I have scanned with avira, mbam, spybot, superantispyware, windows defender, Trend Micro Sysclean, and Trend Micro RootkitBuster and let them clean the mess up. However, my IE's homepage is still being redirected to -http://www.9348.cn/?205466-. Also, there are some malware that keeps coming back even i had removed it. For example, 8888.exe. Anyware, here are the logs requested.
Malwarebytes' Anti-Malware 1.40
Database version: 2649
Windows 6.0.6001 Service Pack 1
19/8/2009 上午 12:03:33
mbam-log-2009-08-19 (00-03-18).txt
Scan type: Quick Scan
Objects scanned: 82874
Time elapsed: 5 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (www.9348.cn/?205466) Good: (http://www.Google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (www.9348.cn/?205466) Good: (http://www.Google.com/) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.6001.18813
Mozilla Firefox 3.5.2 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:25 Go )
D:\ [Fixed-NTFS] .. ( Total:66 Go - Free:45 Go )
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 00:10.18
Path : C:\Users\Sam\Desktop\Monster Defense\Piriform\Rooter.exe
User : Sam ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (424)
______ C:\Windows\system32\csrss.exe (560)
______ C:\Windows\system32\wininit.exe (624)
______ C:\Windows\system32\csrss.exe (636)
______ C:\Windows\system32\services.exe (668)
______ C:\Windows\system32\lsass.exe (680)
______ C:\Windows\system32\lsm.exe (692)
______ C:\Windows\system32\winlogon.exe (768)
______ C:\Windows\system32\svchost.exe (888)
______ C:\Windows\system32\svchost.exe (948)
______ C:\Windows\System32\svchost.exe (984)
______ C:\Windows\system32\Ati2evxx.exe (1100)
______ C:\Windows\System32\svchost.exe (1128)
______ C:\Windows\System32\svchost.exe (1172)
______ C:\Windows\system32\svchost.exe (1192)
Locked audiodg.exe (1276)
______ C:\Windows\system32\svchost.exe (1300)
______ C:\Windows\system32\SLsvc.exe (1320)
______ C:\Windows\system32\svchost.exe (1408)
______ C:\Windows\system32\Ati2evxx.exe (1452)
______ C:\Windows\system32\svchost.exe (1584)
______ C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (1760)
______ C:\Program Files\ATK Hotkey\ASLDRSrv.exe (1772)
______ C:\Program Files\ATKGFNEX\GFNEXSrv.exe (1788)
______ C:\Windows\system32\Dwm.exe (1888)
______ C:\Windows\System32\spoolsv.exe (1940)
______ C:\Windows\Explorer.EXE (1964)
______ C:\Windows\system32\taskeng.exe (1972)
______ C:\Windows\system32\svchost.exe (2032)
______ C:\Program Files\ASUS\ASUS Live Update\ALU.exe (268)
______ C:\Program Files\ATK Hotkey\Hcontrol.exe (1544)
______ C:\Program Files\ATKOSD2\ATKOSD2.exe (1564)
______ C:\Program Files\Wireless Console 2\wcourier.exe (1580)
______ C:\Program Files\P4G\BatteryLife.exe (1600)
______ C:\Program Files\ASUS\Splendid\ACMON.exe (1592)
______ C:\Windows\System32\ACEngSvr.exe (1872)
______ C:\Windows\system32\taskeng.exe (1504)
______ C:\Program Files\ATK Hotkey\ATKOSD.exe (412)
______ C:\Program Files\ATK Hotkey\KBFiltr.exe (2072)
______ C:\Program Files\Windows Defender\MSASCui.exe (2292)
______ C:\Windows\RtHDVCpl.exe (2300)
______ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (2308)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2316)
______ C:\Program Files\ASUS\ATK Media\DMedia.exe (2328)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2352)
______ C:\Windows\system32\svchost.exe (2380)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2444)
______ C:\Windows\ASScrPro.exe (2464)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2524)
______ C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (2584)
______ C:\Windows\system32\svchost.exe (2740)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (2792)
______ C:\Windows\system32\svchost.exe (2856)
______ C:\Windows\system32\wscript.exe (2876)
______ C:\Windows\system32\wscript.exe (2888)
______ C:\Windows\ehome\ehtray.exe (2960)
______ C:\Windows\System32\svchost.exe (2976)
______ C:\Windows\ehome\ehmsas.exe (3732)
______ C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (1088)
______ C:\Program Files\Opera\opera.exe (2116)
______ C:\Users\Sam\Desktop\Monster Defense\Piriform\Rooter.exe (288)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:8388608000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:8389656576 | Length:80019980288)
\Device\Harddisk0\Partition0 (Start_Offset:88409636864 | Length:71631372288)
\Device\Harddisk0\Partition3 (Start_Offset:88410685440 | Length:71630323712)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Ad-Aware Update (Weekly).job
C:\Windows\Tasks\PCConfidential.job
C:\Windows\Tasks\RPCReminder.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 00:10.28
.
C:\Rooter$\Rooter_1.txt - (19/08/2009 | 00:10.28)
---
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/19 00:17
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8C9E5000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C9DA000 Size: 45056 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA343A000 Size: 49152 File Visible: No Signed: -
Status: -
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Windows\System32\audiodg.exe
PID: 1276 Status: Locked to the Windows API!
SSDT
-------------------
#: 252 Function Name: NtQueryValueKey
Status: Hooked by "C:\Windows\system32\drivers\hpshg.sys" at address 0x8815bc68
==EOF==
---
OTL logfile created on: 19/8/2009 上午 12:31:29 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Sam\Desktop\Monster Defense\Piriform
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.35% Memory free
4.00 Gb Paging File | 3.54 Gb Available in Paging File | 88.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 25.31 Gb Free Space | 33.96% Space Free | Partition Type: NTFS
Drive D: | 66.71 Gb Total Space | 45.77 Gb Free Space | 68.60% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Sam-PC
Current User Name: Sam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\Sam\Desktop\Monster Defense\Piriform\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ADSMService [Auto | Running]) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASLDRService [Auto | Running]) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATKGFNEXSrv [Auto | Running]) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\Windows\System32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\Windows\System32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE (Hewlett-Packard Company)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AsDsm [Boot | Running]) -- C:\Windows\System32\drivers\AsDsm.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ASMMAP [Auto | Running]) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (athr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (BC [Boot | Running]) -- C:\Windows\system32\Drivers\BC.sys (Kingsoft Corporation)
DRV - (bootsafe [Boot | Running]) -- C:\Windows\system32\Drivers\bootsafe.sys ()
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (giveio [Boot | Running]) -- C:\Windows\system32\giveio.sys ()
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HPZius12.sys (HP)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (kbfiltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\kbfiltr.sys ( )
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ATKACPI.sys (ATK0100)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (IntelR Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RivaTuner32 [On_Demand | Stopped]) -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys ()
DRV - (RTL8169 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSGbeLH [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (smserial [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\smserial.sys (Motorola Inc.)
DRV - (SNP2UVC [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\snp2uvc.sys ()
DRV - (speedfan [Boot | Running]) -- C:\Windows\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TPM [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (uiwjxex [Boot | Running]) -- C:\Windows\system32\drivers\hpshg.sys ()
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.9348.cn/?205466
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.9348.cn/?205466
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.hk/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 14:36:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/16 22:19:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 22:18:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 22:21:06 | 00,000,000 | ---D | M]
[2008/06/28 06:50:26 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2008/06/28 06:50:26 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/18 20:48:02 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions
[2009/06/27 15:26:37 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/17 12:50:01 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions\ChoiceGuard@Microsoft
[2009/08/18 20:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 15:31:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/16 20:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/05 15:31:31 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 15:31:31 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/26 08:25:32 | 00,036,864 | ---- | M] (迅雷网?) -- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
[2008/08/26 08:25:32 | 00,053,248 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2009/05/02 05:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/08/13 09:41:02 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/26 09:25:32 | 00,032,768 | ---- | M] (Xunlei Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll
[2009/08/16 20:22:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 02:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 06:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/05 15:31:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/23 10:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/15 12:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/16 22:18:58 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/03 21:16:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/03 21:16:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/03 21:16:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/03 21:16:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/03 21:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/03 21:16:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/03 21:16:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/16 22:19:11 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/16 22:18:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 05:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/07 21:52:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/07 21:52:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/07 21:52:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/07 21:52:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/07 21:52:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/18 11:23:31 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy119.xml
[2009/06/20 14:22:19 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy123.xml
[2009/07/15 10:57:31 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy127.xml
[2009/07/07 21:52:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/07 21:52:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (321522 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11017 more lines...
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [RtHDVCpl] File not found
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: 附加至現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: 雄捃濘5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 雄捃濘5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.102.60.110 218.102.62.71
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - File not found
O18 - Protocol\Filter: - application/x-complus - File not found
O18 - Protocol\Filter: - application/x-msdownload - File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: EventLog - C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Kingsoft Rescue Service - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: EventLog - C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Kingsoft Rescue Service - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {40BB44BF-302A-A85E-571F-B62CB990D0F8} - LightScribe Control Panel
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6F4C67CF-E98F-E5DA-6140-BBBDBC369CCD} - Internet Explorer
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web 資料夾
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {84FFC43C-BD13-4AD9-F854-CE6789EC44F1} - Themes Setup
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D740D9CA-D06E-935A-E680-B1B65240A182} - Offline Browsing Pack
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: aux - wdmaud.drv File not found
Drivers32: midi - wdmaud.drv File not found
Drivers32: midimapper - midimap.dll File not found
Drivers32: mixer - wdmaud.drv File not found
Drivers32: msacm.ac3acm - AC3ACM.acm File not found
Drivers32: msacm.imaadpcm - imaadp32.acm File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm File not found
Drivers32: msacm.lameacm - lameACM.acm File not found
Drivers32: msacm.msadpcm - msadp32.acm File not found
Drivers32: msacm.msg711 - msg711.acm File not found
Drivers32: msacm.msgsm610 - msgsm32.acm File not found
Drivers32: msacm.siren - sirenacm.dll File not found
Drivers32: msacm.vorbis - vorbis.acm File not found
Drivers32: msacm.voxacm160 - vct3216.acm File not found
Drivers32: MSVideo8 - VfWWDM32.dll File not found
Drivers32: vidc.cvid - iccvid.dll File not found
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.HFYU - huffyuv.dll File not found
Drivers32: vidc.i420 - iyuv_32.dll File not found
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: VIDC.IYUV - iyuv_32.dll File not found
Drivers32: vidc.mrle - msrle32.dll File not found
Drivers32: vidc.msvc - msvidc32.dll File not found
Drivers32: VIDC.UYVY - msyuv.dll File not found
Drivers32: vidc.VP60 - vp6vfw.dll File not found
Drivers32: vidc.VP61 - vp6vfw.dll File not found
Drivers32: vidc.VP62 - vp6vfw.dll File not found
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found
Drivers32: VIDC.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YUY2 - msyuv.dll File not found
Drivers32: vidc.yv12 - DivX.dll File not found
Drivers32: VIDC.YVU9 - tsbyuv.dll File not found
Drivers32: VIDC.YVYU - msyuv.dll File not found
Drivers32: wave - wdmaud.drv File not found
Drivers32: wave1 - serwvdrv.dll File not found
Drivers32: wavemapper - msacm32.drv File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/08/19 00:10:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/18 23:56:48 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/18 23:56:46 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/18 23:56:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 23:53:38 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/18 23:48:55 | 00,000,920 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/18 23:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/18 23:44:22 | 00,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2009/08/18 20:09:47 | 00,000,000 | R--D | C] -- C:\Users\Sam\Desktop\Monster Defense
[2009/08/18 20:08:40 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/18 20:03:53 | 01,068,350 | ---- | C] () -- C:\Windows\System32\8888.exe
[2009/08/18 19:58:07 | 00,128,921 | ---- | C] () -- C:\Windows\System32\cachev.exe
[2009/08/18 18:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/18 08:11:32 | 00,029,272 | R--- | C] (Adobe Systems Incorporated.) -- C:\Windows\System32\AdobePDF.dll
[2009/08/17 11:01:05 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Kingsoft
[2009/08/17 11:01:02 | 00,024,944 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\BC.sys
[2009/08/17 11:01:01 | 00,015,728 | ---- | C] () -- C:\Windows\System32\drivers\bootsafe.sys
[2009/08/17 11:00:52 | 00,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2009/08/16 22:45:43 | 06,291,456 | -H-- | C] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/16 22:32:48 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/08/16 22:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/08/16 22:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/08/16 22:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/08/16 20:23:24 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/16 20:23:24 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/16 20:23:24 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/16 10:42:48 | 00,144,607 | -HS- | C] () -- C:\Windows\System32\1223.exe
[2009/08/14 18:55:16 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2009/08/14 18:55:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/14 18:38:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/14 18:35:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/08/12 22:35:49 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 22:35:33 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 22:35:18 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 22:35:17 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 22:35:16 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 22:35:15 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 22:35:15 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 22:35:15 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 22:35:14 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 22:35:14 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/12 22:35:09 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/12 22:35:09 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/12 22:35:09 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/12 22:35:09 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/12 22:35:08 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/12 22:35:08 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/12 22:35:06 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/12 22:35:06 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/12 22:35:03 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 22:33:48 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/11 20:44:14 | 00,002,010 | ---- | C] () -- C:\Windows\System32\Web.Ini
[2009/08/11 17:57:35 | 00,000,000 | -HSD | C] -- C:\Windows\ljjkky
[2009/08/11 17:57:07 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/11 17:57:07 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/11 11:23:49 | 00,001,799 | ---- | C] () -- C:\Users\Sam\Desktop\Thunder.lnk
[2009/08/11 11:20:39 | 00,000,000 | -HSD | C] -- C:\Windows\pddk
[2009/08/10 11:45:22 | 00,000,000 | ---D | C] -- C:\Users\Sam\Documents\Xilisoft Corporation
[2009/08/10 11:45:20 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Xilisoft Corporation
[2009/08/03 21:14:08 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/03 09:29:44 | 00,000,017 | -HS- | C] () -- C:\Windows\52.vbs
[2009/07/31 18:38:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/30 19:57:00 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/30 17:36:27 | 33,942,378 | ---- | C] () -- C:\Users\Sam\Desktop\HKNEXT1012B.pdb
[2009/07/29 17:58:54 | 00,421,888 | ---- | C] (Gabest) -- C:\Windows\System32\RealMediaSplitter.ax
[2009/07/29 17:58:54 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/07/29 17:58:54 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/07/29 12:45:23 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/29 12:45:22 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/29 12:45:21 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/29 12:45:20 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/29 12:45:20 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/29 12:45:20 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/29 12:45:20 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/29 12:45:20 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/29 12:45:20 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/29 12:45:20 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/29 12:45:20 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/29 12:45:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/29 12:45:20 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/29 12:45:20 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/29 12:45:20 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/29 12:45:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/29 12:45:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/29 12:45:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/29 12:45:19 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/29 12:45:19 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/29 12:45:19 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/29 00:04:43 | 00,000,811 | ---- | C] () -- C:\Users\Sam\Desktop\SpeedFan.lnk
[2009/07/29 00:04:43 | 00,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2009/07/29 00:04:41 | 00,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2009/07/28 23:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24
[2009/07/28 16:51:07 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/28 16:51:05 | 00,000,000 | ---D | C] -- C:\3997b1d847cc3e941129
[2009/07/27 19:07:27 | 00,000,000 | R-SD | C] -- C:\Users\Sam\Documents\My Stationery
[2009/07/27 19:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/07/27 19:00:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/27 19:00:22 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/07/27 19:00:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/27 18:53:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/25 18:07:34 | 03,122,304 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2009/07/25 14:31:23 | 00,000,000 | ---D | C] -- C:\Users\Sam\Documents\喀蝦 楝斜
[2009/07/25 14:31:23 | 00,000,000 | ---D | C] -- C:\ProgramData\NexonTW
[2009/07/25 14:29:08 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\CSO
[2009/07/22 23:05:31 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/07/22 23:05:31 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/07/22 23:05:12 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/22 23:04:49 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/22 22:39:44 | 00,000,000 | ---D | C] -- C:\redsn0w-win_0.8
[2009/07/22 22:24:28 | 00,000,000 | ---D | C] -- C:\Users\Sam\Desktop\redsn0w-win 0.7.1
[2009/07/22 11:12:32 | 00,000,000 | -HS- | C] () -- C:\Windows\System32\555.vbs
[2009/07/20 19:50:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Grid
[2009/04/22 14:53:33 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/01/14 00:57:52 | 00,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini
[2009/01/13 15:43:17 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008/11/28 04:15:42 | 00,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/10/01 10:52:47 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/09/08 07:41:52 | 00,032,768 | ---- | C] () -- C:\Windows\System32\eOny.dll
[2008/09/08 07:41:52 | 00,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hpshg.sys
[2008/07/21 07:24:54 | 00,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008/06/23 14:46:14 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/10 22:29:08 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/12/29 13:13:22 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/12/29 13:13:22 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/12/20 22:02:19 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/10/01 14:59:45 | 01,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/06/28 18:54:10 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/06/28 18:52:18 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/05/09 15:16:39 | 00,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/04/25 00:41:11 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/01/25 02:08:39 | 00,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2006/11/02 20:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 15:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 18:57:59 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/09/15 22:40:22 | 00,160,768 | ---- | C] () -- C:\Windows\System32\Unrar.dll
[2005/04/22 02:51:26 | 00,000,020 | ---- | C] () -- C:\Windows\GraphEdit.INI
[2003/03/06 20:17:30 | 00,004,881 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/05/15 12:58:38 | 00,122,880 | ---- | C] () -- C:\Windows\System32\v2k2_dec.dll
[1996/04/04 03:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== Files - Modified Within 30 Days ==========
[2009/08/19 00:05:41 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2009/08/19 00:05:28 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/19 00:05:27 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/19 00:05:26 | 00,000,438 | ---- | M] () -- C:\Windows\tasks\RPCReminder.job
[2009/08/19 00:05:26 | 00,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2009/08/19 00:05:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/19 00:05:17 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/19 00:04:27 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/08/19 00:04:21 | 06,291,456 | -H-- | M] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/18 23:48:55 | 00,000,920 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/18 20:05:22 | 01,068,350 | ---- | M] () -- C:\Windows\System32\8888.exe
[2009/08/18 19:58:26 | 00,128,921 | ---- | M] () -- C:\Windows\System32\cachev.exe
[2009/08/18 15:48:59 | 00,000,772 | ---- | M] () -- C:\Users\Sam\Desktop\Spider Player.lnk
[2009/08/17 20:19:11 | 00,041,984 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 11:36:27 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/08/17 11:03:43 | 00,001,799 | ---- | M] () -- C:\Users\Sam\Desktop\Thunder.lnk
[2009/08/16 23:23:33 | 00,002,010 | ---- | M] () -- C:\Windows\System32\Web.Ini
[2009/08/16 22:18:58 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/08/16 22:18:43 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/08/16 22:18:43 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/08/16 22:18:41 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/08/16 22:17:33 | 00,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2009/08/16 20:22:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/08/16 20:22:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/16 20:22:58 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/16 20:22:58 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/16 10:42:48 | 00,144,607 | -HS- | M] () -- C:\Windows\System32\1223.exe
[2009/08/13 17:19:38 | 00,321,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2009/08/13 17:19:38 | 00,321,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/13 14:12:35 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/12 23:36:31 | 00,000,135 | ---- | M] () -- C:\Windows\Mp3CutterJoiner.ini
[2009/08/12 23:36:31 | 00,000,005 | ---- | M] () -- C:\Windows\System32\SySMP3CutJoin.dat
[2009/08/12 01:45:55 | 00,005,284 | ---- | M] () -- C:\Windows\System32\cid_store.dat
[2009/08/12 01:45:44 | 00,000,026 | ---- | M] () -- C:\Windows\System32\xlhcc.dat
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/05 20:58:39 | 01,491,542 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/05 20:58:39 | 00,666,962 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/08/05 20:58:39 | 00,598,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/05 20:58:39 | 00,119,086 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/08/05 20:58:39 | 00,105,784 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/03 09:29:44 | 00,000,017 | -HS- | M] () -- C:\Windows\52.vbs
[2009/07/31 18:48:10 | 00,318,460 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090813-171938.backup
[2009/07/30 19:57:00 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/30 17:43:49 | 33,942,378 | ---- | M] () -- C:\Users\Sam\Desktop\HKNEXT1012B.pdb
[2009/07/30 08:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/29 17:58:54 | 00,421,888 | ---- | M] (Gabest) -- C:\Windows\System32\RealMediaSplitter.ax
[2009/07/29 00:04:43 | 00,000,811 | ---- | M] () -- C:\Users\Sam\Desktop\SpeedFan.lnk
[2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/07/27 19:01:14 | 00,000,814 | ---- | M] () -- C:\Users\Sam\Documents\My Sharing Folders.lnk
[2009/07/22 11:12:32 | 00,000,000 | -HS- | M] () -- C:\Windows\System32\555.vbs
[2009/07/22 05:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/22 05:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/22 05:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/22 05:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/22 05:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/22 05:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/22 05:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/22 05:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/22 05:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/22 05:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/22 05:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/22 05:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/22 05:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/22 05:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/22 05:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/22 05:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/22 04:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/22 04:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/22 04:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/22 04:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/22 02:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009/07/21 21:34:32 | 00,490,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== LOP Check ==========
[2009/08/18 20:08:55 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming
[2008/06/20 18:09:19 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ATI
[2008/07/04 10:29:30 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Autodesk
[2009/07/12 18:43:50 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BeoMediaDatabase
[2009/01/02 13:41:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BSplayer PRO
[2008/08/09 07:32:25 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CCTV
[2009/07/15 19:43:32 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2009/07/16 11:05:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FUPPES
[2008/10/28 11:37:30 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\JLC's Software
[2009/08/17 11:01:05 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kingsoft
[2006/11/02 20:37:34 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Media Center Programs
[2008/06/28 13:33:20 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MessengerGadget
[2008/09/19 22:51:08 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Opera
[2008/08/26 11:23:12 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2009/08/18 17:13:36 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spider Player
[2009/08/10 11:45:20 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Xilisoft Corporation
[2009/08/13 14:12:35 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/19 00:05:26 | 00,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2009/08/19 00:05:26 | 00,000,438 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2009/08/19 00:05:25 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/19 00:04:28 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %systemroot%\System32\antiwpa.dll >
< %systemroot%\SYSTEM32\wpa.dll >
< %systemroot%\setup\scripts\biestart.exe >
< %systemroot%\system32\drivers\royal.sys >
< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >
< %TEMP%\antiwpa_crypt.dll >
< %TEMP%\antiwpa.dll /s >
< %PROGRAMFILES%\antiwpa.dll /s >
< %systemroot%\system32\crypt.dll >
< %TEMP%\crypt.dll >
< %SYSTEMDRIVE%\*. >
[2009/08/19 00:30:38 | 00,000,000 | ---D | M] -- C:
[2009/07/29 00:59:07 | 00,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009/07/28 17:05:25 | 00,000,000 | ---D | M] -- C:\3997b1d847cc3e941129
[2008/03/10 20:16:44 | 00,000,000 | ---D | M] -- C:\ADOBE
[2008/09/25 23:09:03 | 00,000,000 | -HSD | M] -- C:\Boot
[2009/08/18 23:26:25 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2006/11/02 21:02:03 | 00,000,000 | -HSD | M] -- C:\Documents and Settings
[2008/03/10 20:11:46 | 00,000,000 | ---D | M] -- C:\NIS
[2008/09/25 22:59:50 | 00,000,000 | ---D | M] -- C:\PerfLogs
[2008/03/10 08:48:54 | 00,000,000 | ---D | M] -- C:\Preload
[2009/08/18 23:56:46 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/08/18 10:01:05 | 00,000,000 | -H-D | M] -- C:\ProgramData
[2009/08/06 23:34:12 | 00,000,000 | ---D | M] -- C:\redsn0w-win_0.8
[2009/08/19 00:10:28 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/08/18 23:49:31 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/08/12 01:49:17 | 00,000,000 | ---D | M] -- C:\TDDOWNLOAD
[2008/06/26 15:26:58 | 00,000,000 | ---D | M] -- C:\TeklaStructures
[2008/06/26 16:22:41 | 00,000,000 | ---D | M] -- C:\TeklaStructuresModels
[2009/08/16 23:44:26 | 00,000,000 | R--D | M] -- C:\Users
[2009/08/18 23:53:38 | 00,000,000 | ---D | M] -- C:\Windows
< %SYSTEMDRIVE%\*.* >
[2009/08/19 00:05:08 | 00,056,514 | ---- | M] () -- C:\aaw7boot.log
[2006/09/19 05:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 15:45:45 | 00,333,203 | RHS- | M] () -- C:\bootmgr
[2007/04/25 01:05:41 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 05:43:37 | 00,000,010 | ---- | M] () -- C:\config.sys
[2007/03/06 18:43:44 | 00,000,019 | ---- | M] () -- C:\CQ13.txt
[2008/03/10 22:45:30 | 00,019,013 | ---- | M] () -- C:\devlist.txt
[2008/01/30 15:25:16 | 00,000,013 | ---- | M] () -- C:\F5SL_Vista.10
[2008/03/10 22:42:09 | 00,000,009 | ---- | M] () -- C:\Finish.log
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/23 11:21:10 | 00,001,342 | ---- | M] () -- C:\lma_log.html
[2009/07/17 18:04:18 | 00,000,000 | ---- | M] () -- C:\lojk.log
[2008/01/18 15:54:05 | 01,048,576 | ---- | M] () -- C:\M51SeAS.BIN
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/08/08 05:43:02 | 00,000,015 | ---- | M] () -- C:\NERO.LOG
[2007/05/17 11:35:24 | 00,000,015 | ---- | M] () -- C:\NIS2007_Q.TXT
[2007/03/16 07:18:45 | 00,000,025 | ---- | M] () -- C:\OFFICE2007_Q.TXT
[2009/08/19 00:05:08 | 24,605,20448 | -HS- | M] () -- C:\pagefile.sys
[2008/03/10 09:57:25 | 00,000,105 | ---- | M] () -- C:\Pass.txt
[2008/01/22 08:22:18 | 00,001,526 | ---- | M] () -- C:\Patch.LOG
[2007/05/24 06:43:40 | 00,000,017 | ---- | M] () -- C:\READER_Q.TXT
[2007/12/18 09:43:17 | 00,000,026 | ---- | M] () -- C:\RECOVERY.DAT
[2008/03/10 22:04:47 | 00,000,426 | ---- | M] () -- C:\RHDSetup.log
[2009/08/19 00:13:09 | 00,002,132 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-13-09).txt
[2009/08/19 00:13:37 | 00,002,146 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-13-37).txt
[2009/08/19 00:14:35 | 00,002,132 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-14-35).txt
[2009/08/19 00:15:04 | 00,002,132 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-15-04).txt
[2009/08/19 00:17:15 | 00,002,146 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-17-15).txt
[2009/08/19 00:17:56 | 00,002,132 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-17-56).txt
[2009/08/19 00:21:43 | 00,002,132 | ---- | M] () -- C:\RootRepeal report 08-19-09 (00-21-43).txt
[2008/09/04 15:27:42 | 03,932,184 | ---- | M] () -- C:\snp2uvc-001.raw
[2006/05/16 08:22:24 | 00,000,005 | ---- | M] () -- C:\store.log
[2008/03/10 20:00:27 | 00,000,166 | ---- | M] () -- C:\SumHidd.txt
[2008/03/10 19:59:01 | 00,000,098 | ---- | M] () -- C:\SumOS.txt
[2007/12/07 04:22:16 | 00,000,023 | ---- | M] () -- C:\V54.TXT
< %PROGRAMFILES%\*. >
[2009/08/18 23:56:46 | 00,000,000 | R--D | M] -- C:\Program Files
[2008/08/30 07:03:35 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/07/01 00:27:29 | 00,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2008/08/08 16:00:08 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/03/10 22:28:41 | 00,000,000 | ---D | M] -- C:\Program Files\ASUS
[2009/07/12 12:19:19 | 00,000,000 | ---D | M] -- C:\Program Files\Atheros
[2008/03/10 21:44:25 | 00,000,000 | ---D | M] -- C:\Program Files\ATI
[2008/03/10 21:47:04 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/03/10 21:57:06 | 00,000,000 | ---D | M] -- C:\Program Files\ATK Hotkey
[2008/03/10 22:22:48 | 00,000,000 | ---D | M] -- C:\Program Files\ATKGFNEX
[2008/03/10 21:57:49 | 00,000,000 | ---D | M] -- C:\Program Files\ATKOSD2
[2009/01/13 13:03:26 | 00,000,000 | ---D | M] -- C:\Program Files\Audacity
[2008/06/23 16:20:13 | 00,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2007
[2008/06/23 16:02:19 | 00,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2008
[2008/06/20 18:46:04 | 00,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/03/06 15:08:27 | 00,000,000 | ---D | M] -- C:\Program Files\Bang & Olufsen
[2009/06/27 14:02:28 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/12/16 13:52:02 | 00,000,000 | ---D | M] -- C:\Program Files\CDex_150
[2009/08/18 20:54:34 | 00,000,000 | ---D | M] -- C:\Program Files\Cheat Engine
[2009/06/30 17:26:08 | 00,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2009/08/17 10:42:28 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/03/10 22:10:44 | 00,000,000 | ---D | M] -- C:\Program Files\CSR
[2009/08/16 22:21:08 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/08/18 23:48:55 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/01/02 13:41:17 | 00,000,000 | ---D | M] -- C:\Program Files\Final Codecs
[2009/07/16 11:05:17 | 00,000,000 | ---D | M] -- C:\Program Files\Free UPnP Entertainment Service
[2008/07/11 08:26:20 | 00,000,000 | ---D | M] -- C:\Program Files\HandWrite
[2008/06/23 17:31:29 | 00,000,000 | ---D | M] -- C:\Program Files\IBM
[2009/07/29 00:35:05 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/08/16 17:24:27 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/08/04 18:06:17 | 00,000,000 | ---D | M] -- C:\Program Files\iPhoneBrowser
[2009/07/22 23:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/07/22 23:05:30 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/07/31 19:16:08 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/07/02 14:06:46 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/03/11 09:09:35 | 00,000,000 | ---D | M] -- C:\Program Files\Lyrics
[2009/08/18 23:56:52 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/27 19:00:39 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/06/23 18:15:55 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/04/24 18:00:47 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 20:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/06/23 18:14:59 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/07/31 19:03:19 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/07/27 19:03:11 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/06/23 18:14:21 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/09/04 10:35:22 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/06/23 18:11:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/12 12:19:19 | 00,000,000 | ---D | M] -- C:\Program Files\Motorola
[2008/09/25 23:01:19 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/18 23:54:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/01/13 15:43:18 | 00,000,000 | ---D | M] -- C:\Program Files\MP3 Cutter Joiner
[2008/06/23 17:16:10 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/04/25 00:31:30 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/01/23 15:51:06 | 00,000,000 | ---D | M] -- C:\Program Files\My Music
[2009/08/16 22:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/08/18 23:44:22 | 00,000,000 | ---D | M] -- C:\Program Files\NirSoft
[2009/07/14 11:47:23 | 00,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/08/13 18:20:21 | 00,000,000 | ---D | M] -- C:\Program Files\Opera
[2009/07/12 12:19:19 | 00,000,000 | ---D | M] -- C:\Program Files\P4G
[2008/03/10 22:27:29 | 00,000,000 | ---D | M] -- C:\Program Files\Power4Gear eXtreme
[2009/08/03 21:16:32 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/10/22 14:13:03 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2008/03/10 22:03:36 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 20:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/15 11:58:30 | 00,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/07/28 23:50:51 | 00,000,000 | ---D | M] -- C:\Program Files\RivaTuner v2.24
[2009/05/18 11:36:46 | 00,000,000 | ---D | M] -- C:\Program Files\Samantha Swift and the Golden Touch
[2009/08/16 22:17:34 | 00,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2009/08/18 15:48:59 | 00,000,000 | ---D | M] -- C:\Program Files\Spider Player
[2008/07/15 06:47:46 | 00,000,000 | ---D | M] -- C:\Program Files\Sun
[2008/03/10 22:21:44 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/10/03 15:29:05 | 00,000,000 | ---D | M] -- C:\Program Files\Thunder Network
[2009/08/18 18:57:12 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 21:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/25 23:01:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/09/25 23:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/09/25 23:01:16 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/09/25 23:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/08/17 12:55:01 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/07/27 19:00:13 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/08/12 22:39:01 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/08/12 22:39:32 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 20:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/25 23:01:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/09/25 23:01:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/07/02 13:49:17 | 00,000,000 | ---D | M] -- C:\Program Files\Winferno
[2009/02/26 23:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2008/03/10 22:09:10 | 00,000,000 | ---D | M] -- C:\Program Files\Wireless Console 2
[2009/08/01 14:30:33 | 00,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2009/01/30 12:47:14 | 00,000,000 | ---D | M] -- C:\Program Files\Xvid
< %systemroot%\system32\drivers\*.dat >
< %PROGRAMFILES%\*.* >
[2009/08/17 11:36:27 | 00,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\*.* >
[2009/01/02 13:41:49 | 00,000,680 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\coreavc.ini
[2008/08/26 11:23:12 | 00,024,206 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\UserTile.png
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: DESKTOP
< %USERNAME%\*.exe >
< %USERPROFILE%\*.exe >
< %ALLUSERSPROFILE%\*.exe >
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMROOT%\*.exe >
[2008/03/10 22:29:23 | 00,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
[2008/03/10 22:29:13 | 00,037,232 | ---- | M] () -- C:\Windows\ASScrProlog.exe
[2008/03/10 22:29:13 | 00,274,800 | ---- | M] (ASUSTeK Computer Inc) -- C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
[2008/03/10 22:29:13 | 04,814,371 | ---- | M] (Macromedia, Inc.) -- C:\Windows\ASUS Camera ScreenSaver.exe
[2008/01/19 15:33:01 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2008/10/29 14:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/03/10 22:29:09 | 00,606,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\flashax.exe
[2008/01/19 15:33:11 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2008/01/19 15:33:11 | 00,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2006/11/02 17:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe
[2008/03/10 22:03:36 | 00,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2008/01/19 15:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2007/08/07 01:18:31 | 00,081,920 | ---- | M] () -- C:\Windows\PGMonitor.exe
[2008/01/19 15:33:24 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe
[2008/01/07 16:25:13 | 04,853,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2008/01/08 13:10:39 | 00,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2007/11/07 17:31:37 | 01,191,936 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2007/11/20 18:15:57 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe
[2007/10/17 13:48:23 | 02,373,889 | ---- | M] (Macrovision Corporation) -- C:\Windows\snuninst.exe
[2006/11/02 20:34:41 | 00,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe
[2006/11/02 20:34:41 | 00,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe
[2006/09/19 05:43:37 | 00,256,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhelp.exe
[2006/11/02 17:45:57 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe
< %systemroot%\system32\drivers\*.exe >
< %systemroot%\system\*.exe >
< %systemroot%\AppPatch\*.exe >
< %systemroot%\Cache\*.exe >
< %systemroot%\Downloaded Program Files\*.exe >
< %systemroot%\Fonts\*.exe >
< %systemroot%\Help\*.exe >
< %APPDATA%\*.exe >
< %APPDATA%\Google\*.exe >
< %systemroot%\system32\inf\*.exe >
< %APPDATA%\Opera\Opera\profile\widgets\*.exe >
< %PROGRAMFILES%\Opera\program\plugins\*.exe >
[2009/07/18 11:21:02 | 00,257,440 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe
< %APPDATA%\Opera\Opera\profile\toolbar\*.exe >
< %systemroot%\Web\*.exe >
< %systemroot%\Wbem\*.exe >
< %systemroot%\twain_32\*.exe >
< %systemroot%\WinSxS\*.exe >
< %systemroot%\Sun\*.exe >
< %systemroot%\srchasst\*.exe >
< %systemroot%\Shellnew\*.exe >
< %systemroot%\Security\*.exe >
< %systemroot%\Resources\*.exe >
< %systemroot%\Repair\*.exe >
< %systemroot%\Registration\*.exe >
< %systemroot%\RegisteredPackages\*.exe >
< %systemroot%\pss\*.exe >
< %systemroot%\Provisioning\*.exe >
< %systemroot%\PIF\*.exe >
< %systemroot%\PeerNet\*.exe >
< %systemroot%\PcTel\*.exe >
< %systemroot%\Offline Web Pages\*.exe >
< %systemroot%\network diagnostic\*.exe >
< %systemroot%\mui\*.exe >
< %systemroot%\msapps\*.exe >
< %systemroot%\msagent\*.exe >
[2008/01/19 15:33:01 | 00,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\msagent\AgentSvr.exe
< %systemroot%\minidump\*.exe >
< %systemroot%\media\*.exe >
< %systemroot%\Help\*.exe >
< %systemroot%\ie7\*.exe >
< %systemroot%\ie7updates\*.exe >
< %systemroot%\ime\*.exe >
< %systemroot%\installer\*.exe >
< %systemroot%\internet logs\*.exe >
< %systemroot%\Cursors\*.exe /s >
< %systemroot%\Config\*.exe >
< %systemroot%\internet logs\*.exe >
< %systemroot%\Assembly\*.exe >
< %systemroot%\internet logs\*.exe /s >
< %systemroot%\AppPatch\*.exe >
< %systemroot%\l2schemas\*.exe >
< %systemroot%\Debug\*.exe >
< %systemroot%\ehome\*.exe >
[2008/01/19 15:38:17 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehexthost.exe
[2008/01/19 15:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/01/19 15:33:09 | 00,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehprivjob.exe
[2008/01/19 15:33:09 | 00,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrec.exe
[2008/01/19 15:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe
[2006/11/02 20:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe
[2006/11/02 20:35:34 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehshell.exe
[2008/01/19 15:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2009/04/30 18:28:22 | 00,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehvid.exe
[2006/11/02 20:35:34 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\loadmxf.exe
[2009/04/30 20:00:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\McrMgr.exe
[2006/11/02 20:35:32 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\mcspad.exe
[2008/08/05 17:51:47 | 00,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\mcupdate.exe
[2008/01/19 15:33:14 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\Mcx2Prov.exe
[2006/11/02 20:35:29 | 00,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\RegisterMCEApp.exe
< %systemroot%\Connection Wizard\*.exe >
< %systemroot%\system32\1025\*.exe >
< %systemroot%\system32\1028\*.exe >
< %systemroot%\system32\1031\*.exe >
< %systemroot%\system32\1033\*.exe >
< %systemroot%\system32\1037\*.exe >
< %systemroot%\system32\1041\*.exe >
< %systemroot%\system32\1042\*.exe >
< %systemroot%\system32\1054\*.exe >
< %systemroot%\system32\2052\*.exe >
< %systemroot%\system32\3076\*.exe >
< %systemroot%\system32\appmgmt\*.exe >
< %systemroot%\system32\bits\*.exe >
< %systemroot%\system32\catroot\*.exe >
< %systemroot%\system32\catroot2\*.exe >
< %systemroot%\system32\com\*.exe >
[2006/11/02 17:44:59 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\com\comrepl.exe
[2006/11/02 17:45:23 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\com\MigRegDB.exe
< %systemroot%\system32\config\*.exe >
< %systemroot%\system32\dhcp\*.exe >
< %systemroot%\system32\DirectX\*.exe >
< %systemroot%\system32\drvstore\*.exe >
< %systemroot%\system32\en\*.exe >
< %systemroot%\system32\en-us\*.exe >
< %systemroot%\system32\export\*.exe >
< %systemroot%\system32\GroupPolicy\*.exe >
< %systemroot%\system32\ias\*.exe >
< %systemroot%\system32\icsxml\*.exe >
< %systemroot%\system32\ime\*.exe >
< %systemroot%\system32\inetsrv\*.exe >
< %systemroot%\system32\LogFiles\*.exe >
< %systemroot%\system32\Macromed\*.exe >
< %systemroot%\system32\Microsoft\*.exe >
< %systemroot%\system32\Msdtc\*.exe >
< %systemroot%\system32\Mui\*.exe >
< %systemroot%\system32\npp\*.exe >
< %systemroot%\system32\NtMsData\*.exe >
< %systemroot%\system32\oobe\*.exe >
[2008/01/19 15:33:01 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oobe\audit.exe
[2008/01/19 15:33:17 | 01,315,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oobe\msoobe.exe
[2008/01/19 15:33:19 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oobe\oobeldr.exe
[2008/01/19 15:42:42 | 00,195,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oobe\Setup.exe
[2008/01/19 15:33:37 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\oobe\windeploy.exe
< %systemroot%\system32\PreInstall\*.exe >
< %systemroot%\system32\ras\*.exe >
< %systemroot%\system32\ReInstallBackups\*.exe >
< %systemroot%\system32\Restore\*.exe >
< %systemroot%\system32\Scripting\*.exe >
< %systemroot%\system32\Setup\*.exe >
< %systemroot%\system32\ShellExt\*.exe >
< %systemroot%\system32\SoftwareDistribution\*.exe >
< %systemroot%\system32\URTTEmp\*.exe >
[2003/02/21 05:16:08 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\URTTEmp\regtlib.exe
< %systemroot%\system32\USMT\*.exe >
< %systemroot%\system32\Wbem\*.exe >
[2008/01/19 15:33:15 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\mofcomp.exe
[2008/01/19 15:33:27 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\scrcons.exe
[2008/01/19 15:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\unsecapp.exe
[2008/01/19 15:33:35 | 00,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\wbemtest.exe
[2008/01/19 15:33:37 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\WinMgmt.exe
[2008/01/19 15:33:39 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\WMIADAP.exe
[2008/01/19 15:33:39 | 00,137,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\WmiApSrv.exe
[2008/01/19 15:33:39 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\WMIC.exe
[2009/03/03 10:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wbem\WmiPrvSE.exe
< %systemroot%\system32\Wins\*.exe >
< %systemroot%\system32\Xircom\*.exe >
< %systemroot%\system32\XPSViewer\*.exe >
[2008/06/20 09:14:45 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XPSViewer\XPSViewer.exe
< %COMMONPROGRAMFILES%\*.exe >
< %TEMP%\*.* >
[2009/08/19 00:05:34 | 00,031,832 | ---- | M] () -- C:\Users\SamT~1\AppData\Local\Temp\Sam.bmp
[2009/08/19 00:30:53 | 00,001,646 | ---- | M] () -- C:\Users\SamT~1\AppData\Local\Temp\wmplog00.sqm
< set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Sam\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=Sam-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
EDM_LIC13_4_5=9GElXKtBOo3Pn'nSOzlg'fFqLnrsoc7Z-Gn_W)e24yPnET5x,GYMFwlj_zy
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Sam
LOCALAPPDATA=C:\Users\Sam\AppData\Local
LOGONSERVER=\\Sam-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\FlySoft;D:\FlySoft;;C:\Program Files\Common Files\DivX Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\SamT~1\AppData\Local\Temp
TMP=C:\Users\Sam~1\AppData\Local\Temp
USERDOMAIN=Sam-PC
USERNAME=Sam
USERPROFILE=C:\Users\Sam
windir=C:\Windows
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
========== Files - Unicode (All) ==========
[2008/04/24 20:45:50 | 00,000,000 | ---D | M](C:\Users\Sam\Desktop\MHSX(?化)) -- C:\Users\Sam\Desktop\MHSX(汉化)
[2008/10/01 23:26:06 | 00,000,000 | ---- | C] ()(C:\Users\Sam\Documents\±D‥_3!|‥?y‥a--¥o-?-P?·.pdf) -- C:\Users\Sam\Documents\±Ð¨_³¡¦¨»y¨å--¥ô«P»·.pdf
[2008/10/01 23:26:06 | 00,000,000 | ---- | M] ()(C:\Users\Sam\Documents\±D‥_3!|‥?y‥a--¥o-?-P?·.pdf) -- C:\Users\Sam\Documents\±Ð¨_³¡¦¨»y¨å--¥ô«P»·.pdf
[2009/07/12 13:06:05 | 00,000,000 | ---D | C](C:\Users\Sam\Desktop\MHSX(?化)) -- C:\Users\Sam\Desktop\MHSX(汉化)
< End of report >
Thanks,
1needhelp
Full Version: IE homepage hijacked
hi
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
I launched it and nothing happened. Not sure if it works on vista.
rename it to abcd.exe
work then ?
work then ?
yea it's working now.
ok lets see the log
ComboFix 09-08-19.04 - Sam 08/20/2009 18:34:10.3.2 - NTFSx86
Running from: C:\Users\Sam\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\Windows\Cursors\aero_link.cur
C:\Windows\Fonts\AcadEref.ttf
C:\WINDOWS\Installer\1977fc.msi
C:\WINDOWS\Installer\b3626.msi
C:\Windows\PGMonitor.exe
C:\Windows\System32\1223.exe
C:\Windows\system32\8888.exe
C:\Windows\system32\acovcnt.exe
C:\Windows\System32\drivers\hpshg.sys
C:\Windows\System32\eOny.dll
C:\Windows\system32\Web.ini
D:\FlySoft
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_uiwjxex
-------\Service_uiwjxex
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 10:59:07 . 2009-08-20 11:06:22 0 d-----w- C:\Users\Sam\AppData\Local\temp
2009-08-20 10:59:07 . 2009-08-20 10:59:07 0 d-----w- C:\Users\Public\AppData\Local\temp
2009-08-20 10:59:07 . 2009-08-20 10:59:07 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-08-19 10:42:00 . 2009-08-19 10:42:13 128921 ----a-w- C:\Windows\system32\cachev.exe
2009-08-18 16:10:28 . 2009-08-18 16:10:28 0 d-----w- C:\Rooter$
2009-08-18 15:56:48 . 2009-08-03 05:36:28 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-08-18 15:56:46 . 2009-08-18 15:56:52 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-18 15:56:46 . 2009-08-03 05:36:06 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-08-18 15:48:41 . 2009-08-19 08:40:09 0 d-----w- C:\Program Files\ERUNT
2009-08-18 15:44:22 . 2009-08-19 05:46:08 0 d-----w- C:\Program Files\NirSoft
2009-08-18 10:57:12 . 2009-08-18 10:57:12 0 d-----w- C:\Program Files\Trend Micro
2009-08-18 00:11:32 . 2007-03-23 11:05:38 29272 ----a-r- C:\Windows\system32\AdobePDF.dll
2009-08-17 03:01:05 . 2009-08-17 03:01:05 0 d-----w- C:\Users\Sam\AppData\Roaming\Kingsoft
2009-08-17 03:01:02 . 2009-04-14 08:38:26 24944 ----a-w- C:\Windows\system32\drivers\BC.sys
2009-08-17 03:01:01 . 2009-04-14 08:38:24 15728 ----a-w- C:\Windows\system32\drivers\bootsafe.sys
2009-08-17 03:00:52 . 2009-08-17 04:21:34 0 d-----w- C:\ProgramData\kingsoft
2009-08-16 14:32:48 . 2009-07-28 08:33:56 55656 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-08-16 14:24:24 . 2009-08-16 14:26:11 0 d-----w- C:\Program Files\Common Files\Nero
2009-08-16 14:20:16 . 2009-08-16 14:20:37 0 d-----w- C:\Program Files\Common Files\DivX Shared
2009-08-16 14:19:07 . 2009-08-16 14:19:07 0 d-----w- C:\Program Files\Common Files\xing shared
2009-08-14 10:55:16 . 2009-08-14 10:55:16 0 d-----w- C:\Users\Sam\AppData\Roaming\Malwarebytes
2009-08-14 10:55:08 . 2009-08-14 10:55:08 0 d-----w- C:\ProgramData\Malwarebytes
2009-08-14 10:35:24 . 2009-08-14 10:35:24 0 d-----w- C:\ProgramData\SUPERAntiSpyware.com
2009-08-12 14:33:48 . 2009-06-04 12:34:04 2066432 ----a-w- C:\Windows\system32\mstscax.dll
2009-08-11 09:57:35 . 2009-08-19 12:46:10 0 d-sha-w- C:\Windows\ljjkky
2009-08-11 04:49:18 . 2009-08-11 04:49:21 0 d-----w- C:\Users\Sam\My BeanFun
2009-08-11 03:20:39 . 2009-08-11 03:20:50 0 d-sha-w- C:\Windows\pddk
2009-08-10 03:45:20 . 2009-08-10 03:45:20 0 d-----w- C:\Users\Sam\AppData\Roaming\Xilisoft Corporation
2009-08-03 13:14:08 . 2009-08-03 13:16:32 0 d-----w- C:\Program Files\QuickTime
2009-08-03 01:29:44 . 2009-08-03 01:29:44 17 --sh--w- C:\Windows\52.vbs
2009-07-31 14:23:21 . 2009-07-31 14:23:21 746760 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-31 10:38:38 . 2009-08-17 02:43:01 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-07-30 11:57:00 . 2009-07-30 11:57:00 0 ----a-w- C:\Windows\nsreg.dat
2009-07-28 16:04:43 . 2009-08-16 14:17:34 0 d-----w- C:\Program Files\SpeedFan
2009-07-28 15:50:32 . 2009-07-28 15:50:51 0 d-----w- C:\Program Files\RivaTuner v2.24
2009-07-28 08:51:07 . 2009-07-28 08:51:07 0 d-----w- C:\Windows\system32\EventProviders
2009-07-28 08:51:05 . 2009-07-28 09:05:25 0 d-----w- C:\3997b1d847cc3e941129
2009-07-27 11:06:13 . 2009-08-20 11:06:22 0 d-----w- C:\Users\Sam\Tracing
2009-07-27 11:03:11 . 2009-07-27 11:03:11 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-07-27 11:00:39 . 2009-07-27 11:00:39 0 d-----w- C:\Program Files\Microsoft
2009-07-27 11:00:13 . 2009-07-27 11:00:13 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-07-27 10:53:18 . 2009-07-27 10:53:18 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-07-25 06:31:23 . 2009-07-25 06:31:23 0 d-----w- C:\ProgramData\NexonTW
2009-07-25 06:29:08 . 2009-08-13 15:54:08 0 d-----w- C:\Users\Sam\AppData\Local\CSO
2009-07-22 15:05:31 . 2009-03-19 08:32:48 23400 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2009-07-22 15:05:31 . 2008-04-17 04:12:54 107368 ----a-w- C:\Windows\system32\GEARAspi.dll
2009-07-22 15:05:12 . 2009-07-22 15:05:12 0 d-----w- C:\Program Files\iPod
2009-07-22 15:04:49 . 2009-07-22 15:05:30 0 d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-22 14:39:44 . 2009-08-06 15:34:12 0 d-----w- C:\redsn0w-win_0.8
2009-07-22 03:12:32 . 2009-07-22 03:12:32 0 --sh--w- C:\Windows\system32\555.vbs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 11:06:09 . 2008-06-20 10:09:09 137712 ----a-w- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 09:16:35 . 2007-04-24 16:12:14 12 ----a-w- C:\Windows\bthservsdp.dat
2009-08-19 12:10:18 . 2007-04-24 17:04:24 666962 ----a-w- C:\Windows\system32\perfh00C.dat
2009-08-19 12:10:18 . 2007-04-24 17:04:24 119086 ----a-w- C:\Windows\system32\perfc00C.dat
2009-08-18 12:54:34 . 2009-04-22 06:53:33 0 d-----w- C:\Program Files\Cheat Engine
2009-08-18 12:08:56 . 2009-06-30 16:26:07 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-18 09:13:36 . 2008-08-14 06:52:33 0 d-----w- C:\Users\Sam\AppData\Roaming\Spider Player
2009-08-18 07:48:59 . 2009-07-12 10:48:26 0 d-----w- C:\Program Files\Spider Player
2009-08-17 04:55:01 . 2008-06-23 10:01:33 0 d-----w- C:\Program Files\Windows Live
2009-08-17 02:42:27 . 2008-06-20 10:07:06 0 d-----w- C:\ProgramData\Nero
2009-08-16 14:25:34 . 2008-06-20 10:07:06 0 d-----w- C:\Program Files\Nero
2009-08-16 14:21:08 . 2008-11-03 20:58:40 0 d-----w- C:\Program Files\DivX
2009-08-16 14:19:00 . 2008-06-26 08:39:38 0 d-----w- C:\Program Files\Common Files\Real
2009-08-16 12:22:58 . 2009-06-27 06:06:15 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-08-13 10:20:21 . 2008-09-19 14:50:54 0 d-----w- C:\Program Files\Opera
2009-08-12 15:36:31 . 2009-01-13 07:43:23 5 ----a-w- C:\Windows\system32\SySMP3CutJoin.dat
2009-08-12 14:39:01 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-08-11 17:45:55 . 2009-07-13 02:51:26 5284 ----a-w- C:\Windows\system32\cid_store.dat
2009-08-11 17:45:44 . 2009-07-13 02:51:24 26 ----a-w- C:\Windows\system32\xlhcc.dat
2009-08-04 10:06:17 . 2009-07-11 11:24:44 0 d-----w- C:\Program Files\iPhoneBrowser
2009-08-01 06:30:33 . 2009-07-11 11:33:14 0 d-----w- C:\Program Files\Xilisoft
2009-07-31 11:16:08 . 2008-06-30 07:26:17 0 d-----w- C:\Program Files\Java
2009-07-31 11:03:19 . 2009-06-27 06:36:30 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-28 16:35:05 . 2008-03-10 13:57:03 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-22 15:05:30 . 2008-12-03 04:36:41 0 d-----w- C:\Program Files\iTunes
2009-07-22 15:05:12 . 2008-07-18 06:19:51 0 d-----w- C:\Program Files\Common Files\Apple
2009-07-22 14:56:38 . 2008-06-29 00:15:53 0 d-----w- C:\ProgramData\Apple
2009-07-21 21:52:28 . 2009-07-29 04:45:20 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-07-21 21:47:28 . 2009-07-29 04:45:20 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-07-21 21:47:27 . 2009-07-29 04:45:19 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-21 20:13:58 . 2009-07-29 04:45:20 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-20 11:58:54 . 2009-07-20 11:50:43 0 d-----w- C:\ProgramData\Grid
2009-07-17 14:35:11 . 2009-08-12 14:35:33 71680 ----a-w- C:\Windows\system32\atl.dll
2009-07-16 03:05:49 . 2009-07-16 03:05:47 0 d-----w- C:\Users\Sam\AppData\Roaming\FUPPES
2009-07-16 03:05:47 . 2009-06-23 11:33:29 0 d-----w- C:\Program Files\Common Files\Steam
2009-07-16 03:05:17 . 2009-07-16 03:05:15 0 d-----w- C:\Program Files\Free UPnP Entertainment Service
2009-07-15 11:43:32 . 2009-07-15 11:43:32 0 d-----w- C:\Users\Sam\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-07-14 13:00:17 . 2009-08-12 14:35:17 313344 ----a-w- C:\Windows\system32\wmpdxm.dll
2009-07-14 12:59:28 . 2009-08-12 14:35:15 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-07-14 12:58:44 . 2009-08-12 14:35:16 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-07-14 10:59:56 . 2009-08-12 14:35:15 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-07-14 03:47:25 . 2009-07-14 03:34:46 0 d-----w- C:\ProgramData\NOS
2009-07-14 03:47:23 . 2009-07-14 03:34:46 0 d-----w- C:\Program Files\NOS
2009-07-13 06:22:08 . 2009-07-13 06:22:08 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-12 10:43:50 . 2009-03-06 07:38:59 0 d-----w- C:\Users\Sam\AppData\Roaming\BeoMediaDatabase
2009-07-12 05:17:58 . 2009-07-12 05:17:58 29926 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-07-12 05:17:58 . 2009-07-12 05:17:58 29422 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-07-12 04:19:19 . 2008-06-26 09:02:47 0 d-----w- C:\ProgramData\FLEXnet
2009-07-12 04:19:19 . 2008-03-10 14:27:29 0 d-----w- C:\Program Files\P4G
2009-07-12 04:19:19 . 2008-03-10 14:15:05 0 d-----w- C:\Program Files\Atheros
2009-07-12 04:19:19 . 2008-03-10 14:14:04 0 d-----w- C:\Program Files\Motorola
2009-07-11 11:24:45 . 2009-07-11 11:24:45 25214 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
2009-07-11 11:24:45 . 2009-07-11 11:24:45 10398 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
2009-07-09 06:32:39 . 2009-07-02 06:12:22 25440 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 06:32:39 . 2009-07-02 06:11:52 1630560 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 06:32:37 . 2009-07-02 06:11:40 2353480 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 04:16:16 . 2009-07-09 04:16:16 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2009-07-09 04:16:16 . 2009-07-09 04:16:16 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll
2009-07-02 06:12:29 . 2009-07-02 06:06:46 0 d-----w- C:\ProgramData\Lavasoft
2009-07-02 06:12:24 . 2009-07-02 06:12:24 314712 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-02 06:12:21 . 2009-07-02 06:20:36 15688 ----a-w- C:\Windows\system32\lsdelete.exe
2009-07-02 06:12:21 . 2009-07-02 06:12:21 15688 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-02 06:12:20 . 2009-07-02 06:12:20 169312 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-02 06:12:19 . 2009-07-02 06:12:19 348496 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-02 06:12:17 . 2009-07-02 06:12:17 298336 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-02 06:12:15 . 2009-07-02 06:12:15 84832 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-02 06:11:48 . 2009-07-02 06:11:48 246128 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-02 06:11:47 . 2009-07-02 06:11:47 40288 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-02 06:11:46 . 2009-07-02 06:12:31 64160 ----a-w- C:\Windows\system32\drivers\Lbd.sys
2009-07-02 06:11:46 . 2009-07-02 06:11:46 64160 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-02 06:11:45 . 2009-07-02 06:11:45 85352 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-02 06:11:45 . 2009-07-02 06:11:45 664424 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-02 06:11:43 . 2009-07-02 06:11:43 563064 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-02 06:11:42 . 2009-07-02 06:11:42 566632 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-02 06:11:38 . 2009-07-02 06:11:38 629072 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-02 06:11:36 . 2009-07-02 06:11:36 520024 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-02 06:11:35 . 2009-07-02 06:11:35 1029456 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-02 06:07:39 . 2009-07-02 06:07:02 0 dc-h--w- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-02 06:06:46 . 2009-07-02 06:06:46 0 d-----w- C:\Program Files\Lavasoft
2009-07-02 05:49:17 . 2009-04-23 03:17:05 0 d-----w- C:\Program Files\Winferno
2009-06-30 16:27:29 . 2009-06-30 16:26:53 0 d-----w- C:\Program Files\AGEIA Technologies
2009-06-30 09:26:52 . 2009-01-02 05:44:37 0 d-----w- C:\Users\Sam\AppData\Roaming\Media Player Classic
2009-06-30 09:26:08 . 2009-06-30 09:26:04 0 d-----w- C:\Program Files\Combined Community Codec Pack
2009-06-27 06:02:28 . 2009-06-27 06:02:28 0 d-----w- C:\Program Files\CCleaner
2009-06-23 12:11:00 . 2009-06-23 11:40:34 0 d-----w- C:\ProgramData\PopCap Games
2009-06-23 11:40:44 . 2009-06-23 11:40:44 0 d-----w- C:\ProgramData\Steam
2009-06-15 18:20:59 . 2009-08-12 14:35:08 439896 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2009-06-15 15:24:38 . 2009-08-12 14:35:09 175104 ----a-w- C:\Windows\system32\wdigest.dll
2009-06-15 15:24:24 . 2009-07-15 03:02:58 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-06-15 15:24:05 . 2009-08-12 14:35:06 72704 ----a-w- C:\Windows\system32\secur32.dll
2009-06-15 15:24:02 . 2009-08-12 14:35:08 270848 ----a-w- C:\Windows\system32\schannel.dll
2009-06-15 15:23:47 . 2009-08-12 14:35:09 1256448 ----a-w- C:\Windows\system32\lsasrv.dll
2009-06-15 15:22:19 . 2009-08-12 14:35:09 213504 ----a-w- C:\Windows\system32\msv1_0.dll
2009-06-15 15:21:07 . 2009-08-12 14:35:09 499712 ----a-w- C:\Windows\system32\kerberos.dll
2009-06-15 15:20:27 . 2009-07-15 03:02:58 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-06-15 15:20:00 . 2009-07-15 03:02:58 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-06-15 12:57:59 . 2009-08-12 14:35:06 9728 ----a-w- C:\Windows\system32\lsass.exe
2009-06-15 12:52:13 . 2009-07-15 03:02:58 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-06-10 12:12:29 . 2009-08-12 14:35:49 160256 ----a-w- C:\Windows\system32\wkssvc.dll
2009-06-10 12:07:30 . 2009-08-12 14:35:03 91136 ----a-w- C:\Windows\system32\avifil32.dll
2008-08-26 00:25:32 . 2008-10-03 07:30:42 36864 ----a-w- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
2008-08-26 00:25:32 . 2008-10-03 07:30:42 53248 ----a-w- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_06.25.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-24 16:36:16 . 2009-08-20 10:03:55 64102 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-04-24 16:36:16 . 2009-08-19 15:19:45 64102 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2009-08-20 11:07:34 75862 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-20 10:07:07 . 2009-08-20 11:07:34 16232 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2632478683-2336278539-364213959-1000_UserData.bin
- 2008-06-20 10:03:47 . 2009-08-19 15:41:45 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 10:03:47 . 2009-08-20 10:59:28 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 10:03:46 . 2009-08-20 10:59:28 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 10:03:46 . 2009-08-19 15:41:45 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 10:03:47 . 2009-08-19 15:41:45 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-20 10:03:47 . 2009-08-20 10:59:28 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-20 06:43:00 . 2005-10-20 04:02:28 163328 C:\Windows\ERDNT\AutoBackup\20-8-2009\ERDNT.EXE
+ 2009-08-20 06:42:54 . 2009-08-20 06:42:55 2260992 C:\Windows\ERDNT\AutoBackup\20-8-2009\Users\00000002\UsrClass.dat
+ 2009-08-20 06:42:51 . 2009-08-20 06:42:53 3825664 C:\Windows\ERDNT\AutoBackup\20-8-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08:18 143360 ----a-w- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:33:30 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 10:53:50 3885408]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 05:37:18 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 21:24:25 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 15:27:32 61440]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-10 14:29:13 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-10 14:29:23 33136]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-23 02:17:16 66400]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-23 02:17:14 98656]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-07 08:25:13 4853760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 09:45:00 8704]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"36tray"="C:\WINDOWS\pddk\sv.vbs" [2009-07-29 03:37:10 131]
"360tray"="C:\WINDOWS\ljjkky\spoolsv.vbs" [2009-08-16 02:41:45 134]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2632478683-2336278539-364213959-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C1F2567E-0DC2-400B-B1B8-FAD0A3CB90B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{13859E46-BF64-4DA6-BAEF-6E1FEE8C9A18}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B2437A89-DF29-4237-AE1D-2C4E0B7B8B16}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\jre\bin\expeditorw.exe:Lotus Expeditor
"UDP Query User{FA1633D4-1211-4D8E-B9FC-0BF6E71C002D}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\jre\bin\expeditorw.exe:Lotus Expeditor
"TCP Query User{AC5C99B8-CD7C-4941-86EF-C1D57EF4F651}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2371B402-B0AC-4500-941A-32F1F220E397}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{78228B39-53B6-4549-8C7D-54C8AD0C6F5E}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{8ABD5FD2-4897-493C-99C9-095691512D0B}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"{CC8DC5B1-B381-4E23-B7EE-8959F73C7AA7}"= Disabled:UDP:C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"{A56E96A3-5163-417C-BC23-0517DB26DC36}"= Disabled:TCP:C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"TCP Query User{F1BCBBBB-2B45-456C-9C06-49143D520A73}C:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= UDP:C:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"UDP Query User{3BCAD1B3-0FF6-4C18-94FE-265F282B1F74}C:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= TCP:C:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"TCP Query User{E6876C1D-35B6-4214-BB7B-92207AACB6A2}D:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= UDP:D:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2
"UDP Query User{1A5BC6AF-1821-4F8D-A0E5-1BEE09D118EA}D:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= TCP:D:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2
"TCP Query User{DBEC687F-D90A-4646-B3CF-BF4E8E1BD95C}C:\\program files\\cidero\\mediacontroller.exe"= UDP:C:\program files\cidero\mediacontroller.exe:MediaController
"UDP Query User{28FCFC90-012A-43DE-80F4-1A6788B72C92}C:\\program files\\cidero\\mediacontroller.exe"= TCP:C:\program files\cidero\mediacontroller.exe:MediaController
"TCP Query User{9839B968-5616-4392-8AEE-1F56478BA76A}C:\\program files\\cidero\\radioserverproxy.exe"= UDP:C:\program files\cidero\radioserverproxy.exe:RadioServerProxy
"UDP Query User{7C731A20-F578-41A5-87EA-345A6F58BD5D}C:\\program files\\cidero\\radioserverproxy.exe"= TCP:C:\program files\cidero\radioserverproxy.exe:RadioServerProxy
"TCP Query User{16335B9E-BCA8-4B7E-976B-B74469066DE1}C:\\program files\\free upnp entertainment service\\fuppes.exe"= UDP:C:\program files\free upnp entertainment service\fuppes.exe:A free UPnP A/V Media Server
"UDP Query User{D15B7742-7A02-4298-8BBF-1A1EAA3DCA55}C:\\program files\\free upnp entertainment service\\fuppes.exe"= TCP:C:\program files\free upnp entertainment service\fuppes.exe:A free UPnP A/V Media Server
"{E7888AE1-2D45-42E7-AAC8-ED26EED50631}"= UDP:C:\Program Files\GridService\peer.exe:muse peer
"{3451325E-9B45-4A56-995D-801B0D737F8B}"= TCP:C:\Program Files\GridService\peer.exe:muse peer
"{7EF6C3A0-D922-44E9-AE24-F4D410A132B4}"= UDP:D:\Program Files\Gamania\Counter-Strike Online\Bin\cstrike-online.exe:Counter-Strike Online
"{737C4D37-9A19-4F8B-AD42-5E72768A97E2}"= TCP:D:\Program Files\Gamania\Counter-Strike Online\Bin\cstrike-online.exe:Counter-Strike Online
"{1C32754A-890F-483C-B7AB-689678F42BED}"= UDP:D:\Program Files\Gamania\Counter-Strike Online\Bin\NMService.exe:Nexon Messenger Core
"{BF4A1CD2-7258-49CC-AC88-1F7B53FF03BB}"= TCP:D:\Program Files\Gamania\Counter-Strike Online\Bin\NMService.exe:Nexon Messenger Core
"TCP Query User{9B8B6091-5141-45AE-A271-224FFC295A17}D:\\program files\\sd gundam online\\gonline.exe"= UDP:D:\program files\sd gundam online\gonline.exe:GOnline
"UDP Query User{72A6B74F-3FD8-4F94-8591-FFAE88179776}D:\\program files\\sd gundam online\\gonline.exe"= TCP:D:\program files\sd gundam online\gonline.exe:GOnline
"{67B37B6F-3946-4CA5-BA0A-CB9809211BF8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7C79F7BB-72C1-4416-B2F7-6878B0ED32C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{29F6F7DD-1509-4546-9A4A-3BD40119551E}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{1CBBE1F8-4366-45FC-BB00-0D399DC6F1E0}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"TCP Query User{AC0884A0-37E9-46C5-AD16-D1D57E04E63D}D:\\program files\\gamania\\counter-strike online\\bin\\csolauncher.exe"= UDP:D:\program files\gamania\counter-strike online\bin\csolauncher.exe:CSOLauncher
"UDP Query User{8E0577B7-35F3-41E1-8A52-8A7B19845041}D:\\program files\\gamania\\counter-strike online\\bin\\csolauncher.exe"= TCP:D:\program files\gamania\counter-strike online\bin\csolauncher.exe:CSOLauncher
"{E1BF38C5-D190-4115-BD1E-E38DC38B97CC}"= UDP:C:\Users\Sam\AppData\Local\Temp\dubainstaller\miniinstaller.exe:Kingsoft Miniinstaller
"{D21B611D-559D-400C-A136-8D706DB13B08}"= TCP:C:\Users\Sam\AppData\Local\Temp\dubainstaller\miniinstaller.exe:Kingsoft Miniinstaller
"{C98F9EF5-2727-4EC9-875B-F28B17E2B16A}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
R0 BC;BC;C:\Windows\System32\drivers\BC.sys [17/8/2009 上午 11:01:02 24944]
R0 bootsafe;bootsafe;C:\Windows\System32\drivers\bootsafe.sys [17/8/2009 上午 11:01:01 15728]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2/7/2009 下午 2:12:31 64160]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSGB6.sys [20/6/2007 上午 11:12:17 47616]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [10/3/2009 上午 3:06:55 1029456]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-13 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06:56 . 2009-07-02 06:11:42]
.
.
------- Supplementary Scan -------
.
uStart Page = www.9348.cn/?205466
mStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = local
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\le1s1j0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.hk/webhp?rls=ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Opera\program\plugins\npdivx32.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
chm.file=c:\windows\hh.exe %1
.
Running from: C:\Users\Sam\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\Windows\Cursors\aero_link.cur
C:\Windows\Fonts\AcadEref.ttf
C:\WINDOWS\Installer\1977fc.msi
C:\WINDOWS\Installer\b3626.msi
C:\Windows\PGMonitor.exe
C:\Windows\System32\1223.exe
C:\Windows\system32\8888.exe
C:\Windows\system32\acovcnt.exe
C:\Windows\System32\drivers\hpshg.sys
C:\Windows\System32\eOny.dll
C:\Windows\system32\Web.ini
D:\FlySoft
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_uiwjxex
-------\Service_uiwjxex
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 10:59:07 . 2009-08-20 11:06:22 0 d-----w- C:\Users\Sam\AppData\Local\temp
2009-08-20 10:59:07 . 2009-08-20 10:59:07 0 d-----w- C:\Users\Public\AppData\Local\temp
2009-08-20 10:59:07 . 2009-08-20 10:59:07 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-08-19 10:42:00 . 2009-08-19 10:42:13 128921 ----a-w- C:\Windows\system32\cachev.exe
2009-08-18 16:10:28 . 2009-08-18 16:10:28 0 d-----w- C:\Rooter$
2009-08-18 15:56:48 . 2009-08-03 05:36:28 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-08-18 15:56:46 . 2009-08-18 15:56:52 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-18 15:56:46 . 2009-08-03 05:36:06 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-08-18 15:48:41 . 2009-08-19 08:40:09 0 d-----w- C:\Program Files\ERUNT
2009-08-18 15:44:22 . 2009-08-19 05:46:08 0 d-----w- C:\Program Files\NirSoft
2009-08-18 10:57:12 . 2009-08-18 10:57:12 0 d-----w- C:\Program Files\Trend Micro
2009-08-18 00:11:32 . 2007-03-23 11:05:38 29272 ----a-r- C:\Windows\system32\AdobePDF.dll
2009-08-17 03:01:05 . 2009-08-17 03:01:05 0 d-----w- C:\Users\Sam\AppData\Roaming\Kingsoft
2009-08-17 03:01:02 . 2009-04-14 08:38:26 24944 ----a-w- C:\Windows\system32\drivers\BC.sys
2009-08-17 03:01:01 . 2009-04-14 08:38:24 15728 ----a-w- C:\Windows\system32\drivers\bootsafe.sys
2009-08-17 03:00:52 . 2009-08-17 04:21:34 0 d-----w- C:\ProgramData\kingsoft
2009-08-16 14:32:48 . 2009-07-28 08:33:56 55656 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-08-16 14:24:24 . 2009-08-16 14:26:11 0 d-----w- C:\Program Files\Common Files\Nero
2009-08-16 14:20:16 . 2009-08-16 14:20:37 0 d-----w- C:\Program Files\Common Files\DivX Shared
2009-08-16 14:19:07 . 2009-08-16 14:19:07 0 d-----w- C:\Program Files\Common Files\xing shared
2009-08-14 10:55:16 . 2009-08-14 10:55:16 0 d-----w- C:\Users\Sam\AppData\Roaming\Malwarebytes
2009-08-14 10:55:08 . 2009-08-14 10:55:08 0 d-----w- C:\ProgramData\Malwarebytes
2009-08-14 10:35:24 . 2009-08-14 10:35:24 0 d-----w- C:\ProgramData\SUPERAntiSpyware.com
2009-08-12 14:33:48 . 2009-06-04 12:34:04 2066432 ----a-w- C:\Windows\system32\mstscax.dll
2009-08-11 09:57:35 . 2009-08-19 12:46:10 0 d-sha-w- C:\Windows\ljjkky
2009-08-11 04:49:18 . 2009-08-11 04:49:21 0 d-----w- C:\Users\Sam\My BeanFun
2009-08-11 03:20:39 . 2009-08-11 03:20:50 0 d-sha-w- C:\Windows\pddk
2009-08-10 03:45:20 . 2009-08-10 03:45:20 0 d-----w- C:\Users\Sam\AppData\Roaming\Xilisoft Corporation
2009-08-03 13:14:08 . 2009-08-03 13:16:32 0 d-----w- C:\Program Files\QuickTime
2009-08-03 01:29:44 . 2009-08-03 01:29:44 17 --sh--w- C:\Windows\52.vbs
2009-07-31 14:23:21 . 2009-07-31 14:23:21 746760 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-07-31 10:38:38 . 2009-08-17 02:43:01 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-07-30 11:57:00 . 2009-07-30 11:57:00 0 ----a-w- C:\Windows\nsreg.dat
2009-07-28 16:04:43 . 2009-08-16 14:17:34 0 d-----w- C:\Program Files\SpeedFan
2009-07-28 15:50:32 . 2009-07-28 15:50:51 0 d-----w- C:\Program Files\RivaTuner v2.24
2009-07-28 08:51:07 . 2009-07-28 08:51:07 0 d-----w- C:\Windows\system32\EventProviders
2009-07-28 08:51:05 . 2009-07-28 09:05:25 0 d-----w- C:\3997b1d847cc3e941129
2009-07-27 11:06:13 . 2009-08-20 11:06:22 0 d-----w- C:\Users\Sam\Tracing
2009-07-27 11:03:11 . 2009-07-27 11:03:11 0 d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-07-27 11:00:39 . 2009-07-27 11:00:39 0 d-----w- C:\Program Files\Microsoft
2009-07-27 11:00:13 . 2009-07-27 11:00:13 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-07-27 10:53:18 . 2009-07-27 10:53:18 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-07-25 06:31:23 . 2009-07-25 06:31:23 0 d-----w- C:\ProgramData\NexonTW
2009-07-25 06:29:08 . 2009-08-13 15:54:08 0 d-----w- C:\Users\Sam\AppData\Local\CSO
2009-07-22 15:05:31 . 2009-03-19 08:32:48 23400 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2009-07-22 15:05:31 . 2008-04-17 04:12:54 107368 ----a-w- C:\Windows\system32\GEARAspi.dll
2009-07-22 15:05:12 . 2009-07-22 15:05:12 0 d-----w- C:\Program Files\iPod
2009-07-22 15:04:49 . 2009-07-22 15:05:30 0 d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-22 14:39:44 . 2009-08-06 15:34:12 0 d-----w- C:\redsn0w-win_0.8
2009-07-22 03:12:32 . 2009-07-22 03:12:32 0 --sh--w- C:\Windows\system32\555.vbs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 11:06:09 . 2008-06-20 10:09:09 137712 ----a-w- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 09:16:35 . 2007-04-24 16:12:14 12 ----a-w- C:\Windows\bthservsdp.dat
2009-08-19 12:10:18 . 2007-04-24 17:04:24 666962 ----a-w- C:\Windows\system32\perfh00C.dat
2009-08-19 12:10:18 . 2007-04-24 17:04:24 119086 ----a-w- C:\Windows\system32\perfc00C.dat
2009-08-18 12:54:34 . 2009-04-22 06:53:33 0 d-----w- C:\Program Files\Cheat Engine
2009-08-18 12:08:56 . 2009-06-30 16:26:07 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-18 09:13:36 . 2008-08-14 06:52:33 0 d-----w- C:\Users\Sam\AppData\Roaming\Spider Player
2009-08-18 07:48:59 . 2009-07-12 10:48:26 0 d-----w- C:\Program Files\Spider Player
2009-08-17 04:55:01 . 2008-06-23 10:01:33 0 d-----w- C:\Program Files\Windows Live
2009-08-17 02:42:27 . 2008-06-20 10:07:06 0 d-----w- C:\ProgramData\Nero
2009-08-16 14:25:34 . 2008-06-20 10:07:06 0 d-----w- C:\Program Files\Nero
2009-08-16 14:21:08 . 2008-11-03 20:58:40 0 d-----w- C:\Program Files\DivX
2009-08-16 14:19:00 . 2008-06-26 08:39:38 0 d-----w- C:\Program Files\Common Files\Real
2009-08-16 12:22:58 . 2009-06-27 06:06:15 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-08-13 10:20:21 . 2008-09-19 14:50:54 0 d-----w- C:\Program Files\Opera
2009-08-12 15:36:31 . 2009-01-13 07:43:23 5 ----a-w- C:\Windows\system32\SySMP3CutJoin.dat
2009-08-12 14:39:01 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-08-11 17:45:55 . 2009-07-13 02:51:26 5284 ----a-w- C:\Windows\system32\cid_store.dat
2009-08-11 17:45:44 . 2009-07-13 02:51:24 26 ----a-w- C:\Windows\system32\xlhcc.dat
2009-08-04 10:06:17 . 2009-07-11 11:24:44 0 d-----w- C:\Program Files\iPhoneBrowser
2009-08-01 06:30:33 . 2009-07-11 11:33:14 0 d-----w- C:\Program Files\Xilisoft
2009-07-31 11:16:08 . 2008-06-30 07:26:17 0 d-----w- C:\Program Files\Java
2009-07-31 11:03:19 . 2009-06-27 06:36:30 0 d-----w- C:\Program Files\Microsoft Silverlight
2009-07-28 16:35:05 . 2008-03-10 13:57:03 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-22 15:05:30 . 2008-12-03 04:36:41 0 d-----w- C:\Program Files\iTunes
2009-07-22 15:05:12 . 2008-07-18 06:19:51 0 d-----w- C:\Program Files\Common Files\Apple
2009-07-22 14:56:38 . 2008-06-29 00:15:53 0 d-----w- C:\ProgramData\Apple
2009-07-21 21:52:28 . 2009-07-29 04:45:20 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-07-21 21:47:28 . 2009-07-29 04:45:20 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-07-21 21:47:27 . 2009-07-29 04:45:19 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-21 20:13:58 . 2009-07-29 04:45:20 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-20 11:58:54 . 2009-07-20 11:50:43 0 d-----w- C:\ProgramData\Grid
2009-07-17 14:35:11 . 2009-08-12 14:35:33 71680 ----a-w- C:\Windows\system32\atl.dll
2009-07-16 03:05:49 . 2009-07-16 03:05:47 0 d-----w- C:\Users\Sam\AppData\Roaming\FUPPES
2009-07-16 03:05:47 . 2009-06-23 11:33:29 0 d-----w- C:\Program Files\Common Files\Steam
2009-07-16 03:05:17 . 2009-07-16 03:05:15 0 d-----w- C:\Program Files\Free UPnP Entertainment Service
2009-07-15 11:43:32 . 2009-07-15 11:43:32 0 d-----w- C:\Users\Sam\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-07-14 13:00:17 . 2009-08-12 14:35:17 313344 ----a-w- C:\Windows\system32\wmpdxm.dll
2009-07-14 12:59:28 . 2009-08-12 14:35:15 4096 ----a-w- C:\Windows\system32\dxmasf.dll
2009-07-14 12:58:44 . 2009-08-12 14:35:16 7680 ----a-w- C:\Windows\system32\spwmp.dll
2009-07-14 10:59:56 . 2009-08-12 14:35:15 8147456 ----a-w- C:\Windows\system32\wmploc.DLL
2009-07-14 03:47:25 . 2009-07-14 03:34:46 0 d-----w- C:\ProgramData\NOS
2009-07-14 03:47:23 . 2009-07-14 03:34:46 0 d-----w- C:\Program Files\NOS
2009-07-13 06:22:08 . 2009-07-13 06:22:08 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-12 10:43:50 . 2009-03-06 07:38:59 0 d-----w- C:\Users\Sam\AppData\Roaming\BeoMediaDatabase
2009-07-12 05:17:58 . 2009-07-12 05:17:58 29926 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-07-12 05:17:58 . 2009-07-12 05:17:58 29422 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-07-12 04:19:19 . 2008-06-26 09:02:47 0 d-----w- C:\ProgramData\FLEXnet
2009-07-12 04:19:19 . 2008-03-10 14:27:29 0 d-----w- C:\Program Files\P4G
2009-07-12 04:19:19 . 2008-03-10 14:15:05 0 d-----w- C:\Program Files\Atheros
2009-07-12 04:19:19 . 2008-03-10 14:14:04 0 d-----w- C:\Program Files\Motorola
2009-07-11 11:24:45 . 2009-07-11 11:24:45 25214 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_29D232B856F0A1CBA486B8.exe
2009-07-11 11:24:45 . 2009-07-11 11:24:45 10398 ----a-r- C:\Users\Sam\AppData\Roaming\Microsoft\Installer\{495B6040-801F-474C-ADB8-309F132CF5F9}\_3324690356DD71877A1B6A.exe
2009-07-09 06:32:39 . 2009-07-02 06:12:22 25440 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 06:32:39 . 2009-07-02 06:11:52 1630560 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 06:32:37 . 2009-07-02 06:11:40 2353480 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 04:16:16 . 2009-07-09 04:16:16 39424 ----a-w- C:\Windows\system32\drivers\usbaapl.sys
2009-07-09 04:16:16 . 2009-07-09 04:16:16 2060288 ----a-w- C:\Windows\system32\usbaaplrc.dll
2009-07-02 06:12:29 . 2009-07-02 06:06:46 0 d-----w- C:\ProgramData\Lavasoft
2009-07-02 06:12:24 . 2009-07-02 06:12:24 314712 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-02 06:12:21 . 2009-07-02 06:20:36 15688 ----a-w- C:\Windows\system32\lsdelete.exe
2009-07-02 06:12:21 . 2009-07-02 06:12:21 15688 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-02 06:12:20 . 2009-07-02 06:12:20 169312 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-02 06:12:19 . 2009-07-02 06:12:19 348496 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-02 06:12:17 . 2009-07-02 06:12:17 298336 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-02 06:12:15 . 2009-07-02 06:12:15 84832 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-02 06:11:48 . 2009-07-02 06:11:48 246128 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-02 06:11:47 . 2009-07-02 06:11:47 40288 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-02 06:11:46 . 2009-07-02 06:12:31 64160 ----a-w- C:\Windows\system32\drivers\Lbd.sys
2009-07-02 06:11:46 . 2009-07-02 06:11:46 64160 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-02 06:11:45 . 2009-07-02 06:11:45 85352 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-02 06:11:45 . 2009-07-02 06:11:45 664424 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-02 06:11:43 . 2009-07-02 06:11:43 563064 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-02 06:11:42 . 2009-07-02 06:11:42 566632 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-02 06:11:38 . 2009-07-02 06:11:38 629072 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-02 06:11:36 . 2009-07-02 06:11:36 520024 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-02 06:11:35 . 2009-07-02 06:11:35 1029456 ----a-w- C:\ProgramData\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-02 06:07:39 . 2009-07-02 06:07:02 0 dc-h--w- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-02 06:06:46 . 2009-07-02 06:06:46 0 d-----w- C:\Program Files\Lavasoft
2009-07-02 05:49:17 . 2009-04-23 03:17:05 0 d-----w- C:\Program Files\Winferno
2009-06-30 16:27:29 . 2009-06-30 16:26:53 0 d-----w- C:\Program Files\AGEIA Technologies
2009-06-30 09:26:52 . 2009-01-02 05:44:37 0 d-----w- C:\Users\Sam\AppData\Roaming\Media Player Classic
2009-06-30 09:26:08 . 2009-06-30 09:26:04 0 d-----w- C:\Program Files\Combined Community Codec Pack
2009-06-27 06:02:28 . 2009-06-27 06:02:28 0 d-----w- C:\Program Files\CCleaner
2009-06-23 12:11:00 . 2009-06-23 11:40:34 0 d-----w- C:\ProgramData\PopCap Games
2009-06-23 11:40:44 . 2009-06-23 11:40:44 0 d-----w- C:\ProgramData\Steam
2009-06-15 18:20:59 . 2009-08-12 14:35:08 439896 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2009-06-15 15:24:38 . 2009-08-12 14:35:09 175104 ----a-w- C:\Windows\system32\wdigest.dll
2009-06-15 15:24:24 . 2009-07-15 03:02:58 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-06-15 15:24:05 . 2009-08-12 14:35:06 72704 ----a-w- C:\Windows\system32\secur32.dll
2009-06-15 15:24:02 . 2009-08-12 14:35:08 270848 ----a-w- C:\Windows\system32\schannel.dll
2009-06-15 15:23:47 . 2009-08-12 14:35:09 1256448 ----a-w- C:\Windows\system32\lsasrv.dll
2009-06-15 15:22:19 . 2009-08-12 14:35:09 213504 ----a-w- C:\Windows\system32\msv1_0.dll
2009-06-15 15:21:07 . 2009-08-12 14:35:09 499712 ----a-w- C:\Windows\system32\kerberos.dll
2009-06-15 15:20:27 . 2009-07-15 03:02:58 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-06-15 15:20:00 . 2009-07-15 03:02:58 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-06-15 12:57:59 . 2009-08-12 14:35:06 9728 ----a-w- C:\Windows\system32\lsass.exe
2009-06-15 12:52:13 . 2009-07-15 03:02:58 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-06-10 12:12:29 . 2009-08-12 14:35:49 160256 ----a-w- C:\Windows\system32\wkssvc.dll
2009-06-10 12:07:30 . 2009-08-12 14:35:03 91136 ----a-w- C:\Windows\system32\avifil32.dll
2008-08-26 00:25:32 . 2008-10-03 07:30:42 36864 ----a-w- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
2008-08-26 00:25:32 . 2008-10-03 07:30:42 53248 ----a-w- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_06.25.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-24 16:36:16 . 2009-08-20 10:03:55 64102 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2007-04-24 16:36:16 . 2009-08-19 15:19:45 64102 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2009-08-20 11:07:34 75862 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-20 10:07:07 . 2009-08-20 11:07:34 16232 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2632478683-2336278539-364213959-1000_UserData.bin
- 2008-06-20 10:03:47 . 2009-08-19 15:41:45 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 10:03:47 . 2009-08-20 10:59:28 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 10:03:46 . 2009-08-20 10:59:28 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 10:03:46 . 2009-08-19 15:41:45 32768 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 10:03:47 . 2009-08-19 15:41:45 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-20 10:03:47 . 2009-08-20 10:59:28 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-20 06:43:00 . 2005-10-20 04:02:28 163328 C:\Windows\ERDNT\AutoBackup\20-8-2009\ERDNT.EXE
+ 2009-08-20 06:42:54 . 2009-08-20 06:42:55 2260992 C:\Windows\ERDNT\AutoBackup\20-8-2009\Users\00000002\UsrClass.dat
+ 2009-08-20 06:42:51 . 2009-08-20 06:42:53 3825664 C:\Windows\ERDNT\AutoBackup\20-8-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08:18 143360 ----a-w- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 07:33:30 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 10:53:50 3885408]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-09-03 05:37:18 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 21:24:25 857648]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 15:27:32 61440]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-03-10 14:29:13 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-03-10 14:29:23 33136]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-23 02:17:16 66400]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-23 02:17:14 98656]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-01-07 08:25:13 4853760]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 09:45:00 8704]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"36tray"="C:\WINDOWS\pddk\sv.vbs" [2009-07-29 03:37:10 131]
"360tray"="C:\WINDOWS\ljjkky\spoolsv.vbs" [2009-08-16 02:41:45 134]
C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2632478683-2336278539-364213959-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C1F2567E-0DC2-400B-B1B8-FAD0A3CB90B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{13859E46-BF64-4DA6-BAEF-6E1FEE8C9A18}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B2437A89-DF29-4237-AE1D-2C4E0B7B8B16}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\\jre\\bin\\expeditorw.exe"= UDP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\jre\bin\expeditorw.exe:Lotus Expeditor
"UDP Query User{FA1633D4-1211-4D8E-B9FC-0BF6E71C002D}C:\\program files\\ibm\\lotus\\symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\\jre\\bin\\expeditorw.exe"= TCP:C:\program files\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200805061024\jre\bin\expeditorw.exe:Lotus Expeditor
"TCP Query User{AC5C99B8-CD7C-4941-86EF-C1D57EF4F651}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2371B402-B0AC-4500-941A-32F1F220E397}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{78228B39-53B6-4549-8C7D-54C8AD0C6F5E}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= UDP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"UDP Query User{8ABD5FD2-4897-493C-99C9-095691512D0B}C:\\program files\\jlc's software\\internet tv\\internet tv.exe"= TCP:C:\program files\jlc's software\internet tv\internet tv.exe:Internet TV
"{CC8DC5B1-B381-4E23-B7EE-8959F73C7AA7}"= Disabled:UDP:C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"{A56E96A3-5163-417C-BC23-0517DB26DC36}"= Disabled:TCP:C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:Thunder
"TCP Query User{F1BCBBBB-2B45-456C-9C06-49143D520A73}C:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= UDP:C:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"UDP Query User{3BCAD1B3-0FF6-4C18-94FE-265F282B1F74}C:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= TCP:C:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"TCP Query User{E6876C1D-35B6-4214-BB7B-92207AACB6A2}D:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= UDP:D:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2
"UDP Query User{1A5BC6AF-1821-4F8D-A0E5-1BEE09D118EA}D:\\program files\\littlefighter2\\lf2_v2.0\\lf2.exe"= TCP:D:\program files\littlefighter2\lf2_v2.0\lf2.exe:lf2
"TCP Query User{DBEC687F-D90A-4646-B3CF-BF4E8E1BD95C}C:\\program files\\cidero\\mediacontroller.exe"= UDP:C:\program files\cidero\mediacontroller.exe:MediaController
"UDP Query User{28FCFC90-012A-43DE-80F4-1A6788B72C92}C:\\program files\\cidero\\mediacontroller.exe"= TCP:C:\program files\cidero\mediacontroller.exe:MediaController
"TCP Query User{9839B968-5616-4392-8AEE-1F56478BA76A}C:\\program files\\cidero\\radioserverproxy.exe"= UDP:C:\program files\cidero\radioserverproxy.exe:RadioServerProxy
"UDP Query User{7C731A20-F578-41A5-87EA-345A6F58BD5D}C:\\program files\\cidero\\radioserverproxy.exe"= TCP:C:\program files\cidero\radioserverproxy.exe:RadioServerProxy
"TCP Query User{16335B9E-BCA8-4B7E-976B-B74469066DE1}C:\\program files\\free upnp entertainment service\\fuppes.exe"= UDP:C:\program files\free upnp entertainment service\fuppes.exe:A free UPnP A/V Media Server
"UDP Query User{D15B7742-7A02-4298-8BBF-1A1EAA3DCA55}C:\\program files\\free upnp entertainment service\\fuppes.exe"= TCP:C:\program files\free upnp entertainment service\fuppes.exe:A free UPnP A/V Media Server
"{E7888AE1-2D45-42E7-AAC8-ED26EED50631}"= UDP:C:\Program Files\GridService\peer.exe:muse peer
"{3451325E-9B45-4A56-995D-801B0D737F8B}"= TCP:C:\Program Files\GridService\peer.exe:muse peer
"{7EF6C3A0-D922-44E9-AE24-F4D410A132B4}"= UDP:D:\Program Files\Gamania\Counter-Strike Online\Bin\cstrike-online.exe:Counter-Strike Online
"{737C4D37-9A19-4F8B-AD42-5E72768A97E2}"= TCP:D:\Program Files\Gamania\Counter-Strike Online\Bin\cstrike-online.exe:Counter-Strike Online
"{1C32754A-890F-483C-B7AB-689678F42BED}"= UDP:D:\Program Files\Gamania\Counter-Strike Online\Bin\NMService.exe:Nexon Messenger Core
"{BF4A1CD2-7258-49CC-AC88-1F7B53FF03BB}"= TCP:D:\Program Files\Gamania\Counter-Strike Online\Bin\NMService.exe:Nexon Messenger Core
"TCP Query User{9B8B6091-5141-45AE-A271-224FFC295A17}D:\\program files\\sd gundam online\\gonline.exe"= UDP:D:\program files\sd gundam online\gonline.exe:GOnline
"UDP Query User{72A6B74F-3FD8-4F94-8591-FFAE88179776}D:\\program files\\sd gundam online\\gonline.exe"= TCP:D:\program files\sd gundam online\gonline.exe:GOnline
"{67B37B6F-3946-4CA5-BA0A-CB9809211BF8}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7C79F7BB-72C1-4416-B2F7-6878B0ED32C4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{29F6F7DD-1509-4546-9A4A-3BD40119551E}C:\\windows\\system32\\ftp.exe"= UDP:C:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{1CBBE1F8-4366-45FC-BB00-0D399DC6F1E0}C:\\windows\\system32\\ftp.exe"= TCP:C:\windows\system32\ftp.exe:File Transfer Program
"TCP Query User{AC0884A0-37E9-46C5-AD16-D1D57E04E63D}D:\\program files\\gamania\\counter-strike online\\bin\\csolauncher.exe"= UDP:D:\program files\gamania\counter-strike online\bin\csolauncher.exe:CSOLauncher
"UDP Query User{8E0577B7-35F3-41E1-8A52-8A7B19845041}D:\\program files\\gamania\\counter-strike online\\bin\\csolauncher.exe"= TCP:D:\program files\gamania\counter-strike online\bin\csolauncher.exe:CSOLauncher
"{E1BF38C5-D190-4115-BD1E-E38DC38B97CC}"= UDP:C:\Users\Sam\AppData\Local\Temp\dubainstaller\miniinstaller.exe:Kingsoft Miniinstaller
"{D21B611D-559D-400C-A136-8D706DB13B08}"= TCP:C:\Users\Sam\AppData\Local\Temp\dubainstaller\miniinstaller.exe:Kingsoft Miniinstaller
"{C98F9EF5-2727-4EC9-875B-F28B17E2B16A}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
R0 BC;BC;C:\Windows\System32\drivers\BC.sys [17/8/2009 上午 11:01:02 24944]
R0 bootsafe;bootsafe;C:\Windows\System32\drivers\bootsafe.sys [17/8/2009 上午 11:01:01 15728]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2/7/2009 下午 2:12:31 64160]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSGB6.sys [20/6/2007 上午 11:12:17 47616]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [10/3/2009 上午 3:06:55 1029456]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-08-13 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06:56 . 2009-07-02 06:11:42]
.
.
------- Supplementary Scan -------
.
uStart Page = www.9348.cn/?205466
mStart Page = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = local
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - C:\Users\Sam\AppData\Roaming\Mozilla\Firefox\Profiles\le1s1j0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.hk/webhp?rls=ig
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Opera\program\plugins\npdivx32.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
chm.file=c:\windows\hh.exe %1
.
hi
Please download OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Download TFC to your desktop
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
Please download OTM
- Save it to your desktop.
- Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):CODE:Processes
:Services
:Reg
:Files
C:\Windows\system32\cachev.exe
C:\Windows\system32\555.vbs
:Commands
[purity]
[emptytemp]
[Reboot] - Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
OTM log:
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\system32\cachev.exe moved successfully.
C:\Windows\system32\555.v/bs moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
User: Sam
->Temp folder emptied: 164530 bytes
->Temporary Internet Files folder emptied: 919304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38172822 bytes
->Apple Safari cache emptied: 38030 bytes
->Opera cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 528664 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 37.98 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08212009_203824
Files moved on Reboot...
Registry entries deleted on Reboot...
---
Mbam log:
Malwarebytes' Anti-Malware 1.40
Database version: 2669
Windows 6.0.6001 Service Pack 1
21/8/2009 下午 9:16:41
mbam-log-2009-08-21 (21-16-41).txt
Scan type: Quick Scan
Objects scanned: 84165
Time elapsed: 4 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------
Here are all the logs for now as the Kaspersky Online Scanner lags and overheats my laptop during the updates.
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\system32\cachev.exe moved successfully.
C:\Windows\system32\555.v/bs moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
User: Sam
->Temp folder emptied: 164530 bytes
->Temporary Internet Files folder emptied: 919304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38172822 bytes
->Apple Safari cache emptied: 38030 bytes
->Opera cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 528664 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 37.98 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08212009_203824
Files moved on Reboot...
Registry entries deleted on Reboot...
---
Mbam log:
Malwarebytes' Anti-Malware 1.40
Database version: 2669
Windows 6.0.6001 Service Pack 1
21/8/2009 下午 9:16:41
mbam-log-2009-08-21 (21-16-41).txt
Scan type: Quick Scan
Objects scanned: 84165
Time elapsed: 4 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
---------------------------------------------------------------
Here are all the logs for now as the Kaspersky Online Scanner lags and overheats my laptop during the updates.
try this
Please click here to download AVP Tool by Kaspersky.
also open OTL click Quick Scan post that log
Please click here to download AVP Tool by Kaspersky.
- Save it to your desktop.
- Reboot your computer into SafeMode.
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter. - Double click the setup file to run it.
- Click Next to continue.
- It will by default install it to your desktop folder.Click Next.
- Hit ok at the prompt for scanning in Safe Mode.
- It will then open a box There will be a tab that says Automatic scan.
- Under Automatic scan make sure these are checked.
- System Memory
- Startup Objects
- Disk Boot Sectors.
- My Computer.
- Also any other drives (Removable that you may have)
- Then click on Scan at the to right hand Corner.
- It will automatically Neutralize any objects found.
- If some objects are left unneutralized then click the button that says Neutralize all
- If it says it cannot be Neutralized then chooose The delete option when prompted.
- After that is done click on the reports button at the bottom and save it to file name it Kas.
- Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.
also open OTL click Quick Scan post that log
every time when i run it i get BSOD (or auto shutdown). btw, is it normal to have BSOD alot? *I get BSOD almost every day when i shutdown.
no its not
open OTL click Quick Scan post that log
open OTL click Quick Scan post that log
OTL logfile created on: 25/8/2009 上午 9:57:06 - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.08% Memory free
4.00 Gb Paging File | 3.38 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.88 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
Drive D: | 66.71 Gb Total Space | 45.53 Gb Free Space | 68.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Sam-PC
Current User Name: Sam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ADSMService [Auto | Running]) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASLDRService [Auto | Running]) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATKGFNEXSrv [Auto | Running]) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Running]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\Windows\System32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\Windows\System32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE (Hewlett-Packard Company)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (MsMpSvc [Auto | Running]) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-hk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 0F 72 09 8A 21 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.hk/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 14:36:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/16 22:19:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 22:18:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 22:21:06 | 00,000,000 | ---D | M]
[2008/06/28 06:50:26 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2008/06/28 06:50:26 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/24 20:41:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions
[2009/06/27 15:26:37 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/17 12:50:01 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions\ChoiceGuard@Microsoft
[2009/08/24 20:41:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 15:31:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/16 20:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/05 15:31:31 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 15:31:31 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/26 08:25:32 | 00,036,864 | ---- | M] (迅雷网?) -- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
[2008/08/26 08:25:32 | 00,053,248 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2009/05/02 05:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/08/13 09:41:02 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/26 09:25:32 | 00,032,768 | ---- | M] (Xunlei Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll
[2009/08/16 20:22:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 02:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 06:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/05 15:31:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/23 10:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/15 12:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/16 22:18:58 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/03 21:16:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/03 21:16:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/03 21:16:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/03 21:16:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/03 21:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/03 21:16:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/03 21:16:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/16 22:19:11 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/16 22:18:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 05:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/07 21:52:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/07 21:52:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/07 21:52:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/07 21:52:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/07 21:52:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/18 11:23:31 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy119.xml
[2009/06/20 14:22:19 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy123.xml
[2009/07/15 10:57:31 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy127.xml
[2009/07/07 21:52:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/07 21:52:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: 附加至現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: 雄捃濘5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 雄捃濘5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.102.60.110 218.102.62.71
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
========== Files/Folders - Created Within 14 Days ==========
[2009/08/25 09:43:40 | 00,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater.rbt
[2009/08/25 08:34:41 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/08/25 01:00:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/08/25 01:00:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/08/25 01:00:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/08/25 00:54:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/08/25 00:44:08 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/08/25 00:44:07 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/08/25 00:44:07 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/08/25 00:43:53 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/08/25 00:43:52 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/25 00:43:50 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/08/25 00:43:22 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/08/25 00:43:19 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/08/25 00:43:11 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/08/25 00:42:47 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/25 00:42:31 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/08/25 00:42:28 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/08/25 00:42:26 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/08/23 22:45:48 | 00,217,120 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/23 22:45:48 | 00,003,620 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/08/23 22:32:39 | 00,000,000 | ---D | C] -- C:\ProgramData\is-MAFCL
[2009/08/23 15:24:00 | 00,183,260 | ---- | C] () -- C:\Windows\System32\cachev.exe
[2009/08/23 12:16:22 | 00,242,356 | -HS- | C] () -- C:\Windows\System32\1223.exe
[2009/08/23 11:53:36 | 00,000,000 | -HS- | C] () -- C:\Windows\System32\5532.vbs
[2009/08/22 20:27:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/08/21 20:38:24 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/21 20:35:30 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTM.exe
[2009/08/21 12:37:30 | 00,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/08/20 19:18:52 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/20 18:59:07 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/20 18:59:07 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\temp
[2009/08/20 18:25:11 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/20 15:05:29 | 01,878,156 | -H-- | C] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/19 23:41:42 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/19 23:41:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/19 23:41:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/19 23:41:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/19 23:41:42 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/19 23:41:42 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/19 23:41:42 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/19 23:41:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/19 23:24:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/19 23:24:03 | 03,180,440 | R--- | C] () -- C:\Users\Sam\Desktop\ComboFix.exe
[2009/08/19 21:53:46 | 00,000,000 | ---D | C] -- C:\Users\Sam\Desktop\i-phone
[2009/08/19 21:52:47 | 00,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Programs
[2009/08/19 16:51:59 | 00,000,000 | ---- | C] () -- C:\Users\Sam\Desktop\settings.dat
[2009/08/19 00:11:26 | 00,472,064 | ---- | C] ( ) -- C:\Users\Sam\Desktop\RootRepeal.exe
[2009/08/19 00:10:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/18 23:56:50 | 00,000,825 | ---- | C] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 23:56:48 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/18 23:56:46 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/18 23:56:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 23:53:38 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/18 23:48:55 | 00,000,920 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/18 23:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/18 23:44:22 | 00,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2009/08/18 23:34:23 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2009/08/18 23:33:30 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Sam\Desktop\Rooter.exe
[2009/08/18 23:32:08 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2009/08/18 18:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/17 11:01:05 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Kingsoft
[2009/08/17 11:01:02 | 00,024,944 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\BC.sys
[2009/08/17 11:01:01 | 00,015,728 | ---- | C] () -- C:\Windows\System32\drivers\bootsafe.sys
[2009/08/17 11:00:52 | 00,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2009/08/16 22:32:48 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/08/16 22:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/08/16 22:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/08/16 22:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/08/14 18:55:16 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2009/08/14 18:55:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/14 18:38:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/14 18:35:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/08/11 17:57:35 | 00,000,000 | -HSD | C] -- C:\Windows\ljjkky
[2009/08/11 17:57:07 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/11 17:57:07 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/11 11:20:39 | 00,000,000 | -HSD | C] -- C:\Windows\pddk
========== Files - Modified Within 14 Days ==========
[2009/08/25 09:43:40 | 00,000,014 | ---- | M] () -- C:\ProgramData\AdobeUpdater.rbt
[2009/08/25 08:35:03 | 00,666,962 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/08/25 08:35:02 | 01,491,542 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/25 08:35:02 | 00,598,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/25 08:35:02 | 00,119,086 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/08/25 08:35:02 | 00,105,784 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/25 08:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/25 08:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/25 08:29:57 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2009/08/25 08:27:38 | 00,489,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/25 08:26:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/25 08:25:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/25 01:01:49 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/08/25 00:54:52 | 01,878,156 | -H-- | M] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/24 15:16:39 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/23 23:06:35 | 00,217,120 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/23 23:06:35 | 00,003,620 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/08/23 15:24:03 | 00,183,260 | ---- | M] () -- C:\Windows\System32\cachev.exe
[2009/08/23 12:16:22 | 00,242,356 | -HS- | M] () -- C:\Windows\System32\1223.exe
[2009/08/23 11:53:36 | 00,000,000 | -HS- | M] () -- C:\Windows\System32\5532.vbs
[2009/08/22 20:28:07 | 00,137,712 | ---- | M] () -- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/22 19:06:33 | 00,002,325 | ---- | M] () -- C:\lma_log.html
[2009/08/21 20:35:30 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTM.exe
[2009/08/20 19:06:18 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/20 19:06:01 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/20 18:13:04 | 03,180,440 | R--- | M] () -- C:\Users\Sam\Desktop\ComboFix.exe
[2009/08/20 09:56:10 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/19 16:51:59 | 00,000,000 | ---- | M] () -- C:\Users\Sam\Desktop\settings.dat
[2009/08/18 23:56:50 | 00,000,825 | ---- | M] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 23:48:55 | 00,000,920 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/18 23:34:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2009/08/18 23:33:30 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Sam\Desktop\Rooter.exe
[2009/08/18 23:32:18 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2009/08/17 20:19:11 | 00,041,984 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 11:36:27 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/08/16 22:18:41 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/08/16 22:17:33 | 00,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2009/08/13 17:19:38 | 00,321,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Users\Sam\Desktop\RootRepeal.exe
[2009/08/12 23:36:31 | 00,000,135 | ---- | M] () -- C:\Windows\Mp3CutterJoiner.ini
[2009/08/12 23:36:31 | 00,000,005 | ---- | M] () -- C:\Windows\System32\SySMP3CutJoin.dat
[2009/08/12 01:45:55 | 00,005,284 | ---- | M] () -- C:\Windows\System32\cid_store.dat
[2009/08/12 01:45:44 | 00,000,026 | ---- | M] () -- C:\Windows\System32\xlhcc.dat
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
========== LOP Check ==========
[2009/08/22 20:16:39 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming
[2008/06/20 18:09:19 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ATI
[2008/07/04 10:29:30 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Autodesk
[2009/07/12 18:43:50 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BeoMediaDatabase
[2009/01/02 13:41:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BSplayer PRO
[2008/08/09 07:32:25 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CCTV
[2009/07/15 19:43:32 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2009/07/16 11:05:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FUPPES
[2009/08/17 11:01:05 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kingsoft
[2006/11/02 20:37:34 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Media Center Programs
[2008/06/28 13:33:20 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MessengerGadget
[2008/09/19 22:51:08 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Opera
[2008/08/26 11:23:12 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2009/08/18 17:13:36 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spider Player
[2009/08/10 11:45:20 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Xilisoft Corporation
[2009/08/24 15:16:39 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/25 08:26:16 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/25 01:01:55 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
========== Files - Unicode (All) ==========
[2008/10/01 23:26:06 | 00,000,000 | ---- | C] ()(C:\Users\Sam\Documents\±D‥_3!|‥?y‥a--¥o-?-P?·.pdf) -- C:\Users\Sam\Documents\±Ð¨_³¡¦¨»y¨å--¥ô«P»·.pdf
[2008/10/01 23:26:06 | 00,000,000 | ---- | M] ()(C:\Users\Sam\Documents\±D‥_3!|‥?y‥a--¥o-?-P?·.pdf) -- C:\Users\Sam\Documents\±Ð¨_³¡¦¨»y¨å--¥ô«P»·.pdf
< End of report >
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
2.00 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.08% Memory free
4.00 Gb Paging File | 3.38 Gb Available in Paging File | 84.41% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.88 Gb Free Space | 36.07% Space Free | Partition Type: NTFS
Drive D: | 66.71 Gb Total Space | 45.53 Gb Free Space | 68.25% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Sam-PC
Current User Name: Sam
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Users\Sam\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (ADSMService [Auto | Running]) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ASLDRService [Auto | Running]) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATKGFNEXSrv [Auto | Running]) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Running]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (HP Port Resolver [On_Demand | Stopped]) -- C:\Windows\System32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE (Hewlett-Packard Company)
SRV - (HP Status Server [On_Demand | Stopped]) -- C:\Windows\System32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE (Hewlett-Packard Company)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [On_Demand | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (MsMpSvc [Auto | Running]) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Stopped]) -- File not found
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-hk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 0F 72 09 8A 21 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com.hk/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 14:36:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/08/16 22:19:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/16 22:18:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/16 22:21:06 | 00,000,000 | ---D | M]
[2008/06/28 06:50:26 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions
[2008/06/28 06:50:26 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/24 20:41:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions
[2009/06/27 15:26:37 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/17 12:50:01 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\mozilla\Firefox\Profiles\le1s1j0g.default\extensions\ChoiceGuard@Microsoft
[2009/08/24 20:41:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 15:31:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/16 20:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/05 15:31:31 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 15:31:31 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/26 08:25:32 | 00,036,864 | ---- | M] (迅雷网?) -- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
[2008/08/26 08:25:32 | 00,053,248 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2009/05/02 05:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/08/13 09:41:02 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/08/26 09:25:32 | 00,032,768 | ---- | M] (Xunlei Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\plugins\npDapCtrlFirefox.dll
[2009/08/16 20:22:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 02:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 06:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/05 15:31:33 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/23 10:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/15 12:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/16 22:18:58 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/03 21:16:33 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/03 21:16:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/03 21:16:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/03 21:16:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/03 21:16:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/03 21:16:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/03 21:16:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/16 22:19:11 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/16 22:18:45 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 05:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/07 21:52:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/07 21:52:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/07 21:52:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/07 21:52:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/07 21:52:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/18 11:23:31 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy119.xml
[2009/06/20 14:22:19 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy123.xml
[2009/07/15 10:57:31 | 00,002,381 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\kwinzy127.xml
[2009/07/07 21:52:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/07 21:52:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: 附加至現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: 雄捃濘5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 雄捃濘5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 218.102.60.110 218.102.62.71
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
========== Files/Folders - Created Within 14 Days ==========
[2009/08/25 09:43:40 | 00,000,014 | ---- | C] () -- C:\ProgramData\AdobeUpdater.rbt
[2009/08/25 08:34:41 | 00,000,000 | ---D | C] -- C:\Windows\LastGood
[2009/08/25 01:00:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/08/25 01:00:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/08/25 01:00:05 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/08/25 00:54:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/08/25 00:44:08 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/08/25 00:44:07 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/08/25 00:44:07 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/08/25 00:43:53 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/08/25 00:43:52 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/25 00:43:50 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/08/25 00:43:22 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/08/25 00:43:19 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/08/25 00:43:11 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/08/25 00:42:47 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/25 00:42:31 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/08/25 00:42:28 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/08/25 00:42:26 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/08/23 22:45:48 | 00,217,120 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/23 22:45:48 | 00,003,620 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/08/23 22:32:39 | 00,000,000 | ---D | C] -- C:\ProgramData\is-MAFCL
[2009/08/23 15:24:00 | 00,183,260 | ---- | C] () -- C:\Windows\System32\cachev.exe
[2009/08/23 12:16:22 | 00,242,356 | -HS- | C] () -- C:\Windows\System32\1223.exe
[2009/08/23 11:53:36 | 00,000,000 | -HS- | C] () -- C:\Windows\System32\5532.vbs
[2009/08/22 20:27:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/08/21 20:38:24 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/21 20:35:30 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTM.exe
[2009/08/21 12:37:30 | 00,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009/08/20 19:18:52 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/20 18:59:07 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/08/20 18:59:07 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\temp
[2009/08/20 18:25:11 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/08/20 15:05:29 | 01,878,156 | -H-- | C] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/19 23:41:42 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/19 23:41:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/19 23:41:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/19 23:41:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/19 23:41:42 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/19 23:41:42 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/19 23:41:42 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/19 23:41:42 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/19 23:24:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/19 23:24:03 | 03,180,440 | R--- | C] () -- C:\Users\Sam\Desktop\ComboFix.exe
[2009/08/19 21:53:46 | 00,000,000 | ---D | C] -- C:\Users\Sam\Desktop\i-phone
[2009/08/19 21:52:47 | 00,000,000 | ---D | C] -- C:\Users\Sam\Desktop\Programs
[2009/08/19 16:51:59 | 00,000,000 | ---- | C] () -- C:\Users\Sam\Desktop\settings.dat
[2009/08/19 00:11:26 | 00,472,064 | ---- | C] ( ) -- C:\Users\Sam\Desktop\RootRepeal.exe
[2009/08/19 00:10:28 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/18 23:56:50 | 00,000,825 | ---- | C] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 23:56:48 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/18 23:56:46 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/18 23:56:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/18 23:53:38 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/18 23:48:55 | 00,000,920 | ---- | C] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/18 23:48:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/18 23:44:22 | 00,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2009/08/18 23:34:23 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2009/08/18 23:33:30 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Sam\Desktop\Rooter.exe
[2009/08/18 23:32:08 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2009/08/18 18:57:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/17 11:01:05 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Kingsoft
[2009/08/17 11:01:02 | 00,024,944 | ---- | C] (Kingsoft Corporation) -- C:\Windows\System32\drivers\BC.sys
[2009/08/17 11:01:01 | 00,015,728 | ---- | C] () -- C:\Windows\System32\drivers\bootsafe.sys
[2009/08/17 11:00:52 | 00,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2009/08/16 22:32:48 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/08/16 22:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/08/16 22:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/08/16 22:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/08/14 18:55:16 | 00,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Malwarebytes
[2009/08/14 18:55:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/14 18:38:02 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/14 18:35:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/08/11 17:57:35 | 00,000,000 | -HSD | C] -- C:\Windows\ljjkky
[2009/08/11 17:57:07 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/11 17:57:07 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/11 11:20:39 | 00,000,000 | -HSD | C] -- C:\Windows\pddk
========== Files - Modified Within 14 Days ==========
[2009/08/25 09:43:40 | 00,000,014 | ---- | M] () -- C:\ProgramData\AdobeUpdater.rbt
[2009/08/25 08:35:03 | 00,666,962 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/08/25 08:35:02 | 01,491,542 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/25 08:35:02 | 00,598,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/25 08:35:02 | 00,119,086 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/08/25 08:35:02 | 00,105,784 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/25 08:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/25 08:33:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/25 08:29:57 | 00,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2009/08/25 08:27:38 | 00,489,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/25 08:26:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/25 08:25:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/25 01:01:49 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/08/25 00:54:52 | 01,878,156 | -H-- | M] () -- C:\Users\Sam\AppData\Local\IconCache.db
[2009/08/24 15:16:39 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/08/23 23:06:35 | 00,217,120 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/08/23 23:06:35 | 00,003,620 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/08/23 15:24:03 | 00,183,260 | ---- | M] () -- C:\Windows\System32\cachev.exe
[2009/08/23 12:16:22 | 00,242,356 | -HS- | M] () -- C:\Windows\System32\1223.exe
[2009/08/23 11:53:36 | 00,000,000 | -HS- | M] () -- C:\Windows\System32\5532.vbs
[2009/08/22 20:28:07 | 00,137,712 | ---- | M] () -- C:\Users\Sam\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/22 19:06:33 | 00,002,325 | ---- | M] () -- C:\lma_log.html
[2009/08/21 20:35:30 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTM.exe
[2009/08/20 19:06:18 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/20 19:06:01 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/08/20 18:13:04 | 03,180,440 | R--- | M] () -- C:\Users\Sam\Desktop\ComboFix.exe
[2009/08/20 09:56:10 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/19 16:51:59 | 00,000,000 | ---- | M] () -- C:\Users\Sam\Desktop\settings.dat
[2009/08/18 23:56:50 | 00,000,825 | ---- | M] () -- C:\Users\Sam\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/18 23:48:55 | 00,000,920 | ---- | M] () -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/18 23:34:38 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2009/08/18 23:33:30 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Sam\Desktop\Rooter.exe
[2009/08/18 23:32:18 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\TFC.exe
[2009/08/17 20:19:11 | 00,041,984 | ---- | M] () -- C:\Users\Sam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 11:36:27 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/08/16 22:18:41 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/08/16 22:17:33 | 00,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2009/08/13 17:19:38 | 00,321,522 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.msn
[2009/08/13 11:14:18 | 00,472,064 | ---- | M] ( ) -- C:\Users\Sam\Desktop\RootRepeal.exe
[2009/08/12 23:36:31 | 00,000,135 | ---- | M] () -- C:\Windows\Mp3CutterJoiner.ini
[2009/08/12 23:36:31 | 00,000,005 | ---- | M] () -- C:\Windows\System32\SySMP3CutJoin.dat
[2009/08/12 01:45:55 | 00,005,284 | ---- | M] () -- C:\Windows\System32\cid_store.dat
[2009/08/12 01:45:44 | 00,000,026 | ---- | M] () -- C:\Windows\System32\xlhcc.dat
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/11 17:57:07 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
========== LOP Check ==========
[2009/08/22 20:16:39 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming
[2008/06/20 18:09:19 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ATI
[2008/07/04 10:29:30 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Autodesk
[2009/07/12 18:43:50 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BeoMediaDatabase
[2009/01/02 13:41:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\BSplayer PRO
[2008/08/09 07:32:25 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\CCTV
[2009/07/15 19:43:32 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2009/07/16 11:05:49 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\FUPPES
[2009/08/17 11:01:05 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Kingsoft
[2006/11/02 20:37:34 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Media Center Programs
[2008/06/28 13:33:20 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\MessengerGadget
[2008/09/19 22:51:08 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Opera
[2008/08/26 11:23:12 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2009/08/18 17:13:36 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Spider Player
[2009/08/10 11:45:20 | 00,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Xilisoft Corporation
[2009/08/24 15:16:39 | 00,000,472 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009/08/25 08:26:16 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/25 01:01:55 | 00,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
========== Files - Unicode (All) ==========
[2008/10/01 23:26:06 | 00,000,000 | ---- | C] ()(C:\Users\Sam\Documents\±D‥_3!|‥?y‥a--¥o-?-P?·.pdf) -- C:\Users\Sam\Documents\±Ð¨_³¡¦¨»y¨å--¥ô«P»·.pdf
[2008/10/01 23:26:06 | 00,000,000 | ---- | M] ()(C:\Users\Sam\Documents\±D‥_3!|‥?y‥a--¥o-?-P?·.pdf) -- C:\Users\Sam\Documents\±Ð¨_³¡¦¨»y¨å--¥ô«P»·.pdf
< End of report >
Your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware
Below I have included a number of recommendations for how to protect your computer against malware infections.
Thank you for your patience, and performing all of the procedures requested.
Follow these steps to uninstall Combofix and tools used in the removal of malware
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTC to your desktop and run it
- Click Yes to beginning the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Below I have included a number of recommendations for how to protect your computer against malware infections.
- Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer. - SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
- Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
- Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.