Inactive Win32/Mebroot removal

pine · 2010/08/11

[Inactive] Win32/Mebroot removal

Dear volunteer,
My Anti virus software (NOD32 4.0.417) Prompt that I was infected by Win32/Mebroot Trojan in memory but fail to remove it.

I went to the NOD website and download http://download1.eset.hk/download/tools/EMebRemover.exe
Follow the step but also fail.
the first time it found the virus but said can't remove it.
after reboot the computer, I rerun the program and it said the virus not found.

I got this virus for several weeks and still has no idea to deal with it. By the response of Anti virus software, this virus seems not active when the computer is fresh boot, but active some time when I browsing the web.

I am sorry that I am running a Windows XP SP3 Chinese version.

Thanks for your help.

Pine

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 1:46:18.71 on 2010/08/12 星期四
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.2047.1350 [GMT 8:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ClipX\clipx.exe
C:\Program Files\95599 Certificate Tools\FTSafe\CertD_abchina.exe
C:\Documents and Settings\Administrator\Desktop\711\axmonitor.exe
C:\Documents and Settings\Administrator\Desktop\711\DkAutoReg.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\GP_CLT_Service.exe
C:\WINDOWS\system32\GP_CLT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Downloads\virus_clean\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.firefox.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Windows Live 祅腊?: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
EB: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe "
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Lingoes] c:\program files\lingoes\translator2\Lingoes.exe -minimize
mRun: [ClipX] c:\program files\clipx\clipx.exe
mRun: [ePassAuto_ABChina] c:\program files\95599 certificate tools\ftsafe\CertD_abchina.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_06\bin\jusched.exe "
mRun: [DkStartup] c:\documents and settings\administrator\desktop\711\dkstartup.exe
mRun: [AxMonitor] c:\documents and settings\administrator\desktop\711\axmonitor.exe
mRun: [DkAutoReg] c:\documents and settings\administrator\desktop\711\DkAutoReg.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [ctfmon.exe] ctfmon.exe
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll "
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\admini~1\「開始~1\程式集\啟動\easywi~1.lnk - g:\doc\其召\autohotkey\Easy Window Dragging.ahk
mPolicies-explorer: NoSMMyPictures = 1 (0x1)
mPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Export Current Page To SSReader - c:\program files\ssreader36\ss_all.htm
IE: Export Selection To SSReader - c:\program files\ssreader36\ss_select.htm
IE: 使用迅雷下? - c:\program files\thunder network\thunder\program\geturl.htm
IE: 使用迅雷下?全部?接 - c:\program files\thunder network\thunder\program\getallurl.htm
IE: 剪貼簿文字: 簡 > 繁 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/ClipToTrad
IE: 剪貼簿文字: 繁 > 簡 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/ClipToSim
IE: 網頁: [簡體] 顯示 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/PageToSim
IE: 網頁: [繁體] 顯示 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/PageToTrad
IE: 蹲 Microsoft Excel(&X) - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: 95599.cn\easyabc
Trusted Zone: 95599.cn\www
Trusted Zone: abchina.com\www
Trusted Zone: 95599.cn\easyabc
Trusted Zone: 95599.cn\www
Trusted Zone: 95599.sh.cn\ebank
Trusted Zone: 95599.sh.cn\www
Trusted Zone: abchina.com\www
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxp://www.95599.cn/update/down/NetSign.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252079241593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252079184890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: DkWLNP - DkWLNP.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\34xh3ep0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2457228&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2457228&q=
FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "network.protocol-handler.external.foxy ", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "network.protocol-handler.warn-external.foxy ", false);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "network.protocol-handler.expose.foxy ", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "general.useragent.extra.foxy1 ", "Foxy/1 ");

============= SERVICES / DRIVERS ===============

R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [2008-9-23 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 93848]
R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2008-7-29 122880]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 GP_CLT_Service;GP_CLT_Service;c:\windows\system32\GP_CLT_Service.exe [2009-7-8 24576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-30 10384]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-1-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2010-3-7 12240]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2010-3-7 18704]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-9-23 222976]
S2 gupdate;Google 更新服務 (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 CIDCUSB;CIDC USB KEY Driver;c:\windows\system32\drivers\CIDCUSB.sys [2009-7-8 17920]
S3 GoogleDesktopManager-093009-130223;「Google 桌面」管理員 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-12 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-12-4 25728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2010-3-7 22096]
S4 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [2008-9-23 159616]

=============== Created Last 30 ================

2010-08-06 10:29:03 13 ----a-w- c:\windows\system32\WinSys32.crc
2010-08-06 10:28:34 0 d-----w- c:\docume~1\admini~1\applic~1\CoffeeCup Software
2010-08-06 10:28:22 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-08-06 10:27:59 0 d-----w- c:\program files\CoffeeCup Software
2010-07-26 10:22:08 13980 ----a-w- c:\windows\Ascd_tmp.ini
2010-07-25 18:09:26 4968 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-07-24 17:14:43 1000 ----a-w- c:\documents and settings\administrator\.opencard.properties
2010-07-24 17:14:43 0 d-----w- c:\documents and settings\administrator\.oos
2010-07-18 08:30:45 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 05:00:50 102400 ----a-w- c:\documents and settings\administrator\com_securenetasia_p11wrapper3_cbs.bochk.com.dll

==================== Find3M ====================

2010-08-11 17:26:26 536994 ----a-w- c:\windows\system32\prfh0404.dat
2010-08-11 17:26:26 296688 ----a-w- c:\windows\system32\prfc0404.dat
2010-07-07 05:06:46 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-07 04:41:27 20480 ---ha-w- C:\SZKGFS.dat
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-04 17:00:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-09-04 17:00:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090520090906\index.dat

============= FINISH: 1:46:36.76 ===============

PeteC · 2010/08/11

And the contents of the attach.txt, please

pine · 2010/08/11

Hi PeteC,
Thanks for your reply, here it is:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume6
Install Date: 2008/9/23 下午 11:14:26
System Uptime: 2010/8/12 上午 01:15:13 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel Pentium III Xeon 處理器 | Socket 775 | 2532/266mhz
Processor: Intel Pentium III Xeon 處理器 | Socket 775 | 2532/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 60 GiB total, 22.949 GiB free.
D: is FIXED (FAT32) - 24 GiB total, 0.434 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 238 GiB total, 53.94 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-252B_________________R701____\5&20F2915F&0&0.0.0
Manufacturer: (標準 CD-ROM 光碟機)
Name: SAMSUNG CD-R/RW SW-252B
PNP Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-252B_________________R701____\5&20F2915F&0&0.0.0
Service: cdrom

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: vax347b

==== System Restore Points ===================

RP1: 2010/7/9 下午 10:17:39 - 系統檢查點
RP2: 2010/7/12 下午 12:57:55 - 系統檢查點
RP3: 2010/7/12 下午 01:42:09 - Removed Opera 10.53.
RP4: 2010/7/12 下午 01:42:23 - Installed Opera 10.60.
RP5: 2010/7/18 下午 04:43:50 - 系統檢查點
RP6: 2010/7/18 下午 08:00:17 - Software Distribution Service 3.0
RP7: 2010/7/21 上午 11:46:23 - 系統檢查點
RP8: 2010/7/22 下午 06:31:43 - 系統檢查點
RP9: 2010/7/26 下午 04:19:03 - 系統檢查點
RP10: 2010/8/1 下午 06:56:15 - 系統檢查點
RP11: 2010/8/3 上午 01:25:24 - 系統檢查點
RP12: 2010/8/4 下午 03:49:10 - 系統檢查點
RP13: 2010/8/5 下午 04:20:23 - 系統檢查點
RP14: 2010/8/6 下午 05:54:12 - 系統檢查點
RP15: 2010/8/9 下午 01:18:19 - Removed Foxit PDF IFilter
RP16: 2010/8/10 下午 02:02:19 - 系統檢查點

==== Installed Programs ======================

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Alcohol 120%
AMR to MP3 Converter 1.4
ASCII Art Viewer v2.2.0
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Auto Mouse 1.3
AutoHotkey 1.0.48.05
Brother HL-2140
Cambridge Advanced Learner's Dictionary - 2nd edition
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon S300
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CDDRV_Installer
ClipX
ConvertZ v8.02
Diskeeper Professional Premier Edition
erLT
ESET NOD32 Antivirus
ESET Online Scanner v3
EVEREST Ultimate Edition v2.50
Facebook Plug-In
FastStone Image Viewer 3.9
FileZilla Client 3.3.3
FileZilla Server (remove only)
FinePrint
FlashGet 1.9.4.1063
FlashSFV v2.5
FLVPlayer4Free Free FLV Player 3.8.0.0
Google Earth Plug-in
Google Update Helper
Google 桌面
Google 瀏覽器
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB954550-v5)
HTC Driver
HTC Sync
ImgBurn
IrfanView (remove only)
J2SE Development Kit 5.0 Update 16
J2SE Development Kit 5.0 Update 17
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
K-Lite Codec Pack 2.70 Standard
KhalInstallWrapper
LeapFTP v2.7.6.613
Lingoes 2.6.2
Logitech SetPoint
Longman Dictionary of Contemporary English 5th Edition
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Media Player Classic v6.4.8.7
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Chinese (Traditional)) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows Application Compatibility Database
Miranda IM 0.8.27
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multiwin Quotation
Nero 6 Ultra Edition
nLite 1.4.9.1
NVIDIA Drivers
OpenVPN 2.0.9-gui-1.0.3
Opera 10.60
PaperPort
PC Probe II
PCMan 2004
PDFCreator
pdfforge Toolbar v1.1
Picasa 3
Platform
PrimoPDF
PSPad editor
QUICKfind server v1.1
QuickTime Alternative 2.9.2
Real Alternative 1.46
SafeNet Borderless Security PK Client
SafeNet iKey Driver v4.1.0.6
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Segoe UI
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
SSReader3.73
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TortoiseSVN 1.5.9.15518 (32 bit)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2202131)
VIA 平台裝置管理員
vLite
VMware Workstation
VNC Free Edition 4.1.3
Web 資料夾的軟體更新
Windows 7 USB/DVD Download Tool
Windows Automated Installation Kit
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation v1.9.40.0 Cracked V3
Windows Imaging Component
Windows Internet Explorer 8
Windows Internet Explorer 8 安全性更新 (KB971961)
Windows Internet Explorer 8 安全性更新 (KB972260)
Windows Internet Explorer 8 安全性更新 (KB978207)
Windows Internet Explorer 8 安全性更新 (KB981332)
Windows Internet Explorer 8 安全性更新 (KB982381)
Windows Internet Explorer 8 更新 (KB972636)
Windows Internet Explorer 8 更新 (KB980182)
Windows Live ?Α?
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live 祅腊?
Windows Live 更ㄣ
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 安全性更新 (KB936782)
Windows Media Player 6.4 安全性更新 (KB925398)
Windows Media Player 安全性更新 (KB952069)
Windows Media Player 安全性更新 (KB954155)
Windows Media Player 安全性更新 (KB968816)
Windows Media Player 安全性更新 (KB973540)
Windows Media Player 安全性更新 (KB978695)
Windows XP Hotfix (KB921411)
Windows XP Hotfix (KB952287)
Windows XP Hotfix (KB961118)
Windows XP Hotfix (KB976098-v2)
Windows XP Hotfix (KB981793)
Windows XP 安全性更新 (KB2229593)
Windows XP 安全性更新 (KB911562)
Windows XP 安全性更新 (KB913580)
Windows XP 安全性更新 (KB914388)
Windows XP 安全性更新 (KB914389)
Windows XP 安全性更新 (KB918118)
Windows XP 安全性更新 (KB918439)
Windows XP 安全性更新 (KB920213)
Windows XP 安全性更新 (KB920670)
Windows XP 安全性更新 (KB920683)
Windows XP 安全性更新 (KB920685)
Windows XP 安全性更新 (KB923191)
Windows XP 安全性更新 (KB923414)
Windows XP 安全性更新 (KB923561)
Windows XP 安全性更新 (KB923689)
Windows XP 安全性更新 (KB923980)
Windows XP 安全性更新 (KB924270)
Windows XP 安全性更新 (KB924667)
Windows XP 安全性更新 (KB925902)
Windows XP 安全性更新 (KB926255)
Windows XP 安全性更新 (KB926436)
Windows XP 安全性更新 (KB927779)
Windows XP 安全性更新 (KB927802)
Windows XP 安全性更新 (KB928255)
Windows XP 安全性更新 (KB928843)
Windows XP 安全性更新 (KB929123)
Windows XP 安全性更新 (KB930178)
Windows XP 安全性更新 (KB931261)
Windows XP 安全性更新 (KB931784)
Windows XP 安全性更新 (KB932168)
Windows XP 安全性更新 (KB933729)
Windows XP 安全性更新 (KB935839)
Windows XP 安全性更新 (KB935840)
Windows XP 安全性更新 (KB936021)
Windows XP 安全性更新 (KB937894)
Windows XP 安全性更新 (KB938127)
Windows XP 安全性更新 (KB938464)
Windows XP 安全性更新 (KB941569)
Windows XP 安全性更新 (KB941693)
Windows XP 安全性更新 (KB943055)
Windows XP 安全性更新 (KB943460)
Windows XP 安全性更新 (KB943485)
Windows XP 安全性更新 (KB944338-v2)
Windows XP 安全性更新 (KB944653)
Windows XP 安全性更新 (KB945553)
Windows XP 安全性更新 (KB946026)
Windows XP 安全性更新 (KB946648)
Windows XP 安全性更新 (KB948590)
Windows XP 安全性更新 (KB950749)
Windows XP 安全性更新 (KB950762)
Windows XP 安全性更新 (KB950974)
Windows XP 安全性更新 (KB951066)
Windows XP 安全性更新 (KB951376-v2)
Windows XP 安全性更新 (KB951698)
Windows XP 安全性更新 (KB951748)
Windows XP 安全性更新 (KB952004)
Windows XP 安全性更新 (KB952954)
Windows XP 安全性更新 (KB953838)
Windows XP 安全性更新 (KB953839)
Windows XP 安全性更新 (KB955069)
Windows XP 安全性更新 (KB956572)
Windows XP 安全性更新 (KB956802)
Windows XP 安全性更新 (KB956803)
Windows XP 安全性更新 (KB956844)
Windows XP 安全性更新 (KB957097)
Windows XP 安全性更新 (KB958470)
Windows XP 安全性更新 (KB958644)
Windows XP 安全性更新 (KB958687)
Windows XP 安全性更新 (KB958869)
Windows XP 安全性更新 (KB959426)
Windows XP 安全性更新 (KB960225)
Windows XP 安全性更新 (KB960803)
Windows XP 安全性更新 (KB960859)
Windows XP 安全性更新 (KB961501)
Windows XP 安全性更新 (KB969059)
Windows XP 安全性更新 (KB969947)
Windows XP 安全性更新 (KB970238)
Windows XP 安全性更新 (KB970430)
Windows XP 安全性更新 (KB971032)
Windows XP 安全性更新 (KB971468)
Windows XP 安全性更新 (KB971486)
Windows XP 安全性更新 (KB971557)
Windows XP 安全性更新 (KB971633)
Windows XP 安全性更新 (KB971657)
Windows XP 安全性更新 (KB972270)
Windows XP 安全性更新 (KB973354)
Windows XP 安全性更新 (KB973507)
Windows XP 安全性更新 (KB973525)
Windows XP 安全性更新 (KB973869)
Windows XP 安全性更新 (KB973904)
Windows XP 安全性更新 (KB974112)
Windows XP 安全性更新 (KB974318)
Windows XP 安全性更新 (KB974392)
Windows XP 安全性更新 (KB974571)
Windows XP 安全性更新 (KB975025)
Windows XP 安全性更新 (KB975467)
Windows XP 安全性更新 (KB975560)
Windows XP 安全性更新 (KB975561)
Windows XP 安全性更新 (KB975562)
Windows XP 安全性更新 (KB975713)
Windows XP 安全性更新 (KB977165)
Windows XP 安全性更新 (KB977816)
Windows XP 安全性更新 (KB977914)
Windows XP 安全性更新 (KB978037)
Windows XP 安全性更新 (KB978251)
Windows XP 安全性更新 (KB978262)
Windows XP 安全性更新 (KB978338)
Windows XP 安全性更新 (KB978542)
Windows XP 安全性更新 (KB978601)
Windows XP 安全性更新 (KB978706)
Windows XP 安全性更新 (KB979309)
Windows XP 安全性更新 (KB979482)
Windows XP 安全性更新 (KB979559)
Windows XP 安全性更新 (KB979683)
Windows XP 安全性更新 (KB980195)
Windows XP 安全性更新 (KB980218)
Windows XP 安全性更新 (KB980232)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB911280)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
Windows XP 更新 (KB925720)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB930916)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB936357)
Windows XP 更新 (KB938828)
Windows XP 更新 (KB951072-v2)
Windows XP 更新 (KB955759)
Windows XP 更新 (KB961503)
Windows XP 更新 (KB967715)
Windows XP 更新 (KB968389)
Windows XP 更新 (KB971737)
Windows XP 更新 (KB973687)
Windows XP 更新 (KB973815)
WinPatrol
WinRAR 壓縮工具
Write-N-Cite
μTorrent
千千?听 5.5
中國農業銀行網上銀行證書工具軟體
中國農業銀行網上銀行證書工具軟體飛天誠信卸載
易頡輸入法

==== End Of File ===========================

PeteC · 2010/08/12

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

pine · 2010/08/12

Dear PeteC,
Thanks for your advise. In fact, I have a long time not using BT although the BT client still remain here. So, should I uninstall it before I proceed?

Thank you very much.

PeteC · 2010/08/12

So, should I uninstall it before I proceed?
Click to expand...

That is our advice

pine · 2010/08/12

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 2:31:58.00 on 2010/08/13 星期五
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.2047.1172 [GMT 8:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ClipX\clipx.exe
C:\Program Files\95599 Certificate Tools\FTSafe\CertD_abchina.exe
C:\Documents and Settings\Administrator\Desktop\711\axmonitor.exe
C:\Documents and Settings\Administrator\Desktop\711\DkAutoReg.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Lingoes\Translator2\Lingoes.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\dklog.exe
C:\WINDOWS\system32\dkvcm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\GP_CLT_Service.exe
C:\WINDOWS\system32\GP_CLT.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
G:\Downloads\virus_clean\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.firefox.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Windows Live 祅腊?: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
EB: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe "
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Lingoes] c:\program files\lingoes\translator2\Lingoes.exe -minimize
mRun: [ClipX] c:\program files\clipx\clipx.exe
mRun: [ePassAuto_ABChina] c:\program files\95599 certificate tools\ftsafe\CertD_abchina.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_06\bin\jusched.exe "
mRun: [DkStartup] c:\documents and settings\administrator\desktop\711\dkstartup.exe
mRun: [AxMonitor] c:\documents and settings\administrator\desktop\711\axmonitor.exe
mRun: [DkAutoReg] c:\documents and settings\administrator\desktop\711\DkAutoReg.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [ctfmon.exe] ctfmon.exe
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll "
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\admini~1\「開始~1\程式集\啟動\easywi~1.lnk - g:\doc\其召\autohotkey\Easy Window Dragging.ahk
mPolicies-explorer: NoSMMyPictures = 1 (0x1)
mPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Export Current Page To SSReader - c:\program files\ssreader36\ss_all.htm
IE: Export Selection To SSReader - c:\program files\ssreader36\ss_select.htm
IE: 使用迅雷下? - c:\program files\thunder network\thunder\program\geturl.htm
IE: 使用迅雷下?全部?接 - c:\program files\thunder network\thunder\program\getallurl.htm
IE: 剪貼簿文字: 簡 > 繁 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/ClipToTrad
IE: 剪貼簿文字: 繁 > 簡 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/ClipToSim
IE: 網頁: [簡體] 顯示 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/PageToSim
IE: 網頁: [繁體] 顯示 - c:\program files\alibabar\ALiBaBar.dll/RT_HTML/PageToTrad
IE: 蹲 Microsoft Excel(&X) - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: 95599.cn\easyabc
Trusted Zone: 95599.cn\www
Trusted Zone: abchina.com\www
Trusted Zone: 95599.cn\easyabc
Trusted Zone: 95599.cn\www
Trusted Zone: 95599.sh.cn\ebank
Trusted Zone: 95599.sh.cn\www
Trusted Zone: abchina.com\www
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} - hxxp://www.95599.cn/update/down/NetSign.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252079241593
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252079184890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: DkWLNP - DkWLNP.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\34xh3ep0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2457228&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2457228&q=
FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows media player\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "network.protocol-handler.external.foxy ", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "network.protocol-handler.warn-external.foxy ", false);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "network.protocol-handler.expose.foxy ", true);
c:\program files\mozilla firefox\defaults\profile\foxy.js - user_pref( "general.useragent.extra.foxy1 ", "Foxy/1 ");

============= SERVICES / DRIVERS ===============

R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [2008-9-23 5248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 93848]
R2 DkVcm;SafeNet Virtual Channel Monitor;c:\windows\system32\dkvcm.exe [2008-7-29 122880]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 GP_CLT_Service;GP_CLT_Service;c:\windows\system32\GP_CLT_Service.exe [2009-7-8 24576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-30 10384]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-1-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
R3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\drivers\IKEYENUM.SYS [2010-3-7 12240]
R3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\drivers\IKEYIFD.SYS [2010-3-7 18704]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-9-23 222976]
S2 gupdate;Google 更新服務 (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 CIDCUSB;CIDC USB KEY Driver;c:\windows\system32\drivers\CIDCUSB.sys [2009-7-8 17920]
S3 GoogleDesktopManager-093009-130223;「Google 桌面」管理員 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-11-12 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-12-4 25728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RnbToken;Rainbow iKey Token Service;c:\windows\system32\drivers\RNBTOKEN.SYS [2010-3-7 22096]
S4 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [2008-9-23 159616]

=============== Created Last 30 ================

2010-08-06 10:29:03 13 ----a-w- c:\windows\system32\WinSys32.crc
2010-08-06 10:28:34 0 d-----w- c:\docume~1\admini~1\applic~1\CoffeeCup Software
2010-08-06 10:28:22 18944 ----a-w- c:\windows\system32\BORLNDMM.DLL
2010-08-06 10:27:59 0 d-----w- c:\program files\CoffeeCup Software
2010-07-26 10:22:08 13980 ----a-w- c:\windows\Ascd_tmp.ini
2010-07-25 18:09:26 4968 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-07-24 17:14:43 1000 ----a-w- c:\documents and settings\administrator\.opencard.properties
2010-07-24 17:14:43 0 d-----w- c:\documents and settings\administrator\.oos
2010-07-18 08:30:45 743936 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-08-11 17:26:26 536994 ----a-w- c:\windows\system32\prfh0404.dat
2010-08-11 17:26:26 296688 ----a-w- c:\windows\system32\prfc0404.dat
2010-07-13 05:00:50 102400 ----a-w- c:\documents and settings\administrator\com_securenetasia_p11wrapper3_cbs.bochk.com.dll
2010-07-07 05:06:46 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-07 04:41:27 20480 ---ha-w- C:\SZKGFS.dat
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-09-04 17:00:58 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-09-04 17:00:58 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090520090906\index.dat

============= FINISH: 2:32:10.59 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume6
Install Date: 2008/9/23 下午 11:14:26
System Uptime: 2010/8/12 下午 09:21:21 (5 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5KPL-CM
Processor: Intel Pentium III Xeon 處理器 | Socket 775 | 2532/266mhz
Processor: Intel Pentium III Xeon 處理器 | Socket 775 | 2532/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 60 GiB total, 22.737 GiB free.
D: is FIXED (FAT32) - 24 GiB total, 0.434 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 238 GiB total, 53.94 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-252B_________________R701____\5&20F2915F&0&0.0.0
Manufacturer: (標準 CD-ROM 光碟機)
Name: SAMSUNG CD-R/RW SW-252B
PNP Device ID: IDE\CDROMSAMSUNG_CD-R/RW_SW-252B_________________R701____\5&20F2915F&0&0.0.0
Service: cdrom

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: Plug and Play BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: vax347b

==== System Restore Points ===================

RP1: 2010/7/9 下午 10:17:39 - 系統檢查點
RP2: 2010/7/12 下午 12:57:55 - 系統檢查點
RP3: 2010/7/12 下午 01:42:09 - Removed Opera 10.53.
RP4: 2010/7/12 下午 01:42:23 - Installed Opera 10.60.
RP5: 2010/7/18 下午 04:43:50 - 系統檢查點
RP6: 2010/7/18 下午 08:00:17 - Software Distribution Service 3.0
RP7: 2010/7/21 上午 11:46:23 - 系統檢查點
RP8: 2010/7/22 下午 06:31:43 - 系統檢查點
RP9: 2010/7/26 下午 04:19:03 - 系統檢查點
RP10: 2010/8/1 下午 06:56:15 - 系統檢查點
RP11: 2010/8/3 上午 01:25:24 - 系統檢查點
RP12: 2010/8/4 下午 03:49:10 - 系統檢查點
RP13: 2010/8/5 下午 04:20:23 - 系統檢查點
RP14: 2010/8/6 下午 05:54:12 - 系統檢查點
RP15: 2010/8/9 下午 01:18:19 - Removed Foxit PDF IFilter
RP16: 2010/8/10 下午 02:02:19 - 系統檢查點
RP17: 2010/8/12 下午 01:14:33 - 系統檢查點
RP18: 2010/8/13 上午 12:47:02 - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11
Alcohol 120%
AMR to MP3 Converter 1.4
ASCII Art Viewer v2.2.0
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Auto Mouse 1.3
AutoHotkey 1.0.48.05
Brother HL-2140
Cambridge Advanced Learner's Dictionary - 2nd edition
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon S300
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.4
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CDDRV_Installer
ClipX
ConvertZ v8.02
Diskeeper Professional Premier Edition
erLT
ESET NOD32 Antivirus
ESET Online Scanner v3
EVEREST Ultimate Edition v2.50
Facebook Plug-In
FastStone Image Viewer 3.9
FileZilla Client 3.3.3
FileZilla Server (remove only)
FinePrint
FlashGet 1.9.4.1063
FlashSFV v2.5
FLVPlayer4Free Free FLV Player 3.8.0.0
Google Earth Plug-in
Google Update Helper
Google 桌面
Google 瀏覽器
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB954550-v5)
HTC Driver
HTC Sync
ImgBurn
IrfanView (remove only)
J2SE Development Kit 5.0 Update 16
J2SE Development Kit 5.0 Update 17
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
K-Lite Codec Pack 2.70 Standard
KhalInstallWrapper
LeapFTP v2.7.6.613
Lingoes 2.6.2
Logitech SetPoint
Longman Dictionary of Contemporary English 5th Edition
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Media Player Classic v6.4.8.7
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (Chinese (Traditional)) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows Application Compatibility Database
Miranda IM 0.8.27
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multiwin Quotation
Nero 6 Ultra Edition
nLite 1.4.9.1
NVIDIA Drivers
OpenVPN 2.0.9-gui-1.0.3
Opera 10.60
PaperPort
PC Probe II
PCMan 2004
PDFCreator
pdfforge Toolbar v1.1
Picasa 3
Platform
PrimoPDF
PSPad editor
QUICKfind server v1.1
QuickTime Alternative 2.9.2
Real Alternative 1.46
SafeNet Borderless Security PK Client
SafeNet iKey Driver v4.1.0.6
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Segoe UI
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
SSReader3.73
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TortoiseSVN 1.5.9.15518 (32 bit)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
VIA 平台裝置管理員
vLite
VMware Workstation
VNC Free Edition 4.1.3
Web 資料夾的軟體更新
Windows 7 USB/DVD Download Tool
Windows Automated Installation Kit
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation v1.9.40.0 Cracked V3
Windows Imaging Component
Windows Internet Explorer 8
Windows Internet Explorer 8 安全性更新 (KB971961)
Windows Internet Explorer 8 安全性更新 (KB972260)
Windows Internet Explorer 8 安全性更新 (KB978207)
Windows Internet Explorer 8 安全性更新 (KB981332)
Windows Internet Explorer 8 安全性更新 (KB982381)
Windows Internet Explorer 8 更新 (KB972636)
Windows Internet Explorer 8 更新 (KB980182)
Windows Live ?Α?
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Live 祅腊?
Windows Live 更ㄣ
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 10 安全性更新 (KB936782)
Windows Media Player 6.4 安全性更新 (KB925398)
Windows Media Player 安全性更新 (KB952069)
Windows Media Player 安全性更新 (KB954155)
Windows Media Player 安全性更新 (KB968816)
Windows Media Player 安全性更新 (KB973540)
Windows Media Player 安全性更新 (KB978695)
Windows XP Hotfix (KB921411)
Windows XP Hotfix (KB952287)
Windows XP Hotfix (KB961118)
Windows XP Hotfix (KB976098-v2)
Windows XP Hotfix (KB981793)
Windows XP 安全性更新 (KB2229593)
Windows XP 安全性更新 (KB911562)
Windows XP 安全性更新 (KB913580)
Windows XP 安全性更新 (KB914388)
Windows XP 安全性更新 (KB914389)
Windows XP 安全性更新 (KB918118)
Windows XP 安全性更新 (KB918439)
Windows XP 安全性更新 (KB920213)
Windows XP 安全性更新 (KB920670)
Windows XP 安全性更新 (KB920683)
Windows XP 安全性更新 (KB920685)
Windows XP 安全性更新 (KB923191)
Windows XP 安全性更新 (KB923414)
Windows XP 安全性更新 (KB923561)
Windows XP 安全性更新 (KB923689)
Windows XP 安全性更新 (KB923980)
Windows XP 安全性更新 (KB924270)
Windows XP 安全性更新 (KB924667)
Windows XP 安全性更新 (KB925902)
Windows XP 安全性更新 (KB926255)
Windows XP 安全性更新 (KB926436)
Windows XP 安全性更新 (KB927779)
Windows XP 安全性更新 (KB927802)
Windows XP 安全性更新 (KB928255)
Windows XP 安全性更新 (KB928843)
Windows XP 安全性更新 (KB929123)
Windows XP 安全性更新 (KB930178)
Windows XP 安全性更新 (KB931261)
Windows XP 安全性更新 (KB931784)
Windows XP 安全性更新 (KB932168)
Windows XP 安全性更新 (KB933729)
Windows XP 安全性更新 (KB935839)
Windows XP 安全性更新 (KB935840)
Windows XP 安全性更新 (KB936021)
Windows XP 安全性更新 (KB937894)
Windows XP 安全性更新 (KB938127)
Windows XP 安全性更新 (KB938464)
Windows XP 安全性更新 (KB941569)
Windows XP 安全性更新 (KB941693)
Windows XP 安全性更新 (KB943055)
Windows XP 安全性更新 (KB943460)
Windows XP 安全性更新 (KB943485)
Windows XP 安全性更新 (KB944338-v2)
Windows XP 安全性更新 (KB944653)
Windows XP 安全性更新 (KB945553)
Windows XP 安全性更新 (KB946026)
Windows XP 安全性更新 (KB946648)
Windows XP 安全性更新 (KB948590)
Windows XP 安全性更新 (KB950749)
Windows XP 安全性更新 (KB950762)
Windows XP 安全性更新 (KB950974)
Windows XP 安全性更新 (KB951066)
Windows XP 安全性更新 (KB951376-v2)
Windows XP 安全性更新 (KB951698)
Windows XP 安全性更新 (KB951748)
Windows XP 安全性更新 (KB952004)
Windows XP 安全性更新 (KB952954)
Windows XP 安全性更新 (KB953838)
Windows XP 安全性更新 (KB953839)
Windows XP 安全性更新 (KB955069)
Windows XP 安全性更新 (KB956572)
Windows XP 安全性更新 (KB956802)
Windows XP 安全性更新 (KB956803)
Windows XP 安全性更新 (KB956844)
Windows XP 安全性更新 (KB957097)
Windows XP 安全性更新 (KB958470)
Windows XP 安全性更新 (KB958644)
Windows XP 安全性更新 (KB958687)
Windows XP 安全性更新 (KB958869)
Windows XP 安全性更新 (KB959426)
Windows XP 安全性更新 (KB960225)
Windows XP 安全性更新 (KB960803)
Windows XP 安全性更新 (KB960859)
Windows XP 安全性更新 (KB961501)
Windows XP 安全性更新 (KB969059)
Windows XP 安全性更新 (KB969947)
Windows XP 安全性更新 (KB970238)
Windows XP 安全性更新 (KB970430)
Windows XP 安全性更新 (KB971032)
Windows XP 安全性更新 (KB971468)
Windows XP 安全性更新 (KB971486)
Windows XP 安全性更新 (KB971557)
Windows XP 安全性更新 (KB971633)
Windows XP 安全性更新 (KB971657)
Windows XP 安全性更新 (KB972270)
Windows XP 安全性更新 (KB973354)
Windows XP 安全性更新 (KB973507)
Windows XP 安全性更新 (KB973525)
Windows XP 安全性更新 (KB973869)
Windows XP 安全性更新 (KB973904)
Windows XP 安全性更新 (KB974112)
Windows XP 安全性更新 (KB974318)
Windows XP 安全性更新 (KB974392)
Windows XP 安全性更新 (KB974571)
Windows XP 安全性更新 (KB975025)
Windows XP 安全性更新 (KB975467)
Windows XP 安全性更新 (KB975560)
Windows XP 安全性更新 (KB975561)
Windows XP 安全性更新 (KB975562)
Windows XP 安全性更新 (KB975713)
Windows XP 安全性更新 (KB977165)
Windows XP 安全性更新 (KB977816)
Windows XP 安全性更新 (KB977914)
Windows XP 安全性更新 (KB978037)
Windows XP 安全性更新 (KB978251)
Windows XP 安全性更新 (KB978262)
Windows XP 安全性更新 (KB978338)
Windows XP 安全性更新 (KB978542)
Windows XP 安全性更新 (KB978601)
Windows XP 安全性更新 (KB978706)
Windows XP 安全性更新 (KB979309)
Windows XP 安全性更新 (KB979482)
Windows XP 安全性更新 (KB979559)
Windows XP 安全性更新 (KB979683)
Windows XP 安全性更新 (KB980195)
Windows XP 安全性更新 (KB980218)
Windows XP 安全性更新 (KB980232)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB911280)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
Windows XP 更新 (KB925720)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB930916)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB936357)
Windows XP 更新 (KB938828)
Windows XP 更新 (KB951072-v2)
Windows XP 更新 (KB955759)
Windows XP 更新 (KB961503)
Windows XP 更新 (KB967715)
Windows XP 更新 (KB968389)
Windows XP 更新 (KB971737)
Windows XP 更新 (KB973687)
Windows XP 更新 (KB973815)
WinPatrol
WinRAR 壓縮工具
Write-N-Cite
千千?听 5.5
中國農業銀行網上銀行證書工具軟體
中國農業銀行網上銀行證書工具軟體飛天誠信卸載
易頡輸入法

==== End Of File ===========================

pine · 2010/08/12

Done, I have uninstalled, should I post the log again?

PeteC · 2010/08/12

Not necessary

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

broni · 2010/08/12

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive Win32/Mebroot removal

pine Inactive Thread Starter

PeteC SuperGeek Staff

pine Inactive Thread Starter

PeteC SuperGeek Staff

pine Inactive Thread Starter

PeteC SuperGeek Staff

pine Inactive Thread Starter

pine Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Win32/Mebroot removal

pine Inactive Thread Starter

PeteC SuperGeek Staff

pine Inactive Thread Starter

PeteC SuperGeek Staff

pine Inactive Thread Starter

PeteC SuperGeek Staff

pine Inactive Thread Starter

pine Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

Share This Page

Useful Searches