]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2003-01-21 40960]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-17 110592]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"RavTask"=C:\Program Files\Rising\Rav\RavTask.exe [2008-11-23 211568]
"runeip"=C:\Program Files\Rising\AntiSpyware\rstray.exe [2008-11-23 141936]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KKDelay"=C:\Program Files\Rising\AntiSpyware\RunOnce.exe [2008-11-23 68208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2629165f]
C:\WINDOWS\system32\cfifpumn.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-24 1235736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「开始」菜单^程序^启动^Image Transfer.lnk]
[]

C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll pttmzm.dll,kmon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8369650D-536C-4B75-BA0B-8286E86EDA0A}"=C:\WINDOWS\system32\geBuSKBQ.dll []
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"=C:\WINDOWS\system32\RavExt.dll [2008-11-23 113264]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJDUmMc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\Flashget\FlashGet.exe"="C:\Program Files\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:flashget"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:μTorrent"
"C:\Program Files\KuGoo2007\KuGoo.exe"="C:\Program Files\KuGoo2007\KuGoo.exe:*:Enabled:KuGoo"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA"
"C:\Program Files\Kingsoft\Powerword 2007\xdict.exe"="C:\Program Files\Kingsoft\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:\Program Files\Kingsoft\Powerword 2007\update.exe"="C:\Program Files\Kingsoft\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\Program Files\StormII\Storm.exe"="C:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音"
"C:\Program Files\StormII\stormliv.exe"="C:\Program Files\StormII\stormliv.exe:*:Enabled:暴风影音媒体控制中心"
"C:\Program Files\Tencent\QQ\QQ.exe"="C:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ"
"C:\Program Files\Tencent\QQ\Qzone\Qzone.exe"="C:\Program Files\Tencent\QQ\Qzone\Qzone.exe:*:Enabled:QzoneClient1.3Beta04 V01.3.104.021"
"C:\Program Files\Tencent\QQ\QzoneMusic.exe"="C:\Program Files\Tencent\QQ\QzoneMusic.exe:*:Enabled:QzoneMusic2.0Beta09Build110"
"C:\Program Files\Netease\neteasetv\MediaCenter.exe"="C:\Program Files\Netease\neteasetv\MediaCenter.exe:*:Enabled:MediaCenter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe"="C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe:*:Enabled:Rising update"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Professional"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c010-2930-11dc-b262-00042379b044}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c011-2930-11dc-b262-00042379b044}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.ini - open - C:\WINDOWS\System32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\notepad.exe %1

======List of files/folders created in the last 1 months======

2008-11-30 20:17:27 ----D---- C:\Program Files\trend micro
2008-11-30 20:17:26 ----D---- C:\rsit
2008-11-30 15:51:57 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 15:51:34 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-30 15:51:34 ----D---- C:\Documents and Settings\jun\Application Data\SUPERAntiSpyware.com
2008-11-30 12:33:34 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-30 11:20:47 ----SH---- C:\WINDOWS\system32\xvdunjkt.ini
2008-11-29 21:05:09 ----SH---- C:\WINDOWS\system32\habbdpkw.ini
2008-11-28 21:04:10 ----SH---- C:\WINDOWS\system32\ysdlmdsk.ini
2008-11-27 20:48:33 ----SH---- C:\WINDOWS\system32\blkhtdlt.ini
2008-11-26 05:36:18 ----SH---- C:\WINDOWS\system32\eqwjtqoy.ini
2008-11-25 00:36:40 ----D---- C:\Program Files\Lavasoft
2008-11-25 00:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-24 19:25:09 ----SH---- C:\WINDOWS\system32\dxpsfeku.ini
2008-11-23 11:32:40 ----A---- C:\WINDOWS\RsConfig.ini
2008-11-23 11:28:27 ----A---- C:\WINDOWS\RSBDBACKUP.DLL
2008-11-23 11:16:02 ----RSH---- C:\rising.ini
2008-11-23 11:16:01 ----A---- C:\WINDOWS\system32\BsMain.ini
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\UrlFilter.dll
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\kmon.dll
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\kknative.exe
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\KakaTool.dll
2008-11-23 11:14:59 ----RD---- C:\RavBin
2008-11-23 11:14:48 ----N---- C:\WINDOWS\system32\RavExt.dll
2008-11-23 11:14:46 ----N---- C:\WINDOWS\system32\bsmain.exe
2008-11-23 11:14:13 ----D---- C:\Program Files\Rising
2008-11-23 11:12:40 ----D---- C:\Documents and Settings\All Users\Application Data\Rising
2008-11-23 11:12:40 ----A---- C:\WINDOWS\Rav.ini
2008-11-22 16:50:54 ----SH---- C:\WINDOWS\system32\nmupfifc.ini
2008-11-22 16:50:19 ----A---- C:\WINDOWS\system32\2d0ad221-.txt
2008-11-22 16:49:46 ----ASH---- C:\WINDOWS\system32\cMmUDJjl.ini2
2008-11-22 16:49:45 ----ASH---- C:\WINDOWS\system32\cMmUDJjl.ini
2008-11-21 23:38:54 ----RSHD---- C:\resycled
2008-11-21 22:11:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 22:11:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 22:06:01 ----D---- C:\Documents and Settings\jun\Application Data\Yahoo!
2008-11-12 23:58:38 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 23:57:07 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 20:23:40 ----HD---- C:\WINDOWS\$NtUninstallKB953155$
2008-11-09 21:32:26 ----D---- C:\Program Files\eMule

======List of files/folders modified in the last 1 months======

2008-11-30 18:00:54 ----A---- C:\WINDOWS\STHVCD8.ini
2008-11-30 17:58:56 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2008-11-30 17:56:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-30 15:49:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-29 14:36:36 ----A---- C:\WINDOWS\AdvConfig.ini
2008-11-23 23:35:58 ----RSH---- C:\BOOT.INI
2008-11-23 23:35:58 ----A---- C:\WINDOWS\win.ini
2008-11-23 23:35:58 ----A---- C:\WINDOWS\system.ini
2008-11-22 15:17:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-19 20:59:30 ----A---- C:\WINDOWS\MENUTHEME.INI
2008-11-19 00:16:32 ----A---- C:\WINDOWS\winamp.ini
2008-11-12 23:57:18 ----A---- C:\WINDOWS\imsins.BAK
2008-11-04 11:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-31 21:55:52 ----A---- C:\WINDOWS\VCDISC.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-30 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-09 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-06 90632]
R1 FsVga;FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [2003-04-08 12160]
R1 HookCont;HookCont; C:\WINDOWS\system32\drivers\HookCont.sys [2008-11-23 13808]
R1 HookNtos;HookNtos; C:\WINDOWS\system32\drivers\HookNtos.sys [2008-11-23 63088]
R1 HookReg;HookReg; C:\WINDOWS\system32\drivers\HookReg.sys [2008-11-23 39024]
R1 HookSys;HookSys; C:\WINDOWS\system32\drivers\HookSys.sys [2008-11-23 164976]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 38912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 ScFBPNT;CanoScan FBP Port Driver; \??\C:\WINDOWS\system32\drivers\ScFBPNT.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-08-29 1170464]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-07-12 730092]
R3 Arp1394;1394 ARP 客户端协议; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 594432]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\DKbFltr.sys [2003-09-14 18838]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 NIC1394;1394 网络驱动程序; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2003-10-02 6912]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2003-06-23 46976]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-31 35913]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-08-29 270864]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w70n51;Intel PRO/Wireless 7100 Adapter 驱动程序; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-06-23 2379776]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 Bridge;MAC 桥; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC 桥微型端口; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth 设备(个人区域网); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-15 269824]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-09-30 51848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 glauiad;D-Link DSL-302G Modem; C:\WINDOWS\System32\DRIVERS\glauiad.sys [2003-03-07 29603]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-04-08 9600]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-31 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 npkcrypt;npkcrypt; \??\C:\WINDOWS\system32\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\C:\WINDOWS\system32\npkycryp.sys []
S3 RFCOMM;Bluetooth 设备 (RFCOMM 协议 TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB 扫描仪驱动程序; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB 大容量存储设备; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC301b;Lenovo L350 USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2003-12-16 91364]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-09-12 319488]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 231704]
R2 Bonjour Service;Bonjour 服务; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ccosm;Contrl Center of Storm Media; C:\Program Files\StormII\stormliv.exe [2008-03-11 473184]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 RsCCenter;Rising Process Communication Center; C:\Program Files\Rising\Rav\CCenter.exe [2008-11-23 162416]
R3 iPod Service;iPod 服务; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-17 265728]
S2 RsRavMon;Rising RealTime Monitor; C:\PROGRAM FILES\RISING\RAV\Ravmond.exe [2008-11-23 395888]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-01-25 89136]
S3 usnjsvc;Messenger 共享文件夹 USN 杂志阅读器服务; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 896000]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------


I am sorry that there are some chinese characters because my OS is Chinese. But the characters means whatever that's following them, e.g. windows update, the programs that i runned are with their english name behind.

And sorry sorry again because i don't know why my log text is exceptionally long ="=...

Thank you all in advance.
:)

Edited by BoboLiu, 30 November 2008 - 04:29 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:45 PM

Posted 30 November 2008 - 03:13 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 01 December 2008 - 06:04 AM

Hi Sam, Here's the report


SDFix: Version 1.240
Run by Administrator on ??? 2008-12-01 at 21:48

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\resycled\boot.com - Deleted



Folder C:\resycled - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 21:58:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe"="C:\\Program Files\\FlashGet Network\\Flashget\\FlashGet.exe:*:Enabled:flashget"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:鎀orrent"
"C:\\Program Files\\KuGoo2007\\KuGoo.exe"="C:\\Program Files\\KuGoo2007\\KuGoo.exe:*:Enabled:KuGoo"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PPLiveVA\\PPLiveVA.exe"="C:\\Program Files\\PPLiveVA\\PPLiveVA.exe:*:Enabled:PPLiveVA"
"C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe"="C:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe:*:Enabled:Kingsoft PowerWord Online Update"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPS????"
"C:\\Program Files\\PPStream\\PPSAP.exe"="C:\\Program Files\\PPStream\\PPSAP.exe:*:Enabled:PPS ?????"
"C:\\Program Files\\StormII\\Storm.exe"="C:\\Program Files\\StormII\\Storm.exe:*:Enabled:????"
"C:\\Program Files\\StormII\\stormliv.exe"="C:\\Program Files\\StormII\\stormliv.exe:*:Enabled:??????????"
"C:\\Program Files\\Tencent\\QQ\\QQ.exe"="C:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ"
"C:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe"="C:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe:*:Enabled:QzoneClient1.3Beta04 V01.3.104.021"
"C:\\Program Files\\Tencent\\QQ\\QzoneMusic.exe"="C:\\Program Files\\Tencent\\QQ\\QzoneMusic.exe:*:Enabled:QzoneMusic2.0Beta09Build110"
"C:\\Program Files\\Netease\\neteasetv\\MediaCenter.exe"="C:\\Program Files\\Netease\\neteasetv\\MediaCenter.exe:*:Enabled:MediaCenter"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Rising\\Rav\\CopyRun\\RavCopy.exe"="C:\\Program Files\\Rising\\Rav\\CopyRun\\RavCopy.exe:*:Enabled:Rising update"
"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Professional"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 2 Oct 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Sat 15 Nov 2008 0 A.SHR --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP875\A0117089.com"
Sat 15 Nov 2008 0 A.SHR --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP877\A0117326.COM"
Sat 15 Nov 2008 0 A.SHR --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP877\A0117423.com"
Sat 15 Nov 2008 0 A.SHR --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP877\A0117450.com"
Sat 15 Nov 2008 0 A.SHR --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP877\A0117472.com"
Wed 22 Oct 2008 962,896 A..H. --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP892\A0121180.dll"
Wed 22 Oct 2008 949,072 A..H. --- "C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP892\A0121181.dll"

Finished!

#4 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 01 December 2008 - 06:12 AM

Hi Sam, after the SDFix, am able to connet to Windows Update site ^^

Thank you very much!~~ Apparent problem is fixed.

PS. Any other problem you see from the report??

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:45 PM

Posted 01 December 2008 - 09:03 AM

Definitely not going to be that easy. You still have several issues.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Also post a new log from RSIT.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 02 December 2008 - 05:36 AM

Hi Sam,

was doing scanning when error msg came up, as follow:

"AN ERROR OCCURRED. PLEASE REPORT THE FOLLOWING ERROR CODE TO THE MALEWAREBYTES' ANTI-MALWARE SUPPORT TEAM.

ERROR CODE: 731 (0,6)"

MBAM report:

Malwarebytes' Anti-Malware 1.30
Database version: 1445
Windows 5.1.2600 Service Pack 2

2008-12-2 21:47:00
mbam-log-2008-12-02 (21-47-00).txt

Scan type: Quick Scan
Objects scanned: 62671
Time elapsed: 14 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kmon.dll (Trojan.Agent) -> Delete on reboot.

Edited by BoboLiu, 02 December 2008 - 05:58 AM.


#7 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 02 December 2008 - 06:02 AM

RSIT REPORT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by jun at 2008-12-02 21:59:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (44%) free of 28 GB
Total RAM: 767 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:03, on 2008-12-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\CRW\shwicon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
C:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\jun\桌面\RSIT.exe
C:\Program Files\trend micro\jun.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CShowKuroBar Class - {59062B7A-61BD-4A26-A7A6-6A213F2601F7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8369650D-536C-4B75-BA0B-8286E86EDA0A} - C:\WINDOWS\system32\geBuSKBQ.dll (file missing)
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {C17A85AD-143A-4125-B299-C7AA287B3867} - C:\WINDOWS\system32\ljJDUmMc.dll (file missing)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Lenovo L350 USB PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer 中的写入日志(&:thumbsup: - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} (UUSeeInstaller Control) - http://swf.news.163.com/2008/v/NetEaseTV_GZ.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/normalbank/...afeControls.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://duck-it.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C50341E9-CDC1-4377-AB88-3486CCD0FDA1} (cycnset Class) - http://ms1.cyworld.com.cn/music/package/cycnset.cab
O16 - DPF: {E9707834-5BF7-4CFF-A639-398427DE1991} (IcbcSslCacheCleanerCtrl Class) - http://www.icbc.com.cn/left/IcbcSslCacheCleaner.cab
O18 - Protocol: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll pttmzm.dll,kmon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

--
End of file - 9281 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59062B7A-61BD-4A26-A7A6-6A213F2601F7}]
CShowKuroBar Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8369650D-536C-4B75-BA0B-8286E86EDA0A}]
C:\WINDOWS\system32\geBuSKBQ.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live 登录帮助程序 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FLASHGET\jccatch.dll [2002-01-16 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C17A85AD-143A-4125-B299-C7AA287B3867}]
C:\WINDOWS\system32\ljJDUmMc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - []
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FLASHGET\fgiebar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-08 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-04-08 455168]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2003-09-12 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-08-12 335872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-07-12 54784]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-08-29 88267]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-08-29 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-08-29 618496]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PCMService"=C:\Program Files\Aspire Arcade\PCMService.exe [2003-09-29 73728]
"ShowIcon_Chander_CRW Series Driver v1.17r019"=C:\Program Files\CRW\shwicon.exe [2003-01-09 73728]
"LManager"=C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE [2003-10-18 352256]
"SysExplr"=C:\Herosoft\HeroV8\SYSEXPLR.EXE [2004-07-13 69632]
"BigDogPath"=C:\WINDOWS\VM_STI.EXE [2003-01-21 40960]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-17 110592]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"RavTask"=C:\Program Files\Rising\Rav\RavTask.exe [2008-11-23 211568]
"runeip"=C:\Program Files\Rising\AntiSpyware\rstray.exe [2008-11-23 141936]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KKDelay"=C:\Program Files\Rising\AntiSpyware\RunOnce.exe [2008-11-23 68208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2629165f]
C:\WINDOWS\system32\cfifpumn.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-01 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「开始」菜单^程序^启动^Image Transfer.lnk]
[]

C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll pttmzm.dll,kmon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8369650D-536C-4B75-BA0B-8286E86EDA0A}"=C:\WINDOWS\system32\geBuSKBQ.dll []
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"=C:\WINDOWS\system32\RavExt.dll [2008-11-23 113264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJDUmMc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\Flashget\FlashGet.exe"="C:\Program Files\FlashGet Network\Flashget\FlashGet.exe:*:Enabled:flashget"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:μTorrent"
"C:\Program Files\KuGoo2007\KuGoo.exe"="C:\Program Files\KuGoo2007\KuGoo.exe:*:Enabled:KuGoo"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\Program Files\PPLiveVA\PPLiveVA.exe"="C:\Program Files\PPLiveVA\PPLiveVA.exe:*:Enabled:PPLiveVA"
"C:\Program Files\Kingsoft\Powerword 2007\xdict.exe"="C:\Program Files\Kingsoft\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord"
"C:\Program Files\Kingsoft\Powerword 2007\update.exe"="C:\Program Files\Kingsoft\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器"
"C:\Program Files\StormII\Storm.exe"="C:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音"
"C:\Program Files\StormII\stormliv.exe"="C:\Program Files\StormII\stormliv.exe:*:Enabled:暴风影音媒体控制中心"
"C:\Program Files\Tencent\QQ\QQ.exe"="C:\Program Files\Tencent\QQ\QQ.exe:*:Enabled:QQ"
"C:\Program Files\Tencent\QQ\Qzone\Qzone.exe"="C:\Program Files\Tencent\QQ\Qzone\Qzone.exe:*:Enabled:QzoneClient1.3Beta04 V01.3.104.021"
"C:\Program Files\Tencent\QQ\QzoneMusic.exe"="C:\Program Files\Tencent\QQ\QzoneMusic.exe:*:Enabled:QzoneMusic2.0Beta09Build110"
"C:\Program Files\Netease\neteasetv\MediaCenter.exe"="C:\Program Files\Netease\neteasetv\MediaCenter.exe:*:Enabled:MediaCenter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe"="C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe:*:Enabled:Rising update"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Professional"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c010-2930-11dc-b262-00042379b044}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c011-2930-11dc-b262-00042379b044}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.ini - open - C:\WINDOWS\System32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-12-02 21:29:33 ----D---- C:\Documents and Settings\jun\Application Data\Malwarebytes
2008-12-02 21:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-02 21:29:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-01 23:39:16 ----HD---- C:\WINDOWS\$NtUninstallKB932590$
2008-12-01 23:38:33 ----HD---- C:\WINDOWS\$NtUninstallKB944043-v3$
2008-12-01 23:37:57 ----HD---- C:\WINDOWS\$NtUninstallKB954920-v2$
2008-12-01 23:37:33 ----HD---- C:\WINDOWS\$NtUninstallKB933062$
2008-12-01 23:37:10 ----HD---- C:\WINDOWS\$NtUninstallKB935708$
2008-12-01 23:36:37 ----HD---- C:\WINDOWS\$NtUninstallKB951830$
2008-12-01 23:35:59 ----HD---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-12-01 23:35:32 ----HD---- C:\WINDOWS\$NtUninstallKB946501-v2$
2008-12-01 23:35:10 ----HD---- C:\WINDOWS\$NtUninstallKB943198-v2$
2008-12-01 23:34:40 ----HD---- C:\WINDOWS\$NtUninstallKB940275-v3$
2008-12-01 23:34:14 ----HD---- C:\WINDOWS\$NtUninstallKB934428-v3$
2008-12-01 23:33:37 ----HD---- C:\WINDOWS\$NtUninstallKB932716-v2$
2008-12-01 23:33:29 ----N---- C:\WINDOWS\system32\imapi2fs.dll
2008-12-01 23:33:29 ----N---- C:\WINDOWS\system32\imapi2.dll
2008-12-01 21:44:34 ----D---- C:\WINDOWS\ERUNT
2008-12-01 21:35:50 ----D---- C:\SDFix
2008-11-30 20:40:56 ----SHD---- C:\Config.Msi
2008-11-30 20:17:27 ----D---- C:\Program Files\trend micro
2008-11-30 20:17:26 ----D---- C:\rsit
2008-11-30 15:51:57 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 15:51:34 ----D---- C:\Documents and Settings\jun\Application Data\SUPERAntiSpyware.com
2008-11-30 12:33:34 ----D---- C:\Program Files\Windows Live Safety Center
2008-11-30 11:20:47 ----SH---- C:\WINDOWS\system32\xvdunjkt.ini
2008-11-29 21:05:09 ----SH---- C:\WINDOWS\system32\habbdpkw.ini
2008-11-28 21:04:10 ----SH---- C:\WINDOWS\system32\ysdlmdsk.ini
2008-11-27 20:48:33 ----SH---- C:\WINDOWS\system32\blkhtdlt.ini
2008-11-26 05:36:18 ----SH---- C:\WINDOWS\system32\eqwjtqoy.ini
2008-11-25 00:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-24 19:25:09 ----SH---- C:\WINDOWS\system32\dxpsfeku.ini
2008-11-23 11:32:40 ----A---- C:\WINDOWS\RsConfig.ini
2008-11-23 11:28:27 ----A---- C:\WINDOWS\RSBDBACKUP.DLL
2008-11-23 11:16:02 ----RSH---- C:\rising.ini
2008-11-23 11:16:01 ----A---- C:\WINDOWS\system32\BsMain.ini
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\UrlFilter.dll
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\kknative.exe
2008-11-23 11:15:17 ----N---- C:\WINDOWS\system32\KakaTool.dll
2008-11-23 11:14:59 ----RD---- C:\RavBin
2008-11-23 11:14:48 ----N---- C:\WINDOWS\system32\RavExt.dll
2008-11-23 11:14:46 ----N---- C:\WINDOWS\system32\bsmain.exe
2008-11-23 11:14:13 ----D---- C:\Program Files\Rising
2008-11-23 11:12:40 ----D---- C:\Documents and Settings\All Users\Application Data\Rising
2008-11-23 11:12:40 ----A---- C:\WINDOWS\Rav.ini
2008-11-22 16:50:54 ----SH---- C:\WINDOWS\system32\nmupfifc.ini
2008-11-22 16:50:19 ----A---- C:\WINDOWS\system32\2d0ad221-.txt
2008-11-22 16:49:46 ----ASH---- C:\WINDOWS\system32\cMmUDJjl.ini2
2008-11-22 16:49:45 ----ASH---- C:\WINDOWS\system32\cMmUDJjl.ini
2008-11-21 22:11:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 22:06:01 ----D---- C:\Documents and Settings\jun\Application Data\Yahoo!
2008-11-12 23:58:38 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 23:57:07 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 20:23:40 ----HD---- C:\WINDOWS\$NtUninstallKB953155$

======List of files/folders modified in the last 1 months======

2008-12-02 21:51:34 ----A---- C:\WINDOWS\STHVCD8.ini
2008-12-02 21:51:34 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2008-12-02 21:49:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 21:25:38 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-02 00:58:58 ----A---- C:\WINDOWS\AdvConfig.ini
2008-12-01 23:39:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-01 21:48:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-23 23:35:58 ----RSH---- C:\BOOT.INI
2008-11-23 23:35:58 ----A---- C:\WINDOWS\win.ini
2008-11-23 23:35:58 ----A---- C:\WINDOWS\system.ini
2008-11-22 15:17:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-11-19 20:59:30 ----A---- C:\WINDOWS\MENUTHEME.INI
2008-11-19 00:16:32 ----A---- C:\WINDOWS\winamp.ini
2008-11-04 11:10:26 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-30 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-09 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-06 90632]
R1 FsVga;FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [2003-04-08 12160]
R1 HookCont;HookCont; C:\WINDOWS\system32\drivers\HookCont.sys [2008-11-23 13808]
R1 HookNtos;HookNtos; C:\WINDOWS\system32\drivers\HookNtos.sys [2008-11-23 63088]
R1 HookReg;HookReg; C:\WINDOWS\system32\drivers\HookReg.sys [2008-11-23 39024]
R1 HookSys;HookSys; C:\WINDOWS\system32\drivers\HookSys.sys [2008-11-23 164976]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 38912]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 ScFBPNT;CanoScan FBP Port Driver; \??\C:\WINDOWS\system32\drivers\ScFBPNT.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-08-29 1170464]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-07-12 730092]
R3 Arp1394;1394 ARP 客户端协议; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-09-12 594432]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\DKbFltr.sys [2003-09-14 18838]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 NIC1394;1394 网络驱动程序; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2003-10-02 6912]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-01-22 9856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2003-06-23 46976]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-31 35913]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-08-29 270864]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w70n51;Intel® PRO/Wireless 7100 Adapter 驱动程序; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-06-23 2379776]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-17 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2004-08-04 48128]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2004-08-04 38912]
S3 Bridge;MAC 桥; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC 桥微型端口; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth 设备(个人区域网); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-15 269824]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2003-09-30 51848]
S3 catchme;catchme; \??\C:\DOCUME~1\jun\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 glauiad;D-Link DSL-302G Modem; C:\WINDOWS\System32\DRIVERS\glauiad.sys [2003-03-07 29603]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-04-08 9600]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-31 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-04 51328]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2004-08-04 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 npkcrypt;npkcrypt; \??\C:\WINDOWS\system32\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\C:\WINDOWS\system32\npkycryp.sys []
S3 RFCOMM;Bluetooth 设备 (RFCOMM 协议 TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20051208.051\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2007-04-10 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB 扫描仪驱动程序; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB 大容量存储设备; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC301b;Lenovo L350 USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2003-12-16 91364]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-09-12 319488]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-26 231704]
R2 Bonjour Service;Bonjour 服务; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 ccosm;Contrl Center of Storm Media; C:\Program Files\StormII\stormliv.exe [2008-03-11 473184]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 RsCCenter;Rising Process Communication Center; C:\Program Files\Rising\Rav\CCenter.exe [2008-11-23 162416]
R3 iPod Service;iPod 服务; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-17 265728]
S2 RsRavMon;Rising RealTime Monitor; C:\PROGRAM FILES\RISING\RAV\Ravmond.exe [2008-11-23 395888]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-01-25 89136]
S3 usnjsvc;Messenger 共享文件夹 USN 杂志阅读器服务; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 896000]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------


^^ ta ta~~

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:45 PM

Posted 03 December 2008 - 09:25 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 December 2008 - 03:53 AM

ComboFix 08-12-02.02 - jun 2008-12-04 18:23:25.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.936.1.2052.18.456 [GMT 11:00]
执行位置: c:\documents and settings\jun\桌面\ComboFix.exe
* 成功创造新还原点
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Favorites\链接
c:\documents and settings\Administrator\Favorites\链接\Windows Media.url
c:\documents and settings\Administrator\Favorites\链接\Windows.url
c:\documents and settings\Administrator\Favorites\链接\免费 Hotmail.url
c:\documents and settings\Administrator\Favorites\链接\自定义链接.url
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
c:\documents and settings\jun\Application Data\BITS
c:\documents and settings\jun\Application Data\BITS\BITS.ini
c:\documents and settings\jun\Application Data\BITS\DHTTable.dat
c:\documents and settings\jun\Application Data\BITS\ProxyList.ini
c:\documents and settings\jun\Application Data\BITS\Torrent\20080410214245.torrent
c:\documents and settings\jun\Application Data\BITS\Torrent\20080410214245.torrent.bits
c:\documents and settings\jun\Application Data\BITS\Torrent\20080410214245.torrent.filelist
c:\documents and settings\jun\Application Data\BITS\Torrent\20080410214245.torrent.hybridlist
c:\documents and settings\jun\Application Data\BITS\Torrent\20080411230037.torrent
c:\documents and settings\jun\Application Data\BITS\Torrent\20080411230037.torrent.filelist
c:\documents and settings\jun\Application Data\BITS\Torrent\20080411230312.torrent
c:\documents and settings\jun\Application Data\BITS\Torrent\20080411230312.torrent.bits
c:\documents and settings\jun\Application Data\BITS\Torrent\20080411230312.torrent.filelist
c:\documents and settings\jun\Application Data\BITS\Torrent\20080411230312.torrent.seeds
c:\documents and settings\jun\Application Data\BITS\UPnP.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\Flashget\LiveUpdate\104\UpdateGet.dat
c:\windows\Downloaded Program Files\sms.ico
c:\windows\Downloaded Program Files\taobao.ico
c:\windows\Downloaded Program Files\yahoomsg.ico
c:\windows\Downloaded Program Files\ymail.ico
c:\windows\RSBDBACKUP.DLL
c:\windows\struct~.ini
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\cMmUDJjl.ini
c:\windows\system32\cMmUDJjl.ini2
D:\resycled
d:\resycled\boot.com

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( 2008-11-04 至 2008-12-04 的新的档案 )))))))))))))))))))))))))))))))
.

2008-12-02 21:29 . 2008-12-02 21:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 21:29 . 2008-12-02 21:29 <DIR> d-------- c:\documents and settings\jun\Application Data\Malwarebytes
2008-12-02 21:29 . 2008-12-02 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 21:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 21:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 23:39 . 2007-02-19 21:34 343,040 --------- c:\windows\system32\dllcache\msvcrt.dll
2008-12-01 23:38 . 2008-05-05 22:08 407,040 --------- c:\windows\system32\dllcache\netlogon.dll
2008-12-01 23:38 . 2008-05-05 22:08 337,920 --------- c:\windows\system32\dllcache\localspl.dll
2008-12-01 23:38 . 2008-05-05 22:08 183,296 --------- c:\windows\system32\dllcache\w32time.dll
2008-12-01 23:38 . 2008-05-05 22:08 176,128 --------- c:\windows\system32\dllcache\adsldp.dll
2008-12-01 23:38 . 2008-05-05 22:08 132,608 --------- c:\windows\system32\dllcache\msv1_0.dll
2008-12-01 23:38 . 2008-05-05 22:08 112,128 --------- c:\windows\system32\dllcache\dsuiext.dll
2008-12-01 23:38 . 2008-05-05 22:08 68,096 --------- c:\windows\system32\dllcache\ntdsapi.dll
2008-12-01 23:38 . 2008-05-05 22:08 68,096 --------- c:\windows\system32\dllcache\adsmsext.dll
2008-12-01 23:37 . 2007-05-14 23:51 178,176 --------- c:\windows\system32\dllcache\repdrvfs.dll
2008-12-01 23:36 . 2008-04-22 05:40 318,976 --------- c:\windows\system32\dllcache\ipnathlp.dll
2008-12-01 23:36 . 2007-04-10 21:08 60,032 --------- c:\windows\system32\dllcache\usbaudio.sys
2008-12-01 23:35 . 2008-07-23 02:37 82,936 --------- c:\windows\system32\dllcache\apps.chm
2008-12-01 23:35 . 2008-07-23 02:35 9,696 --------- c:\windows\system32\dllcache\drvmain.sdb
2008-12-01 23:34 . 2007-12-13 15:42 591,360 --------- c:\windows\system32\dllcache\crypt32.dll
2008-12-01 23:34 . 2007-11-22 22:43 78,720 --------- c:\windows\system32\dllcache\sdbus.sys
2008-12-01 23:34 . 2007-10-15 21:51 26,112 --------- c:\windows\system32\dllcache\usbser.sys
2008-12-01 23:34 . 2007-11-22 22:23 12,032 --------- c:\windows\system32\dllcache\sffdisk.sys
2008-12-01 23:34 . 2007-11-22 22:23 11,008 --------- c:\windows\system32\dllcache\sffp_sd.sys
2008-12-01 23:34 . 2007-11-22 22:23 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-01 23:34 . 2007-11-22 22:23 10,240 --------- c:\windows\system32\dllcache\sffp_mmc.sys
2008-12-01 23:33 . 2008-05-03 00:31 459,776 --------- c:\windows\system32\imapi2fs.dll
2008-12-01 23:33 . 2008-05-03 00:31 459,776 --------- c:\windows\system32\dllcache\imapi2fs.dll
2008-12-01 23:33 . 2008-05-03 00:31 309,760 --------- c:\windows\system32\imapi2.dll
2008-12-01 23:33 . 2008-05-03 00:31 309,760 --------- c:\windows\system32\dllcache\imapi2.dll
2008-12-01 23:33 . 2008-05-02 20:05 62,592 --------- c:\windows\system32\dllcache\cdrom.sys
2008-12-01 21:44 . 2008-12-01 21:44 <DIR> d-------- c:\windows\ERUNT
2008-12-01 21:35 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-30 20:17 . 2008-11-30 20:17 <DIR> d-------- C:\rsit
2008-11-30 20:17 . 2008-11-30 20:17 <DIR> d-------- c:\program files\trend micro
2008-11-30 15:51 . 2008-11-30 15:51 <DIR> d-------- c:\documents and settings\jun\Application Data\SUPERAntiSpyware.com
2008-11-30 15:51 . 2008-11-30 15:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 12:33 . 2008-11-30 12:33 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-30 11:20 . 2008-11-30 11:21 1,690,048 ---hs---- c:\windows\system32\xvdunjkt.ini
2008-11-29 21:05 . 2008-11-29 21:05 1,690,048 ---hs---- c:\windows\system32\habbdpkw.ini
2008-11-28 21:04 . 2008-11-28 21:04 1,647,128 ---hs---- c:\windows\system32\ysdlmdsk.ini
2008-11-27 20:48 . 2008-11-27 20:48 1,647,128 ---hs---- c:\windows\system32\blkhtdlt.ini
2008-11-26 05:36 . 2008-11-26 05:36 1,664,761 ---hs---- c:\windows\system32\eqwjtqoy.ini
2008-11-25 00:36 . 2008-11-25 00:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-24 19:25 . 2008-11-25 22:53 1,650,048 ---hs---- c:\windows\system32\dxpsfeku.ini
2008-11-23 19:36 . 2008-12-03 21:13 5,858 --a------ c:\windows\system32\cid_store.dat
2008-11-23 19:36 . 2008-11-23 19:36 20 --a------ c:\windows\system32\pub_store.dat
2008-11-23 11:32 . 2008-11-23 12:31 22 --a------ c:\windows\RsConfig.ini
2008-11-23 11:16 . 2008-12-03 21:13 160 --a------ c:\windows\system32\BsMain.ini
2008-11-23 11:16 . 2008-11-23 11:19 136 -r-hs---- C:\rising.ini
2008-11-23 11:14 . 2008-11-23 11:15 <DIR> dr------- C:\RavBin
2008-11-23 11:14 . 2008-11-23 11:14 <DIR> d-------- c:\program files\Rising
2008-11-23 11:14 . 2008-11-23 11:12 237,168 --------- c:\windows\system32\bsmain.exe
2008-11-23 11:14 . 2008-11-23 11:12 164,976 --------- c:\windows\system32\drivers\HookSys.sys
2008-11-23 11:14 . 2008-11-23 11:12 113,264 --------- c:\windows\system32\RavExt.dll
2008-11-23 11:14 . 2008-11-23 11:12 63,088 --------- c:\windows\system32\drivers\HookNtos.sys
2008-11-23 11:14 . 2008-11-23 11:12 39,024 --------- c:\windows\system32\drivers\HOOKREG.sys
2008-11-23 11:14 . 2008-11-23 11:12 30,704 --------- c:\windows\system32\drivers\HookHelp.sys
2008-11-23 11:14 . 2008-11-23 11:12 13,808 --------- c:\windows\system32\drivers\HookCont.sys
2008-11-23 11:14 . 2008-11-23 11:12 10,736 --------- c:\windows\system32\drivers\RsNTGdi.sys
2008-11-23 11:14 . 2008-12-03 21:12 293 --a------ c:\windows\Rav.inf
2008-11-23 11:12 . 2008-11-23 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rising
2008-11-23 11:12 . 2008-11-29 15:43 62 --a------ c:\windows\Rav.ini
2008-11-22 16:50 . 2008-11-22 16:51 1,639,933 ---hs---- c:\windows\system32\nmupfifc.ini
2008-11-21 22:11 . 2008-11-21 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 22:06 . 2008-11-19 22:06 <DIR> d-------- c:\documents and settings\jun\Application Data\Yahoo!
2008-11-19 17:07 . 2008-11-19 17:07 20 -rah----- c:\windows\assist.dat
2008-11-19 00:07 . 2008-11-19 00:08 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-10 20:23 . 2008-08-28 19:00 104,448 --------- c:\windows\system32\dllcache\win32spl.dll
2008-11-10 20:23 . 2008-08-28 19:00 74,240 --------- c:\windows\system32\dllcache\msw3prt.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 06:16 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-30 09:53 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 16:57 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 05:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:37 1,845,632 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:37 1,845,632 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:44 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2003-01-20 16:00 13,052,552 ----a-r c:\windows\system32\config\systemprofile\MpSetup.exe
2003-01-20 16:00 13,052,552 ----a-r c:\documents and settings\jun\MpSetup.exe
2003-01-20 16:00 13,052,552 ----a-r c:\documents and settings\Default User\MpSetup.exe
2003-01-20 16:00 13,052,552 ----a-r c:\documents and settings\Administrator\MpSetup.exe
.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-08 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-08 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-29 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-29 618496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCMService"="c:\program files\Aspire Arcade\PCMService.exe" [2003-09-29 73728]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="c:\program files\CRW\shwicon.exe" [2003-01-09 73728]
"LManager"="c:\progra~1\LAUNCH~1\CPLCL32.EXE" [2003-10-18 352256]
"SysExplr"="c:\herosoft\HeroV8\SYSEXPLR.EXE" [2004-07-13 69632]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RavTask"="c:\program files\Rising\Rav\RavTask.exe" [2008-11-23 211568]
"ATIModeChange"="Ati2mdxx.exe" [2003-09-12 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-07-12 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-08-29 c:\windows\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\「开始」菜单\程序\启动\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [2008-11-23 113264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^「开始」菜单^程序^启动^Image Transfer.lnk]
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-12-01 21:58 1261336 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe"=
"c:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe"=
"c:\\Program Files\\StormII\\Storm.exe"=
"c:\\Program Files\\StormII\\stormliv.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe"=
"c:\\Program Files\\Tencent\\QQ\\QzoneMusic.exe"=
"c:\\Program Files\\Netease\\neteasetv\\MediaCenter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rising\\Rav\\CopyRun\\RavCopy.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51030:TCP"= 51030:TCP:72.20.34.145/255.255.255.255:Enabled:51030

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-04-12 12936]
R0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGdi.sys [2008-11-23 10736]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-04-12 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-04-12 90632]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-11-23 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-11-23 63088]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookReg.sys [2008-11-23 39024]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-11-23 164976]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-24 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-04-12 231704]
R2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice [2008-03-11 473184]
R2 RsCCenter;Rising Process Communication Center;"c:\program files\Rising\Rav\CCenter.exe" [2008-11-23 162416]
R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\system32\drivers\ScFBPNT.SYS [2005-02-27 16288]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" [2008-11-23 395888]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\DRIVERS\glauiad.sys [2004-12-11 29603]
S3 npkycryp;npkycryp;\??\c:\windows\system32\npkycryp.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c010-2930-11dc-b262-00042379b044}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c011-2930-11dc-b262-00042379b044}]
\Shell\AutoRun\command - setupSNK.exe
.
计划任务 文件夹 里的内容

2008-08-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-03-31 20:50]

2008-12-04 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-03-31 20:50]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8369650D-536C-4B75-BA0B-8286E86EDA0A} - c:\windows\system32\geBuSKBQ.dll
BHO-{C17A85AD-143A-4125-B299-C7AA287B3867} - c:\windows\system32\ljJDUmMc.dll
ShellExecuteHooks-{8369650D-536C-4B75-BA0B-8286E86EDA0A} - c:\windows\system32\geBuSKBQ.dll
MSConfigStartUp-2629165f - c:\windows\system32\cfifpumn.dll


.
------- 而外的扫描 -------
.
FireFox -: Profile - c:\documents and settings\jun\Application Data\Mozilla\Firefox\Profiles\6dkredhu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.
.
------- 文件类型 -------
.
chm.file="hh.exe" %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 18:29:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

扫描被隐藏的进程。。。 ...

扫描被隐藏的启动组。。。

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\AVG\AVG8\AVGWDSVC.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\STORMII\STORMLIV.EXE
c:\program files\RISING\RAV\RAVSTUB.EXE
c:\windows\system32\conime.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\AVGRSX.EXE
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\LAUNCH MANAGER\CPLCL32.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\RISING\RAV\RAVMON.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
完成时间: 2008-12-04 18:33:57 - 电脑已重新启动
ComboFix-quarantined-files.txt 2008-12-04 07:33:52

Pre-Run: 26 个目录 12,659,408,896 可用字节
Post-Run: 26 个目录 12,887,441,408 可用字节

WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

323 --- E O F --- 2008-11-12 13:02:34

#10 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 04 December 2008 - 03:56 AM

And Sam...

I also got problem with uninstalling AVG 8.0 because i think i deleted the registry of AVG 8.0...

Should i also ask you about this or post another post after this post is finished??

Thanks ar~

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:45 PM

Posted 04 December 2008 - 10:00 AM

We can clean up AVG along with some malware that's still in your log.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\program files\AVG

Driver::
npkycryp
avg8wd
avg8emc
AvgTdiX
AvgLdx86
AvgRkx86

File::
c:\windows\system32\Drivers\avgtdix.sys
c:\windows\system32\Drivers\avgldx86.sys
c:\windows\system32\Drivers\avgrkx86.sys
c:\windows\system32\dxpsfeku.ini
c:\windows\system32\xvdunjkt.ini
c:\windows\system32\habbdpkw.ini
c:\windows\system32\ysdlmdsk.ini
c:\windows\system32\blkhtdlt.ini
c:\windows\system32\eqwjtqoy.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 05 December 2008 - 04:46 AM

FIRST LOG.TXT AFTER COMBOFIX

ComboFix 08-12-04.04 - jun 2008-12-05 20:32:43.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.936.1.2052.18.449 [GMT 11:00]
执行位置: c:\documents and settings\jun\桌面\ComboFix.exe
Command switches used :: c:\documents and settings\jun\桌面\CFScript.txt
* 成功创造新还原点

FILE ::
c:\windows\system32\blkhtdlt.ini
c:\windows\system32\Drivers\avgldx86.sys
c:\windows\system32\Drivers\avgrkx86.sys
c:\windows\system32\Drivers\avgtdix.sys
c:\windows\system32\dxpsfeku.ini
c:\windows\system32\eqwjtqoy.ini
c:\windows\system32\habbdpkw.ini
c:\windows\system32\xvdunjkt.ini
c:\windows\system32\ysdlmdsk.ini
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG
c:\program files\AVG\AVG8\avg.snu
c:\program files\AVG\AVG8\avg7api.dll
c:\program files\AVG\AVG8\avg8us.chm
c:\program files\AVG\AVG8\avg8us.lng
c:\program files\AVG\AVG8\avgabout.dll
c:\program files\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgameh.dll
c:\program files\AVG\AVG8\avgapix.dll
c:\program files\AVG\AVG8\avgar8us.chm
c:\program files\AVG\AVG8\avgbat.bav
c:\program files\AVG\AVG8\avgcfgex.exe
c:\program files\AVG\AVG8\avgcfgx.dll
c:\program files\AVG\AVG8\avgchk.exe
c:\program files\AVG\AVG8\avgchk.exe0
c:\program files\AVG\AVG8\avgcmgr.exe
c:\program files\AVG\AVG8\avgcorex.dll
c:\program files\AVG\AVG8\avgcrlpx.dll
c:\program files\AVG\AVG8\avgdg8us.chm
c:\program files\AVG\AVG8\avgdiag.dll
c:\program files\AVG\AVG8\avgdiag.exe
c:\program files\AVG\AVG8\avgdumpx.exe
c:\program files\AVG\AVG8\avgemc.exe
c:\program files\AVG\AVG8\avgfrw.exe
c:\program files\AVG\AVG8\avginet.dll
c:\program files\AVG\AVG8\avgiproxy.exe
c:\program files\AVG\AVG8\avglngx.dll
c:\program files\AVG\AVG8\avglogx.dll
c:\program files\AVG\AVG8\avgmail.dll
c:\program files\AVG\AVG8\avgmvflx.dll
c:\program files\AVG\AVG8\avgmwdef_us.mht
c:\program files\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgoff2k.dll
c:\program files\AVG\AVG8\avgpp.dll
c:\program files\AVG\AVG8\avgrktx.dll
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgscanx.dll
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgsched.dll
c:\program files\AVG\AVG8\avgse.dll
c:\program files\AVG\AVG8\avgsrmax.exe
c:\program files\AVG\AVG8\avgsrmx.dll
c:\program files\AVG\AVG8\avgssie.dll
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgui.exe
c:\program files\AVG\AVG8\avguiadv.dll
c:\program files\AVG\AVG8\avguires.dll
c:\program files\AVG\AVG8\avgupd.dll
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgvvx.dll
c:\program files\AVG\AVG8\avgwd.dll
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgwdwsc.dll
c:\program files\AVG\AVG8\avgwebui.dll
c:\program files\AVG\AVG8\avgxch32.dll
c:\program files\AVG\AVG8\avgxpl.dll
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\contacts_us.html
c:\program files\AVG\AVG8\dbghelp.dll
c:\program files\AVG\AVG8\dfncfg.dat
c:\program files\AVG\AVG8\Firefox\chrome.manifest
c:\program files\AVG\AVG8\Firefox\Chrome\searchshield.jar
c:\program files\AVG\AVG8\Firefox\Components\avgssff.dll
c:\program files\AVG\AVG8\Firefox\Components\ISearchShield.xpt
c:\program files\AVG\AVG8\Firefox\install.rdf
c:\program files\AVG\AVG8\fixcfg.exe
c:\program files\AVG\AVG8\fixfp.exe
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif
c:\program files\AVG\AVG8\Icons\background_middle_green.gif
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif
c:\program files\AVG\AVG8\Icons\background_middle_red.gif
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif
c:\program files\AVG\AVG8\Icons\background_top_gray.gif
c:\program files\AVG\AVG8\Icons\background_top_green.gif
c:\program files\AVG\AVG8\Icons\background_top_orange.gif
c:\program files\AVG\AVG8\Icons\background_top_red.gif
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif
c:\program files\AVG\AVG8\Icons\block-doc.gif
c:\program files\AVG\AVG8\Icons\blocked.gif
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif
c:\program files\AVG\AVG8\Icons\border_top_gray.gif
c:\program files\AVG\AVG8\Icons\border_top_green.gif
c:\program files\AVG\AVG8\Icons\border_top_orange.gif
c:\program files\AVG\AVG8\Icons\border_top_red.gif
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif
c:\program files\AVG\AVG8\Icons\box_top_red.gif
c:\program files\AVG\AVG8\Icons\caution.gif
c:\program files\AVG\AVG8\Icons\click_here_gray.gif
c:\program files\AVG\AVG8\Icons\click_here_green.gif
c:\program files\AVG\AVG8\Icons\click_here_orange.gif
c:\program files\AVG\AVG8\Icons\click_here_red.gif
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif
c:\program files\AVG\AVG8\Icons\clock.gif
c:\program files\AVG\AVG8\Icons\close.gif
c:\program files\AVG\AVG8\Icons\icons_blocked.gif
c:\program files\AVG\AVG8\Icons\icons_caution.gif
c:\program files\AVG\AVG8\Icons\icons_close.gif
c:\program files\AVG\AVG8\Icons\icons_safe.gif
c:\program files\AVG\AVG8\Icons\icons_unknown.gif
c:\program files\AVG\AVG8\Icons\icons_warning.gif
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif
c:\program files\AVG\AVG8\Icons\safe.gif
c:\program files\AVG\AVG8\Icons\unknown.gif
c:\program files\AVG\AVG8\Icons\warning.gif
c:\program files\AVG\AVG8\imsdk32.dll
c:\program files\AVG\AVG8\libsasl.dll
c:\program files\AVG\AVG8\license_us.txt
c:\program files\AVG\AVG8\lua51132.dll
c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_fr.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_it.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_nl.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_pt.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_sp.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Free_8_us.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_fr.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_it.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_nl.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_pt.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_sp.html
c:\program files\AVG\AVG8\Notification\cmp2008_App_Paid_8_us.html
c:\program files\AVG\AVG8\Notification\icon_bulb.gif
c:\program files\AVG\AVG8\Notification\logo_avg8.gif
c:\program files\AVG\AVG8\Notification\style.css
c:\program files\AVG\AVG8\saslcrammd5.dll
c:\program files\AVG\AVG8\sasldigestmd5.dll
c:\program files\AVG\AVG8\sasllogin.dll
c:\program files\AVG\AVG8\saslplain.dll
c:\program files\AVG\AVG8\Scripts\class.bin
c:\program files\AVG\AVG8\Scripts\Dictionary\english.bin
c:\program files\AVG\AVG8\Scripts\Dictionary\french.bin
c:\program files\AVG\AVG8\Scripts\Dictionary\portuguese.bin
c:\program files\AVG\AVG8\Scripts\Dictionary\spanish.bin
c:\program files\AVG\AVG8\Scripts\Dictionary\swedish.bin
c:\program files\AVG\AVG8\Scripts\IM\Kernel.bin
c:\program files\AVG\AVG8\Scripts\IM\MSN\Account.bin
c:\program files\AVG\AVG8\Scripts\IM\MSN\NotificationConnection.bin
c:\program files\AVG\AVG8\Scripts\IM\MSN\NotificationConnection13.bin
c:\program files\AVG\AVG8\Scripts\IM\MSN\PendingConnection.bin
c:\program files\AVG\AVG8\Scripts\IM\MSN\SwitchBoardConnection.bin
c:\program files\AVG\AVG8\Scripts\IM\MSN\SwitchBoardConnection13.bin
c:\program files\AVG\AVG8\Scripts\IM\Protocol.bin
c:\program files\AVG\AVG8\Scripts\IM\SocketQ.bin
c:\program files\AVG\AVG8\Scripts\IM\utility.bin
c:\program files\AVG\AVG8\Scripts\imcontrol.bin
c:\program files\AVG\AVG8\Scripts\Logging\console.bin
c:\program files\AVG\AVG8\Scripts\Logging\file.bin
c:\program files\AVG\AVG8\Scripts\Logging\localized.bin
c:\program files\AVG\AVG8\Scripts\Logging\logging.bin
c:\program files\AVG\AVG8\Scripts\Logging\null.bin
c:\program files\AVG\AVG8\Scripts\soaptest.bin
c:\program files\AVG\AVG8\setup.cfg
c:\program files\AVG\AVG8\setup.dat
c:\program files\AVG\AVG8\setup.exe
c:\program files\AVG\AVG8\setupus.lns
c:\program files\AVG\AVG8\updatecomps.cfg
c:\windows\system32\blkhtdlt.ini
c:\windows\system32\Drivers\avgldx86.sys
c:\windows\system32\Drivers\avgrkx86.sys
c:\windows\system32\Drivers\avgtdix.sys
c:\windows\system32\dxpsfeku.ini
c:\windows\system32\eqwjtqoy.ini
c:\windows\system32\habbdpkw.ini
c:\windows\system32\xvdunjkt.ini
c:\windows\system32\ysdlmdsk.ini

.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG8EMC
-------\Legacy_AVG8WD
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Service_avg8emc
-------\Service_avg8wd
-------\Service_AvgLdx86
-------\Service_AvgRkx86
-------\Service_AvgTdiX
-------\Service_npkycryp


((((((((((((((((((((((((( 2008-11-05 至 2008-12-05 的新的档案 )))))))))))))))))))))))))))))))
.

2008-12-02 21:29 . 2008-12-02 21:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 21:29 . 2008-12-02 21:29 <DIR> d-------- c:\documents and settings\jun\Application Data\Malwarebytes
2008-12-02 21:29 . 2008-12-02 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 21:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 21:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-01 23:39 . 2007-02-19 21:34 343,040 --------- c:\windows\system32\dllcache\msvcrt.dll
2008-12-01 23:38 . 2008-05-05 22:08 407,040 --------- c:\windows\system32\dllcache\netlogon.dll
2008-12-01 23:38 . 2008-05-05 22:08 337,920 --------- c:\windows\system32\dllcache\localspl.dll
2008-12-01 23:38 . 2008-05-05 22:08 183,296 --------- c:\windows\system32\dllcache\w32time.dll
2008-12-01 23:38 . 2008-05-05 22:08 176,128 --------- c:\windows\system32\dllcache\adsldp.dll
2008-12-01 23:38 . 2008-05-05 22:08 132,608 --------- c:\windows\system32\dllcache\msv1_0.dll
2008-12-01 23:38 . 2008-05-05 22:08 112,128 --------- c:\windows\system32\dllcache\dsuiext.dll
2008-12-01 23:38 . 2008-05-05 22:08 68,096 --------- c:\windows\system32\dllcache\ntdsapi.dll
2008-12-01 23:38 . 2008-05-05 22:08 68,096 --------- c:\windows\system32\dllcache\adsmsext.dll
2008-12-01 23:37 . 2007-05-14 23:51 178,176 --------- c:\windows\system32\dllcache\repdrvfs.dll
2008-12-01 23:36 . 2008-04-22 05:40 318,976 --------- c:\windows\system32\dllcache\ipnathlp.dll
2008-12-01 23:36 . 2007-04-10 21:08 60,032 --------- c:\windows\system32\dllcache\usbaudio.sys
2008-12-01 23:35 . 2008-07-23 02:37 82,936 --------- c:\windows\system32\dllcache\apps.chm
2008-12-01 23:35 . 2008-07-23 02:35 9,696 --------- c:\windows\system32\dllcache\drvmain.sdb
2008-12-01 23:34 . 2007-12-13 15:42 591,360 --------- c:\windows\system32\dllcache\crypt32.dll
2008-12-01 23:34 . 2007-11-22 22:43 78,720 --------- c:\windows\system32\dllcache\sdbus.sys
2008-12-01 23:34 . 2007-10-15 21:51 26,112 --------- c:\windows\system32\dllcache\usbser.sys
2008-12-01 23:34 . 2007-11-22 22:23 12,032 --------- c:\windows\system32\dllcache\sffdisk.sys
2008-12-01 23:34 . 2007-11-22 22:23 11,008 --------- c:\windows\system32\dllcache\sffp_sd.sys
2008-12-01 23:34 . 2007-11-22 22:23 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-01 23:34 . 2007-11-22 22:23 10,240 --------- c:\windows\system32\dllcache\sffp_mmc.sys
2008-12-01 23:33 . 2008-05-03 00:31 459,776 --------- c:\windows\system32\imapi2fs.dll
2008-12-01 23:33 . 2008-05-03 00:31 459,776 --------- c:\windows\system32\dllcache\imapi2fs.dll
2008-12-01 23:33 . 2008-05-03 00:31 309,760 --------- c:\windows\system32\imapi2.dll
2008-12-01 23:33 . 2008-05-03 00:31 309,760 --------- c:\windows\system32\dllcache\imapi2.dll
2008-12-01 23:33 . 2008-05-02 20:05 62,592 --------- c:\windows\system32\dllcache\cdrom.sys
2008-12-01 21:44 . 2008-12-01 21:44 <DIR> d-------- c:\windows\ERUNT
2008-12-01 21:35 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-30 20:17 . 2008-11-30 20:17 <DIR> d-------- C:\rsit
2008-11-30 20:17 . 2008-11-30 20:17 <DIR> d-------- c:\program files\trend micro
2008-11-30 15:51 . 2008-11-30 15:51 <DIR> d-------- c:\documents and settings\jun\Application Data\SUPERAntiSpyware.com
2008-11-30 15:51 . 2008-11-30 15:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-30 12:33 . 2008-11-30 12:33 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-25 00:36 . 2008-11-25 00:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-23 19:36 . 2008-12-04 19:37 5,858 --a------ c:\windows\system32\cid_store.dat
2008-11-23 19:36 . 2008-11-23 19:36 20 --a------ c:\windows\system32\pub_store.dat
2008-11-23 11:32 . 2008-11-23 12:31 22 --a------ c:\windows\RsConfig.ini
2008-11-23 11:16 . 2008-12-04 23:26 160 --a------ c:\windows\system32\BsMain.ini
2008-11-23 11:16 . 2008-11-23 11:19 136 -r-hs---- C:\rising.ini
2008-11-23 11:14 . 2008-11-23 11:15 <DIR> dr------- C:\RavBin
2008-11-23 11:14 . 2008-11-23 11:14 <DIR> d-------- c:\program files\Rising
2008-11-23 11:14 . 2008-11-23 11:12 237,168 --------- c:\windows\system32\bsmain.exe
2008-11-23 11:14 . 2008-11-23 11:12 164,976 --------- c:\windows\system32\drivers\HookSys.sys
2008-11-23 11:14 . 2008-11-23 11:12 113,264 --------- c:\windows\system32\RavExt.dll
2008-11-23 11:14 . 2008-11-23 11:12 63,088 --------- c:\windows\system32\drivers\HookNtos.sys
2008-11-23 11:14 . 2008-11-23 11:12 39,024 --------- c:\windows\system32\drivers\HOOKREG.sys
2008-11-23 11:14 . 2008-11-23 11:12 30,704 --------- c:\windows\system32\drivers\HookHelp.sys
2008-11-23 11:14 . 2008-11-23 11:12 13,808 --------- c:\windows\system32\drivers\HookCont.sys
2008-11-23 11:14 . 2008-11-23 11:12 10,736 --------- c:\windows\system32\drivers\RsNTGdi.sys
2008-11-23 11:14 . 2008-12-04 23:26 191 --a------ c:\windows\Rav.inf
2008-11-23 11:12 . 2008-11-23 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rising
2008-11-23 11:12 . 2008-11-29 15:43 62 --a------ c:\windows\Rav.ini
2008-11-22 16:50 . 2008-11-22 16:51 1,639,933 ---hs---- c:\windows\system32\nmupfifc.ini
2008-11-21 22:11 . 2008-11-21 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 22:06 . 2008-11-19 22:06 <DIR> d-------- c:\documents and settings\jun\Application Data\Yahoo!
2008-11-19 17:07 . 2008-11-19 17:07 20 -rah----- c:\windows\assist.dat
2008-11-19 00:07 . 2008-11-19 00:08 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-10 20:23 . 2008-08-28 19:00 104,448 --------- c:\windows\system32\dllcache\win32spl.dll
2008-11-10 20:23 . 2008-08-28 19:00 74,240 --------- c:\windows\system32\dllcache\msw3prt.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 03:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 03:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 16:57 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 05:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:37 1,845,632 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:37 1,845,632 ------w c:\windows\system32\dllcache\win32k.sys
2003-01-20 16:00 13,052,552 ----a-r c:\windows\system32\config\systemprofile\MpSetup.exe
2003-01-20 16:00 13,052,552 ----a-r c:\documents and settings\jun\MpSetup.exe
2003-01-20 16:00 13,052,552 ----a-r c:\documents and settings\Default User\MpSetup.exe
2003-01-20 16:00 13,052,552 ----a-r c:\documents and settings\Administrator\MpSetup.exe
.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-08 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-08 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-29 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-29 618496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PCMService"="c:\program files\Aspire Arcade\PCMService.exe" [2003-09-29 73728]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="c:\program files\CRW\shwicon.exe" [2003-01-09 73728]
"LManager"="c:\progra~1\LAUNCH~1\CPLCL32.EXE" [2003-10-18 352256]
"SysExplr"="c:\herosoft\HeroV8\SYSEXPLR.EXE" [2004-07-13 69632]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"RavTask"="c:\program files\Rising\Rav\RavTask.exe" [2008-11-23 211568]
"ATIModeChange"="Ati2mdxx.exe" [2003-09-12 c:\windows\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-07-12 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-08-29 c:\windows\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\「开始」菜单\程序\启动\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [2008-11-23 113264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^「开始」菜单^程序^启动^Image Transfer.lnk]
backup=c:\windows\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Kingsoft\\Powerword 2007\\xdict.exe"=
"c:\\Program Files\\Kingsoft\\Powerword 2007\\update.exe"=
"c:\\Program Files\\StormII\\Storm.exe"=
"c:\\Program Files\\StormII\\stormliv.exe"=
"c:\\Program Files\\Tencent\\QQ\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Qzone\\Qzone.exe"=
"c:\\Program Files\\Tencent\\QQ\\QzoneMusic.exe"=
"c:\\Program Files\\Netease\\neteasetv\\MediaCenter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rising\\Rav\\CopyRun\\RavCopy.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51030:TCP"= 51030:TCP:72.20.34.145/255.255.255.255:Enabled:51030

R0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGdi.sys [2008-11-23 10736]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-11-23 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-11-23 63088]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookReg.sys [2008-11-23 39024]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-11-23 164976]
R2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice [2008-03-11 473184]
R2 RsCCenter;Rising Process Communication Center;"c:\program files\Rising\Rav\CCenter.exe" [2008-11-23 162416]
R2 ScFBPNT;CanoScan FBP Port Driver;\??\c:\windows\system32\drivers\ScFBPNT.SYS [2005-02-27 16288]
S2 RsRavMon;Rising RealTime Monitor;"c:\program files\RISING\RAV\Ravmond.exe" [2008-11-23 395888]
S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\DRIVERS\glauiad.sys [2004-12-11 29603]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c010-2930-11dc-b262-00042379b044}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976c011-2930-11dc-b262-00042379b044}]
\Shell\AutoRun\command - setupSNK.exe
.
计划任务 文件夹 里的内容

2008-08-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-03-31 20:50]

2008-12-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-03-31 20:50]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: c:\program files\Tencent\QQ\SendMMS.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: 使用Kugoo下载
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: 添加到QQ表情 - c:\program files\Tencent\QQ\AddEmotion.htm
IE: {367E0A21-8601-4986-9C9A-153BF5ACA118} - c:\herosoft\HeroV8\STHSDVD.EXE
IE: {367E0A21-8601-4986-9C9A-153BF5ACA118} - c:\herosoft\HeroV8\STHSDVD.EXE -
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx

O16 -: {1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} - hxxp://swf.news.163.com/2008/v/NetEaseTV_GZ.cab
c:\windows\Downloaded Program Files\NetEaseTV.INF

c:\windows\system32\msvcp60.dll - c:\windows\Downloaded Program Files\SubmitControl.dll
c:\windows\Downloaded Program Files\InputControl.dll
O16 -: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD}
hxxps://mybank.icbc.com.cn/icbc/normalbank/AxSafeControls.cab
c:\windows\Downloaded Program Files\AxSafeControls.inf

c:\windows\system32\atl.dll - c:\windows\system32\cycnset.dll
O16 -: {C50341E9-CDC1-4377-AB88-3486CCD0FDA1}
hxxp://ms1.cyworld.com.cn/music/package/cycnset.cab
c:\windows\Downloaded Program Files\cycnset.inf

c:\windows\system32\msvcr71.dll - c:\windows\Downloaded Program Files\IcbcSslCacheCleaner.dll
O16 -: {E9707834-5BF7-4CFF-A639-398427DE1991}
hxxp://www.icbc.com.cn/left/IcbcSslCacheCleaner.cab
c:\windows\Downloaded Program Files\IcbcSslCacheCtrl.INF
FireFox -: Profile - c:\documents and settings\jun\Application Data\Mozilla\Firefox\Profiles\6dkredhu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 20:38:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

扫描被隐藏的进程。。。 ...

扫描被隐藏的启动组。。。

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\CONIME.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\program files\STORMII\STORMLIV.EXE
c:\program files\RISING\RAV\RAVSTUB.EXE
c:\program files\LAUNCH MANAGER\CPLCL32.EXE
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\RISING\RAV\RAVMON.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
完成时间: 2008-12-05 20:42:17 - 电脑已重新启动
ComboFix-quarantined-files.txt 2008-12-05 09:42:14
ComboFix2.txt 2008-12-04 07:34:02

Pre-Run: 26 个目录 12,773,490,688 可用字节
Post-Run: 26 个目录 12,734,398,464 可用字节

459 --- E O F --- 2008-11-12 13:02:34

#13 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 05 December 2008 - 07:37 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 05, 2008 06:11:58
Records in database: 1438085
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 69095
Threat name: 12
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 01:56:58


File name / Threat name / Threats count
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121012.dll Infected: Trojan.Win32.Monder.zfd 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121013.dll Infected: Trojan.Win32.Monder.zfd 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121015.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ewi 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121016.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ewe 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121017.dll Infected: Trojan.Win32.Monder.aaom 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121020.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ewi 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121021.dll Infected: Trojan.Win32.Monder.aaom 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121022.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ewe 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121024.dll Infected: Trojan.Win32.Agent.aqyv 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121025.dll Infected: Trojan.Win32.Monder.aavu 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121026.dll Infected: Trojan.Win32.Agent.arjg 1
C:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP889\A0121030.dll Infected: Trojan.Win32.Monder.aavu 1
D:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP880\A0117648.exe Infected: Trojan.Win32.Agent.alxj 1
D:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP880\A0117648.exe Infected: Trojan.Win32.Monder.wos 1
D:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP880\A0117648.exe Infected: Trojan-Downloader.Win32.VB.gix 1
D:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP880\A0117674.exe Infected: Trojan.Win32.Monderd.gen 1
D:\System Volume Information\_restore{FD2AC3D7-A8A0-477A-B179-B90CE8614F21}\RP880\A0117674.exe Infected: Trojan-Dropper.Win32.Agent.uba 1

The selected area was scanned.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:45 PM

Posted 05 December 2008 - 10:22 AM

I see a file that we need to have scanned.


Please visit the online Jotti Virus Scanner
  • Click on Posted Image button.
  • Copy and paste the following filepath in the box:


    c:\windows\system32\drivers\ndisprot.sys


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 BoboLiu

BoboLiu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:45 AM

Posted 06 December 2008 - 10:50 PM

Scanner results
Scan taken on 07 Dec 2008 03:36:50 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


My computer's behaving normally now: no more pop-up ads, can go to windows update site. Just one difference i noticed: that windows update doesn't ask me for some particular windows update everyday now ( i suppose it's not supposed to have updates everyday but that's how it was before you started to help me with the problems - perhaps that was one of the probles that i don't see).

PS does anything need to be done to those detected in the kaspersky online scan?

Thanks you ~~ :thumbsup:

Edited by BoboLiu, 06 December 2008 - 10:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users