Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with HTTP Tidserv Request


  • This topic is locked This topic is locked
13 replies to this topic

#1 qzchan

qzchan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 15 April 2010 - 04:14 PM

Hi, I am using Norton Internet Security 2010 which was first to point me to this problem. By the way, this happened on a Win7 fresh install on a fresh harddisk. I tried removing the threat with SUPERAntiSpyware and Malwarebytes' Anti-Malware to no avail. There was a problem with IE8 homepage changing to an unknown site although the homepage under the Options stayed the same. I had IE reinstalled, which seemed to have solved that problem. However, it STILL kept prompting that IE had crash whenever I close the program.

Problem signature:
Problem Event Name: APPCRASH
Application Name: iexplore.exe
Application Version: 8.0.7600.16385
Application Timestamp: 4a5bc69e
Fault Module Name: Scxpx86.dll
Fault Module Version: 9.1.2.5
Fault Module Timestamp: 4ae767fd
Exception Code: c0000005
Exception Offset: 00017776
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 4100
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

The problem with HTTP Tidserv Request persists. Pls help sad.gif

Thx in advance~


DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 4:39:26.29 on 16/04/2010 周五
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.936.65.2052.18.3067.1808 [GMT 8:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Windows\System32\StkCSrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.arsenal-world.co.uk/
mStart Page = hxxp://www.2345.com/index.htm
BHO: {01443AEC-0FD1-40fd-9C87-E93D1494C233} - No File
BHO: DetectAddin Class: {2d90d33c-de76-42d0-9040-e4466ddc24ac} - d:\program files\thunder network\thunder\program\EmbedDetectNow.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.6.0.32\IPSBHO.DLL
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - d:\program files\thunder network\thunder\comdlls\XUNLEIBHO_NOW.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.6.0.32\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: 使用UUSee下载 - d:\program files\uusee\geturltodown.htm
IE: 使用UUSee加速播放 - d:\program files\uusee\geturltoplay.htm
IE: 使用迅雷下载 - d:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - d:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 使用迅雷查看图片 - d:\program files\thunder network\thunder\program\repairimage.htm
IE: {548BF84E-9665-47f9-B635-7380F8943E90} - d:\program files\thunder network\thunder\program\repairimage.htm
IE: {998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/
IE: {998A88A0-A355-809B-831C-B83A80000992} - d:\program files\uusee\UUSeePlayer.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\jp0znw5q.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(557).dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1106000.020\symds.sys [2010-4-15 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1106000.020\symefa.sys [2010-4-15 172592]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-25 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1106000.020\cchpx86.sys [2010-4-15 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100409.001\IDSvix86.sys [2010-4-15 343088]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-4-15 10752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1106000.020\ironx86.sys [2010-4-15 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1106000.020\symtdiv.sys [2010-4-15 340016]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-15 303952]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.6.0.32\ccsvchst.exe [2010-4-15 126392]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2010-4-15 31248]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-4-15 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-15 20824]
R3 netw5v32;适用于 Windows Vista 32 位的 Intel® Wireless WiFi 链接 5000 系列适配器驱动程序;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-4-15 66080]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\drivers\StkCMini.sys [2010-4-15 1436560]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

=============== Created Last 30 ================

2010-04-15 19:26:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-04-15 19:26:10 0 d-----w- c:\program files\Synaptics
2010-04-15 18:20:17 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-15 18:20:06 0 d-----w- c:\users\admini~1\appdata\roaming\SUPERAntiSpyware.com
2010-04-15 18:20:06 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 18:18:49 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-15 15:37:39 0 d-----w- c:\programdata\Messenger Plus!
2010-04-15 15:34:35 0 d-----w- c:\program files\Messenger Plus! Live
2010-04-15 15:17:52 0 d-----w- c:\users\admini~1\appdata\roaming\URSoft
2010-04-15 15:17:51 0 d---a-w- c:\programdata\TEMP
2010-04-15 15:17:42 0 d-----w- c:\program files\Your Uninstaller 2010
2010-04-15 15:07:19 0 d-----w- c:\windows\system32\catroot2
2010-04-15 14:06:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 14:06:41 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 14:06:41 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 14:06:41 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-15 14:06:14 0 d-----w- c:\program files\Norton Internet Security
2010-04-15 14:06:08 0 d-----w- c:\program files\NortonInstaller
2010-04-15 13:07:09 0 d-----w- c:\users\administrator\Tracing
2010-04-15 12:57:02 0 d-----w- C:\SymNRA
2010-04-15 12:42:02 0 d-----w- c:\users\admini~1\appdata\roaming\Tific
2010-04-15 12:32:30 0 d-----w- c:\programdata\NVIDIA
2010-04-15 12:26:55 0 d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-04-15 12:26:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 12:26:42 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:26:42 0 d-----w- c:\programdata\Malwarebytes
2010-04-15 12:26:41 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 12:11:58 0 d-----w- c:\windows\CheckSur
2010-04-15 12:10:48 246784 ----a-w- c:\windows\system32\drivers\udfs.sys
2010-04-15 12:06:53 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2010-04-15 12:02:58 0 d-----w- C:\Intel
2010-04-15 12:02:57 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-04-15 11:58:57 0 d-----w- c:\programdata\SAMSUNG
2010-04-15 11:58:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SABI_01009.Wdf
2010-04-15 11:58:49 10752 ----a-w- c:\windows\system32\drivers\SABI.sys
2010-04-15 11:57:50 0 d-----w- c:\windows\CU
2010-04-15 11:57:50 0 d-----w- c:\program files\Samsung
2010-04-15 11:56:27 0 d-----w- c:\program files\Atheros Client Installation Program
2010-04-15 11:55:20 2824704 ----a-w- c:\windows\system32\AInst3141.exe
2010-04-15 11:55:20 1202 ----a-w- c:\windows\system32\WLL3141.cfgx
2010-04-15 11:53:22 0 d-----w- c:\windows\system32\RTCOM
2010-04-15 11:53:22 0 d-----w- c:\program files\Realtek
2010-04-15 11:53:01 485920 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-15 11:51:51 0 d-----w- c:\program files\LSI SoftModem
2010-04-15 11:44:12 88592 ----a-w- c:\windows\StkUnist.exe
2010-04-15 11:44:12 76304 ----a-w- c:\windows\system32\StkCWIA.dll
2010-04-15 11:44:12 55824 ----a-w- c:\windows\system32\StkSSrv.dll
2010-04-15 11:44:12 347152 ----a-w- c:\windows\VideoView.exe
2010-04-15 11:44:12 31248 ----a-w- c:\windows\system32\StkCSrv.exe
2010-04-15 11:44:12 236048 ----a-w- c:\windows\system32\StkCProp.ax
2010-04-15 11:44:12 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-04-15 11:44:12 1436560 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-04-15 11:44:12 12940048 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
2010-04-15 11:44:12 113168 ----a-w- c:\windows\StkC112X.exe
2010-04-15 11:34:23 0 d-----w- c:\program files\WIDCOMM
2010-04-15 11:33:10 0 d-----w- c:\program files\Microsoft
2010-04-15 11:32:39 0 d-----w- c:\program files\Windows Live SkyDrive
2010-04-15 11:31:51 0 d-----w- c:\windows\PCHEALTH
2010-04-15 11:17:31 0 d-----w- c:\program files\common files\Windows Live
2010-04-15 11:09:13 0 d-----w- c:\programdata\Google
2010-04-15 11:09:07 0 d-----w- c:\program files\common files\uusee
2010-04-15 10:56:29 20 ----a-w- c:\windows\system32\pub_store.dat
2010-04-15 10:56:23 0 d-----w- c:\programdata\Thunder Network
2010-04-15 10:56:20 0 d-----w- c:\program files\common files\Thunder Network
2010-04-15 10:51:59 0 d-----w- c:\program files\SogouInput
2010-04-15 10:51:58 0 d-----w- c:\program files\SogouExtension
2010-04-15 10:50:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-04-15 10:35:29 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-15 10:29:56 0 d-----w- c:\program files\Symantec
2010-04-15 10:29:24 0 d-----w- c:\windows\system32\drivers\NIS
2010-04-15 10:29:22 0 d-----w- c:\programdata\Norton
2010-04-15 10:28:52 0 d-----w- c:\programdata\NortonInstaller
2010-04-15 10:25:34 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-15 10:22:32 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-15 10:19:34 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-15 10:19:34 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-15 10:19:26 0 d-----w- c:\users\admini~1\appdata\roaming\TuneUp Software
2010-04-15 10:19:23 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-04-15 10:16:24 0 d-----w- c:\programdata\TuneUp Software
2010-04-15 10:16:16 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-15 10:16:10 0 d-sh--w- c:\windows\Installer
2010-04-15 10:16:05 0 d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-15 10:05:38 1169296 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-04-15 10:05:36 204528 --sha-r- C:\grldr
2010-04-15 10:05:13 0 d-----w- c:\windows\system32\wbem\Performance
2010-04-15 10:01:11 0 d-----w- c:\users\admini~1\appdata\roaming\HaoZip
2010-04-15 10:01:11 0 d-----w- c:\program files\HaoZip
2010-04-15 09:59:12 359818 --sha-r- C:\OEMSY
2010-04-15 09:59:02 0 d-sh--we c:\programdata\桌面
2010-04-15 09:59:02 0 d-sh--we c:\programdata\收藏夹
2010-04-15 09:59:02 0 d-sh--we c:\programdata\「开始」菜单
2010-04-15 09:59:02 0 d-sh--w- C:\Recovery
2010-04-15 09:52:54 8192 --sha-r- C:\BOOTSECT.BAK
2010-04-15 09:52:53 383562 --sha-r- C:\bootmgr
2010-04-15 09:52:52 0 d-sh--w- C:\Boot
2010-04-03 03:28:52 19805512 ----a-w- c:\users\admini~1\appdata\roaming\TU2010_EN_GB.exe
2010-04-01 09:46:40 979824 ----a-w- c:\windows\system32\SogouPy.ime

==================== Find3M ====================

2010-04-15 19:52:19 355328 ----a-w- c:\windows\system32\prfh0804.dat
2010-04-15 19:52:19 101428 ----a-w- c:\windows\system32\prfc0804.dat
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32:26 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32:12 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-26 02:33:00 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-26 02:31:38 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-26 02:31:38 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-26 02:31:34 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-26 02:31:34 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-14 08:27:22 31548 ----a-w- c:\windows\inf\perflib\0804\perfd.dat
2009-07-14 08:27:22 31548 ----a-w- c:\windows\inf\perflib\0804\perfc.dat
2009-07-14 08:27:22 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 08:27:22 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 08:27:22 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 08:27:22 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 08:27:22 111310 ----a-w- c:\windows\inf\perflib\0804\perfi.dat
2009-07-14 08:27:22 111310 ----a-w- c:\windows\inf\perflib\0804\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 4:40:41.54 ===============



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 19 April 2010 - 10:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 qzchan

qzchan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 19 April 2010 - 12:16 PM

Hi, thank you for your time! smile.gif
Since the post, I had ran both TDSSkiller and combofix with no success. The OneCare safeth scanner kept coming up with script error at the end of the scan stage. Here are the results form the OTL scan.

regards,
Qz

OTL logfile created on: 20/4/2010 1:01:59 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.38 Gb Total Space | 39.02 Gb Free Space | 68.01% Space Free | Partition Type: NTFS
Drive D: | 114.75 Gb Total Space | 99.96 Gb Free Space | 87.11% Space Free | Partition Type: NTFS
Drive E: | 60.75 Gb Total Space | 24.45 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QZ-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/20 00:59:00 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2010/04/16 21:55:31 | 002,938,552 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/04/15 15:18:06 | 000,931,192 | ---- | M] (UUSEE) -- C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
PRC - [2010/04/03 16:44:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/02/26 07:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/02/25 11:21:36 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/02/25 11:19:36 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/11/11 13:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/11/04 13:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/24 18:27:34 | 007,719,456 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
PRC - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/20 00:59:00 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 09:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/17 16:08:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/15 18:19:33 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/03/30 00:46:14 | 000,303,952 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/02/26 07:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2010/02/25 11:19:36 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 11:15:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/15 16:56:56 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2009/03/27 18:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/04/18 11:22:07 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2010/04/16 19:41:12 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2010/04/15 22:28:45 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100419.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/04/15 22:28:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/15 22:28:44 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/15 22:28:44 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100419.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/04/15 22:06:41 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/25 04:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/27 10:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/27 10:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/27 10:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 10:33:00 | 000,242,992 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/02/26 07:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 09:40:52 | 000,340,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/02/04 09:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/11/17 08:51:14 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/15 11:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/08/24 18:19:10 | 002,754,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/10 16:21:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/21 14:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 07:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 06:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 06:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) 适用于 Windows Vista 32 位的 Intel®
DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/03 11:29:10 | 001,436,560 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2009/06/27 06:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/17 20:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/05/28 15:38:12 | 000,010,752 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\System32\drivers\SABI.sys -- (SABI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.2345.com/index.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arsenal-world.co.uk/
IE - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/04/15 22:06:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/04/15 22:06:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/15 21:19:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/17 16:07:31 | 000,000,000 | ---D | M]

[2010/04/15 21:19:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010/04/19 22:32:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\jp0znw5q.default\extensions
[2010/04/15 23:55:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\jp0znw5q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/15 21:18:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/15 22:34:05 | 000,000,902 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - No CLSID value found.
O2 - BHO: (DetectAddin Class) - {2D90D33C-DE76-42D0-9040-E4466DDC24AC} - D:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll (Xunlei)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2789408885-3468359723-3425312017-500..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WIN7.exe ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WIN7.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2789408885-3468359723-3425312017-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: 使用UUSee下载 - D:\Program Files\uusee\geturltodown.htm ()
O8 - Extra context menu item: 使用UUSee加速播放 - D:\Program Files\uusee\geturltoplay.htm ()
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm ()
O8 - Extra context menu item: 使用迅雷查看图片 - D:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - D:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - D:\Program Files\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - D:\Program Files\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - D:\Program Files\uusee\UUSeePlayer.exe ()
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...g/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 180.168.255.18 116.228.111.118
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 10:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: klmdb.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A59B76D1-5E3B-4893-BB7F-AF69B2570A73} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/20 00:58:57 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/04/19 08:04:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2010/04/18 10:28:00 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/04/18 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/17 17:13:49 | 000,046,928 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010/04/17 16:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/04/17 16:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/04/17 16:08:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2010/04/17 16:08:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2010/04/17 16:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/17 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/17 04:27:58 | 000,000,000 | ---D | C] -- D:\Qz\Document\Secret of the Solstice
[2010/04/17 04:27:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Secret of the Solstice
[2010/04/16 21:59:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Outspark
[2010/04/16 21:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2010/04/16 21:55:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PMB Files
[2010/04/16 21:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/04/16 21:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/04/16 19:50:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Logs
[2010/04/16 19:34:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/16 19:34:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/16 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2010/04/16 19:22:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/16 19:22:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/16 19:18:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/16 19:10:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/16 19:10:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/16 19:10:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/16 19:07:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/16 19:07:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/16 18:38:26 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2010/04/16 09:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/16 08:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/04/16 08:29:38 | 000,716,320 | ---- | C] (Secunia) -- C:\Users\Administrator\Desktop\PSISetup.exe
[2010/04/16 04:45:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\gmer
[2010/04/16 03:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/04/16 02:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/16 02:20:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2010/04/16 02:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/16 02:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/15 23:40:03 | 000,000,000 | ---D | C] -- D:\Qz\Document\My Chat Logs
[2010/04/15 23:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010/04/15 23:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2010/04/15 23:17:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\URSoft
[2010/04/15 23:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/15 23:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2010
[2010/04/15 23:07:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2010/04/15 22:29:04 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symtdiv.sys
[2010/04/15 22:29:04 | 000,172,592 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.sys
[2010/04/15 22:29:03 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.sys
[2010/04/15 22:29:03 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\symds.sys
[2010/04/15 22:29:03 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.sys
[2010/04/15 22:29:03 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\ironx86.sys
[2010/04/15 22:29:03 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.sys
[2010/04/15 22:06:41 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/04/15 22:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/15 22:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/04/15 22:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/04/15 21:19:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2010/04/15 21:19:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2010/04/15 21:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/15 21:07:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Tracing
[2010/04/15 20:57:02 | 000,000,000 | ---D | C] -- C:\SymNRA
[2010/04/15 20:42:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Symantec
[2010/04/15 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tific
[2010/04/15 20:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/04/15 20:26:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010/04/15 20:26:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/15 20:26:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/15 20:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/15 20:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/15 20:11:58 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/04/15 20:06:53 | 000,345,600 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\SetLCDStretchMode.exe
[2010/04/15 20:02:58 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/15 20:02:57 | 000,330,264 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010/04/15 20:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/15 20:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/15 19:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SAMSUNG
[2010/04/15 19:58:49 | 000,010,752 | ---- | C] (SAMSUNG ELECTRONICS) -- C:\Windows\System32\drivers\SABI.sys
[2010/04/15 19:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/04/15 19:57:50 | 000,000,000 | ---D | C] -- C:\Windows\CU
[2010/04/15 19:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros Client Installation Program
[2010/04/15 19:55:20 | 002,824,704 | ---- | C] (Askey Computer Corporation.) -- C:\Windows\System32\AInst3141.exe
[2010/04/15 19:53:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010/04/15 19:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/15 19:53:01 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010/04/15 19:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/04/15 19:44:12 | 012,940,048 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\drivers\StkCPipe.sys
[2010/04/15 19:44:12 | 001,436,560 | ---- | C] (Syntek) -- C:\Windows\System32\drivers\StkCMini.sys
[2010/04/15 19:44:12 | 000,347,152 | ---- | C] (Syntek Corporation) -- C:\Windows\VideoView.exe
[2010/04/15 19:44:12 | 000,236,048 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCProp.ax
[2010/04/15 19:44:12 | 000,113,168 | ---- | C] (Syntek America Inc.) -- C:\Windows\StkC112X.exe
[2010/04/15 19:44:12 | 000,076,304 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCWIA.dll
[2010/04/15 19:44:12 | 000,055,824 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkSSrv.dll
[2010/04/15 19:44:12 | 000,031,248 | ---- | C] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe
[2010/04/15 19:44:11 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/15 19:43:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2010/04/15 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2010/04/15 19:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/04/15 19:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/15 19:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/15 19:32:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/04/15 19:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/15 19:32:36 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010/04/15 19:32:35 | 002,754,336 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010/04/15 19:32:35 | 000,971,264 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll
[2010/04/15 19:32:35 | 000,088,064 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll
[2010/04/15 19:32:30 | 001,161,760 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\AGRSM.sys
[2010/04/15 19:32:30 | 000,064,000 | ---- | C] (LSI Corporation) -- C:\Windows\agrsmdel.exe
[2010/04/15 19:32:30 | 000,013,824 | ---- | C] (LSI Corporation) -- C:\Windows\System32\agrscoin.dll
[2010/04/15 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/15 19:32:09 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuhda.exe
[2010/04/15 19:32:09 | 000,151,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcohda.dll
[2010/04/15 19:32:09 | 000,066,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2010/04/15 19:32:09 | 000,057,344 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\nvapo32v.dll
[2010/04/15 19:32:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nvhdap32.dll
[2010/04/15 19:32:02 | 010,387,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/04/15 19:32:02 | 003,156,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/04/15 19:32:02 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010/04/15 19:32:01 | 009,824,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/04/15 19:32:01 | 007,629,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/04/15 19:32:01 | 001,706,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/04/15 19:32:01 | 001,530,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2010/04/15 19:32:01 | 001,317,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/04/15 19:32:01 | 000,993,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/04/15 19:32:01 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010/04/15 19:32:01 | 000,678,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/04/15 19:32:01 | 000,256,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2010/04/15 19:32:01 | 000,155,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod161.dll
[2010/04/15 19:32:01 | 000,155,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/04/15 19:32:01 | 000,004,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/04/15 19:31:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/15 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2010/04/15 19:20:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2010/04/15 19:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/15 19:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/15 19:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\uusee
[2010/04/15 19:08:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/04/15 18:58:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps
[2010/04/15 18:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Thunder Network
[2010/04/15 18:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thunder Network
[2010/04/15 18:41:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1106000.020
[2010/04/15 18:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/15 18:29:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/04/15 18:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/04/15 18:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/04/15 18:25:34 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/15 18:22:32 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010/04/15 18:19:34 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010/04/15 18:19:34 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010/04/15 18:19:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010/04/15 18:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/04/15 18:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010/04/15 18:16:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/15 18:16:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/15 18:16:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/15 18:16:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/04/15 18:16:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/04/15 18:15:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/15 18:15:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/15 18:15:53 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/04/15 18:15:53 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/15 18:15:53 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/15 18:15:52 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/15 18:15:52 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/15 18:15:52 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/15 18:15:51 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/15 18:15:50 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/15 18:15:50 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/04/15 18:15:50 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/15 18:15:50 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/15 18:15:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/15 18:15:35 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 18:15:35 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 18:01:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HaoZip
[2010/04/15 18:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\HaoZip
[2010/04/15 18:01:01 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2010/04/15 18:00:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2010/04/15 18:00:49 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2010/04/15 18:00:36 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\「开始」菜单
[2010/04/15 18:00:35 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2010/04/15 18:00:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2010/04/15 18:00:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2010/04/15 18:00:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2010/04/15 18:00:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2010/04/15 18:00:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2010/04/15 18:00:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2010/04/15 18:00:35 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2010/04/15 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2010/04/15 18:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2010/04/15 17:59:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\桌面
[2010/04/15 17:59:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\收藏夹
[2010/04/15 17:59:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\「开始」菜单
[2010/04/15 17:59:02 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/04/15 17:56:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/15 17:53:55 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/04/15 17:53:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/15 17:52:52 | 000,000,000 | ---D | C] -- C:\Boot
[2010/04/15 16:07:22 | 000,000,000 | ---D | C] -- D:\Qz\Document\New Folder
[2010/04/15 16:07:22 | 000,000,000 | ---D | C] -- D:\Qz\Document\CMB
[2010/04/15 16:07:22 | 000,000,000 | ---D | C] -- D:\Qz\Document\Aspyr
[2010/04/15 16:07:22 | 000,000,000 | ---D | C] -- D:\Qz\Document\3dsmax
[2010/04/15 16:07:14 | 000,000,000 | ---D | C] -- D:\Qz\Document\Graphisoft
[2010/04/15 16:07:14 | 000,000,000 | ---D | C] -- D:\Qz\Document\facade3
[2010/04/15 16:07:07 | 000,000,000 | ---D | C] -- D:\Qz\Document\KONAMI
[2010/04/15 16:06:45 | 000,000,000 | ---D | C] -- D:\Qz\Document\My Games
[2010/04/15 16:06:43 | 000,000,000 | ---D | C] -- D:\Qz\Document\My Received Files
[2010/04/15 16:02:31 | 000,000,000 | ---D | C] -- D:\Qz\Document\My Works
[2010/04/15 16:02:13 | 000,000,000 | ---D | C] -- D:\Qz\Document\Qz-chan.com
[2010/04/15 16:02:12 | 000,000,000 | ---D | C] -- D:\Qz\Document\WSC Real 09
[2010/04/15 16:02:12 | 000,000,000 | ---D | C] -- D:\Qz\Document\Vic chatlogs
[2010/04/15 16:02:12 | 000,000,000 | ---D | C] -- D:\Qz\Document\QzIcons1
[2010/04/15 15:52:21 | 000,000,000 | ---D | C] -- D:\Qz\Document\Sports Interactive
[2010/04/15 15:51:55 | 000,000,000 | ---D | C] -- D:\Qz\Document\'08 May - Urban Recycle
[2010/04/15 15:50:19 | 000,000,000 | ---D | C] -- D:\Qz\Document\3D Models
[2010/04/15 15:50:19 | 000,000,000 | ---D | C] -- D:\Qz\Document\'08 Mar - Unplanned Periphery
[2010/04/15 15:44:09 | 000,000,000 | ---D | C] -- D:\Qz\Document\Installers
[2010/04/15 15:44:08 | 000,000,000 | ---D | C] -- D:\Qz\Document\Unplanned Periphery Mar '08
[2010/04/03 11:28:52 | 019,805,512 | ---- | C] (TuneUp Software) -- C:\Users\Administrator\AppData\Roaming\TU2010_EN_GB.exe
[2010/03/23 10:54:02 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/03/23 10:53:46 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010/03/23 10:53:46 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/03/23 10:53:46 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl71.dll

========== Files - Modified Within 30 Days ==========

[2010/04/20 01:03:57 | 001,310,720 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010/04/20 00:59:00 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/04/19 23:47:39 | 001,127,808 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/19 22:42:14 | 001,169,296 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/19 22:42:14 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/19 22:42:14 | 000,355,328 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/04/19 22:42:14 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/19 22:42:14 | 000,101,428 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/04/19 07:12:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/19 03:19:22 | 000,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2010/04/18 17:12:06 | 000,022,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 17:12:06 | 000,022,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 17:04:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/18 17:04:40 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/18 17:03:57 | 002,368,202 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010/04/18 11:22:07 | 000,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/04/18 11:02:31 | 000,000,032 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\CoreAVC.ini
[2010/04/18 08:10:08 | 000,178,216 | ---- | M] () -- D:\Qz\Document\人人网 校内 - 曾群智 (新加坡).pdf
[2010/04/18 08:01:31 | 000,275,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/17 17:14:12 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010/04/17 16:53:15 | 000,060,816 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/17 16:18:33 | 000,182,274 | ---- | M] () -- C:\Users\Administrator\Desktop\Log in _ Warez-BB.org.pdf
[2010/04/16 19:41:12 | 000,330,264 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2010/04/16 19:31:13 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/16 19:18:08 | 534,986,176 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/16 19:09:28 | 003,916,839 | R--- | M] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010/04/16 18:36:47 | 000,154,469 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2010/04/16 08:29:52 | 000,716,320 | ---- | M] (Secunia) -- C:\Users\Administrator\Desktop\PSISetup.exe
[2010/04/16 04:44:26 | 000,284,915 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer.zip
[2010/04/16 04:37:37 | 000,525,824 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/04/16 03:44:31 | 000,204,528 | RHS- | M] () -- C:\grldr
[2010/04/16 03:26:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/04/16 02:20:10 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/04/15 22:36:40 | 000,002,423 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/04/15 22:34:05 | 000,000,902 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/15 22:06:41 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/04/15 22:06:41 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/04/15 22:06:41 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/04/15 21:19:02 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/04/15 20:26:47 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 20:05:07 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2010/04/15 19:58:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2010/04/15 18:56:29 | 000,000,020 | ---- | M] () -- C:\Windows\System32\pub_store.dat
[2010/04/15 18:50:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/15 18:07:33 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/04/15 18:07:33 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 18:07:33 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/04/15 18:00:36 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
[2010/04/15 17:59:12 | 000,359,818 | RHS- | M] () -- C:\OEMSY
[2010/04/15 17:57:35 | 000,098,247 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/04/15 17:52:54 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/04/03 17:25:26 | 000,112,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\acaptuser32.dll
[2010/04/03 11:28:52 | 019,805,512 | ---- | M] (TuneUp Software) -- C:\Users\Administrator\AppData\Roaming\TU2010_EN_GB.exe
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/27 08:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini
[2010/03/23 10:54:02 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/03/23 10:53:46 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010/03/23 10:53:46 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/03/23 10:53:46 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl71.dll
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Users\Administrator\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2010/04/18 10:59:28 | 000,000,032 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\CoreAVC.ini
[2010/04/18 08:50:22 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2010/04/18 08:10:08 | 000,178,216 | ---- | C] () -- D:\Qz\Document\人人网 校内 - 曾群智 (新加坡).pdf
[2010/04/17 16:18:28 | 000,182,274 | ---- | C] () -- C:\Users\Administrator\Desktop\Log in _ Warez-BB.org.pdf
[2010/04/17 16:07:32 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010/04/16 19:18:08 | 534,986,176 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/16 19:10:17 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/16 19:10:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/16 19:10:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/16 19:10:17 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/16 19:10:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/16 18:36:46 | 000,154,469 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2010/04/16 08:14:47 | 003,916,839 | R--- | C] () -- C:\Users\Administrator\Desktop\ComboFix.exe
[2010/04/16 04:44:24 | 000,284,915 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer.zip
[2010/04/16 04:37:35 | 000,525,824 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2010/04/16 03:26:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/04/16 02:20:10 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010/04/15 22:29:04 | 000,007,787 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.cat
[2010/04/15 22:29:04 | 000,007,444 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.cat
[2010/04/15 22:29:04 | 000,007,368 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.cat
[2010/04/15 22:29:04 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symefa.inf
[2010/04/15 22:29:04 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnetv.inf
[2010/04/15 22:29:04 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symnet.inf
[2010/04/15 22:29:03 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.cat
[2010/04/15 22:29:03 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.cat
[2010/04/15 22:29:03 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.cat
[2010/04/15 22:29:03 | 000,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.cat
[2010/04/15 22:29:03 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.cat
[2010/04/15 22:29:03 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\symds.inf
[2010/04/15 22:29:03 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\cchpx86.inf
[2010/04/15 22:29:03 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtspx.inf
[2010/04/15 22:29:03 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\srtsp.inf
[2010/04/15 22:29:03 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\iron.inf
[2010/04/15 22:28:53 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\isolate.ini
[2010/04/15 22:06:41 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/04/15 22:06:41 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/04/15 22:06:34 | 000,002,423 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/04/15 21:19:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/15 20:30:11 | 001,127,808 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/15 20:26:47 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/15 20:05:07 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Update Plus.lnk
[2010/04/15 19:58:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SABI_01009.Wdf
[2010/04/15 19:55:20 | 000,001,202 | ---- | C] () -- C:\Windows\System32\WLL3141.cfgx
[2010/04/15 19:44:12 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys
[2010/04/15 19:44:12 | 000,088,592 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010/04/15 19:32:09 | 000,001,407 | ---- | C] () -- C:\Windows\System32\nvhda.nvu
[2010/04/15 19:32:01 | 000,010,155 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010/04/15 18:56:29 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2010/04/15 18:50:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/15 18:05:36 | 000,204,528 | RHS- | C] () -- C:\grldr
[2010/04/15 18:00:36 | 000,000,020 | -HS- | C] () -- C:\Users\Administrator\ntuser.ini
[2010/04/15 18:00:35 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/04/15 18:00:35 | 000,524,288 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/04/15 18:00:35 | 000,262,144 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat.LOG1
[2010/04/15 18:00:35 | 000,065,536 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/04/15 18:00:35 | 000,000,000 | -HS- | C] () -- C:\Users\Administrator\ntuser.dat.LOG2
[2010/04/15 18:00:34 | 001,310,720 | -HS- | C] () -- C:\Users\Administrator\NTUSER.DAT
[2010/04/15 17:59:12 | 000,359,818 | RHS- | C] () -- C:\OEMSY
[2010/04/15 17:53:38 | 2411,679,744 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/15 17:52:54 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010/04/15 17:52:53 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010/04/15 15:44:08 | 000,101,888 | ---- | C] () -- D:\Qz\Document\常青上课的推荐书目.doc
[2010/04/15 15:44:08 | 000,093,646 | ---- | C] () -- D:\Qz\Document\contacts.pdf
[2010/04/15 15:44:08 | 000,019,161 | ---- | C] () -- D:\Qz\Document\karina-09 Feb 2009.rtf
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/02/04 17:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll
[2006/09/13 19:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 09:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010/04/16 19:41:12 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:1CE11B51
< End of report >


OTL Extras logfile created on: 20/4/2010 1:01:59 AM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\Administrator\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.38 Gb Total Space | 39.02 Gb Free Space | 68.01% Space Free | Partition Type: NTFS
Drive D: | 114.75 Gb Total Space | 99.96 Gb Free Space | 87.11% Space Free | Partition Type: NTFS
Drive E: | 60.75 Gb Total Space | 24.45 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QZ-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\uusee\UUSeePlayer.exe" = D:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{016B44E3-9B6D-49B8-9CA3-B34B7545CEC1}" = O+
"{121C477C-5B7B-44E3-B621-BDDB542AE8FD}" = TuneUp Utilities Language Pack (en-GB)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{960C278D-E4F9-41AD-9073-1B663A7E8CAA}" = USB2.0 UVC WebCam
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A87A327-A07A-4C91-BB03-1F220434CD40}" = O+
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A738259E-000C-4678-9FD9-FB79D43FB21C}" = Secret of the Solstice
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Fran鏰is, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - EFG
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"HaoZip" = 好压
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"thunder_is1" = 迅雷5
"TuneUp Utilities" = TuneUp Utilities
"UUSEE" = UUSee 网络电视 [6.10.329.2]
"UUSEE_base" = UUSee 播放插件基础包 6.1.329.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"YU2010_is1" = Your Uninstaller! 2010
"迅雷看看播放器" = 迅雷看看播放器

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/4/2010 9:52:21 PM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/4/2010 9:52:21 PM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/4/2010 2:26:20 AM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/4/2010 2:26:20 AM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/4/2010 2:53:27 AM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 19/4/2010 8:13:02 AM | Computer Name = Qz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: Flash10e.ocx, version: 10.0.45.2, time
stamp: 0x4b5f8faa Exception code: 0xc0000005 Fault offset: 0x001eeb38 Faulting process
id: 0x3188 Faulting application start time: 0x01cadfb9582caddf Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash10e.ocx
Report
Id: e642c521-4bac-11df-af8f-001fe2ec61fc

Error - 19/4/2010 9:42:46 AM | Computer Name = Qz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: Scxpx86.dll, version: 9.1.2.5, time
stamp: 0x4ae767fd Exception code: 0xc0000005 Fault offset: 0x00017776 Faulting process
id: 0x3348 Faulting application start time: 0x01cadfb20e88d563 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\Scxpx86.dll
Report
Id: 6f24a043-4bb9-11df-af8f-001fe2ec61fc

Error - 19/4/2010 12:59:09 PM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/4/2010 12:59:09 PM | Computer Name = Qz-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 19/4/2010 1:00:12 PM | Computer Name = Qz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: Scxpx86.dll, version: 9.1.2.5, time
stamp: 0x4ae767fd Exception code: 0xc0000005 Fault offset: 0x00017776 Faulting process
id: 0x14d4 Faulting application start time: 0x01cadfd0158d076d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\Scxpx86.dll
Report
Id: 046691a3-4bd5-11df-af8f-001fe2ec61fc

[ System Events ]
Error - 17/4/2010 8:23:09 PM | Computer Name = Qz-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Installer service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
重新启动服务.

Error - 18/4/2010 3:32:34 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 18/4/2010 4:00:31 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 18/4/2010 9:36:17 AM | Computer Name = Qz-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 00-0C-F1-41-41-1B. Network operations
on this system may be disrupted as a result.

Error - 19/4/2010 1:28:30 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 19/4/2010 2:31:56 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 19/4/2010 2:43:57 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 19/4/2010 3:12:31 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 19/4/2010 11:38:46 AM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =

Error - 19/4/2010 12:02:48 PM | Computer Name = Qz-PC | Source = bowser | ID = 8003
Description =


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 20 April 2010 - 08:02 AM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 qzchan

qzchan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 20 April 2010 - 09:06 AM

I was unable to connect to gmer.net. So I downloaded the gmer scanner from http://www.windows7download.com/win7-gmer/cuavzuut.html. I hope it's the lastest version. Here's the scan result.

Thx,
Qz


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-20 22:03:19
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipoc.sys


---- System - GMER 1.0.15 ----

SSDT 8927E110 ZwAlertResumeThread
SSDT 89225048 ZwAlertThread
SSDT 8933EF80 ZwAllocateVirtualMemory
SSDT 88419280 ZwAlpcConnectPort
SSDT 892CB790 ZwAssignProcessToJobObject
SSDT 89348980 ZwCreateMutant
SSDT 8934D720 ZwCreateSymbolicLinkObject
SSDT 8933FE70 ZwCreateThread
SSDT 8934DC70 ZwCreateThreadEx
SSDT 892A89D0 ZwDebugActiveProcess
SSDT 8933C768 ZwDuplicateObject
SSDT 8933EDB0 ZwFreeVirtualMemory
SSDT 8926FA10 ZwImpersonateAnonymousToken
SSDT 8928D090 ZwImpersonateThread
SSDT 88419470 ZwLoadDriver
SSDT 8933EC50 ZwMapViewOfSection
SSDT 89271D50 ZwOpenEvent
SSDT 8933F898 ZwOpenProcess
SSDT 89237D88 ZwOpenProcessToken
SSDT 892966F0 ZwOpenSection
SSDT 8933C878 ZwOpenThread
SSDT 8934C570 ZwProtectVirtualMemory
SSDT 8865C780 ZwResumeThread
SSDT 88655768 ZwSetContextThread
SSDT 8933E9F8 ZwSetInformationProcess
SSDT 892969D0 ZwSetSystemInformation
SSDT 89274250 ZwSuspendProcess
SSDT 8865F240 ZwSuspendThread
SSDT 89232968 ZwTerminateProcess
SSDT 886554E8 ZwTerminateThread
SSDT 892336A8 ZwUnmapViewOfSection
SSDT 8933C208 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 84027AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 84027104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 840273F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8400F634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8400F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 840271DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 84027958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 840276F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 84027F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 840281A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 840798E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 840993D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139B 840A0668 8 Bytes [10, E1, 27, 89, 48, 50, 22, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 840A0680 4 Bytes [80, EF, 33, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 840A068C 4 Bytes [80, 92, 41, 88]
.text ntoskrnl.exe!KeRemoveQueueEx + 1413 840A06E0 4 Bytes [90, B7, 2C, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 840A075C 4 Bytes [80, 89, 34, 89]
.text ...
.text peauth.sys 9CAA7C9D 28 Bytes [15, 36, 12, 3A, 7F, FC, 5D, ...]
.text peauth.sys 9CAA7CC1 28 Bytes [15, 36, 12, 3A, 7F, FC, 5D, ...]
PAGE peauth.sys 9CAAE02C 102 Bytes [96, 70, CC, C6, 8D, 40, EB, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtProtectVirtualMemory 76E95360 5 Bytes JMP 0025000A
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!NtWriteVirtualMemory 76E95EE0 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[1012] ntdll.dll!KiUserExceptionDispatcher 76E96448 5 Bytes JMP 0024000A
.text C:\Windows\system32\svchost.exe[1012] ole32.dll!CoCreateInstance 762057FC 5 Bytes JMP 00EE000A
.text C:\Windows\system32\svchost.exe[1012] USER32.dll!GetCursorPos 7532C198 5 Bytes JMP 00EF000A
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtProtectVirtualMemory 76E95360 5 Bytes JMP 0040000A
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!NtWriteVirtualMemory 76E95EE0 5 Bytes JMP 0041000A
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!KiUserExceptionDispatcher 76E96448 5 Bytes JMP 003F000A
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3772] kernel32.dll!SetUnhandledExceptionFilter 76843142 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000082 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000084 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000084 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device -> \Driver\iaStor \Device\Harddisk0\DR0 8816EAC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2ec61fc
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2ec61fc (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Edited by qzchan, 20 April 2010 - 09:07 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 20 April 2010 - 02:35 PM

Hi,

please just let me know when you can not access a site. I don't know windows7downloads and can not say if the downloads are trustworthy or not.

The scan from gmer seems fine though.

It showas, that you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 qzchan

qzchan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 20 April 2010 - 05:15 PM

Hi, I apologise for acting on my own. Will let you know if I cant perform certain steps as instructed.

Here's the CF log.

ComboFix 10-04-19.08 - Administrator 4/2010 Wed 5:53.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.936.86.2052.18.3067.2213 [GMT 8:00]
执行位置: c:\users\Administrator\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* 成功创造新还原点
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\struct~.ini

发现受感染 c:\windows\system32\Drivers\ksecpkg.sys 并且成功解毒
从 - Kitty ate it tongue.gif 恢复原来档案
.
((((((((((((((((((((((((( 2010-03-20 至 2010-04-20 的新的档案 )))))))))))))))))))))))))))))))
.

2010-04-20 21:58 . 2010-04-20 22:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-20 21:58 . 2010-04-20 21:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-20 21:58 . 2010-04-20 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-20 18:38 . 2010-04-15 14:28 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\NAVEX15.SYS
2010-04-20 18:38 . 2010-04-15 14:28 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\NAVENG.SYS
2010-04-20 18:38 . 2010-04-15 14:28 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\NAVENG32.DLL
2010-04-20 18:38 . 2010-04-15 14:28 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\NAVEX32A.DLL
2010-04-20 18:38 . 2010-04-15 14:28 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\EECTRL.SYS
2010-04-20 18:38 . 2010-04-15 14:28 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\CCERASER.DLL
2010-04-20 18:38 . 2010-04-15 14:28 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\ECMSVR32.DLL
2010-04-20 18:38 . 2010-04-15 14:28 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20100420.008\ERASER.SYS
2010-04-19 00:04 . 2010-04-19 01:50 -------- d-----w- c:\users\Administrator\AppData\Local\Microsoft Games
2010-04-18 02:28 . 2009-08-19 15:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-04-18 00:21 . 2010-04-18 00:21 38784 ----a-w- c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-18 00:21 . 2010-04-18 00:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-18 00:21 . 2010-04-18 00:21 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-17 09:13 . 2009-08-19 15:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-04-17 08:16 . 2010-04-18 00:26 -------- d-----w- c:\programdata\FLEXnet
2010-04-17 08:08 . 2010-04-17 08:08 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-04-17 08:08 . 2010-04-17 08:14 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-04-17 08:04 . 2010-04-17 09:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-17 02:22 . 2009-11-17 00:51 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\Scxpx86.dll
2010-04-17 02:22 . 2009-11-17 00:51 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\IDSxpx86.dll
2010-04-17 02:22 . 2009-11-17 00:51 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\IDSviA64.sys
2010-04-17 02:22 . 2009-11-17 00:51 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys
2010-04-17 02:22 . 2009-11-17 00:51 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\IDSXpx86.sys
2010-04-16 20:27 . 2010-04-16 20:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\Secret of the Solstice
2010-04-16 13:59 . 2010-04-16 13:59 -------- d-----w- c:\users\Administrator\AppData\Local\Outspark
2010-04-16 13:56 . 2010-04-16 13:56 -------- d-----w- c:\program files\Outspark
2010-04-16 13:55 . 2010-04-20 21:47 -------- d-----w- c:\users\Administrator\AppData\Local\PMB Files
2010-04-16 13:55 . 2010-04-16 13:56 -------- d-----w- c:\programdata\PMB Files
2010-04-16 13:55 . 2010-04-16 13:55 -------- d-----w- c:\program files\Pando Networks
2010-04-16 01:09 . 2010-04-16 10:59 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-16 00:30 . 2010-04-16 00:30 -------- d-----w- c:\program files\Secunia
2010-04-15 19:26 . 2010-04-15 19:26 -------- d-----w- c:\program files\Synaptics
2010-04-15 18:20 . 2010-04-15 18:20 52224 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-15 18:20 . 2010-04-16 09:14 117760 ----a-w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-15 18:20 . 2010-04-15 18:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-15 18:20 . 2010-04-15 18:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-15 18:20 . 2010-04-15 18:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2010-04-15 18:18 . 2010-04-15 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-15 15:37 . 2010-04-15 15:37 -------- d-----w- c:\programdata\Messenger Plus!
2010-04-15 15:34 . 2010-04-15 15:34 -------- d-----w- c:\program files\Messenger Plus! Live
2010-04-15 15:17 . 2010-04-15 15:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\URSoft
2010-04-15 15:17 . 2010-04-15 15:17 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-04-15 15:11 . 2010-04-15 15:11 4894720 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Arsenal1.tls.dll
2010-04-15 15:09 . 2010-04-15 15:09 3940352 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Arsenal.tls.dll
2010-04-15 15:07 . 2010-04-16 11:19 -------- d-----w- c:\windows\system32\catroot2
2010-04-15 14:29 . 2009-11-17 00:51 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100409.001\Scxpx86.dll
2010-04-15 14:29 . 2009-11-17 00:51 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100409.001\IDSxpx86.dll
2010-04-15 14:29 . 2009-11-17 00:51 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100409.001\IDSviA64.sys
2010-04-15 14:29 . 2009-11-17 00:51 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100409.001\IDSvix86.sys
2010-04-15 14:29 . 2009-11-17 00:51 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100409.001\IDSXpx86.sys
2010-04-15 14:29 . 2010-02-04 01:40 340016 ----a-w- c:\windows\system32\drivers\symtdiv.sys
2010-04-15 14:29 . 2010-02-04 01:40 172592 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-04-15 14:29 . 2010-02-27 02:23 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-04-15 14:29 . 2010-02-27 02:23 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-04-15 14:29 . 2010-02-25 23:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-04-15 14:29 . 2009-10-15 03:50 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-04-15 13:19 . 2010-04-15 13:19 0 ----a-w- c:\windows\nsreg.dat
2010-04-15 13:19 . 2010-04-15 13:19 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2010-04-15 13:07 . 2010-04-20 14:09 -------- d-----w- c:\users\Administrator\Tracing
2010-04-15 12:57 . 2010-04-15 12:57 -------- d-----w- C:\SymNRA
2010-04-15 12:42 . 2010-04-15 12:42 -------- d-----w- c:\users\Administrator\AppData\Local\Symantec
2010-04-15 12:42 . 2010-04-15 12:42 -------- d-----w- c:\users\Administrator\AppData\Roaming\Tific
2010-04-15 12:32 . 2010-04-15 12:32 -------- d-----w- c:\programdata\NVIDIA
2010-04-15 12:26 . 2010-04-15 12:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-04-15 12:26 . 2010-03-29 16:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-15 12:26 . 2010-04-15 12:26 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 12:26 . 2010-03-29 16:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-15 12:26 . 2010-04-15 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-15 12:11 . 2010-04-15 12:11 -------- d-----w- c:\windows\CheckSur
2010-04-15 12:10 . 2009-10-07 02:30 246784 ----a-w- c:\windows\system32\drivers\udfs.sys
2010-04-15 12:06 . 2009-09-17 03:00 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2010-04-15 12:02 . 2010-04-15 12:02 -------- d-----w- C:\Intel
2010-04-15 12:02 . 2010-04-16 11:41 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-04-15 12:02 . 2010-04-15 12:03 -------- d-----w- c:\program files\Intel
2010-04-15 12:01 . 2010-04-15 12:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-15 11:58 . 2010-04-15 12:00 -------- d-----w- c:\programdata\SAMSUNG
2010-04-15 11:58 . 2009-05-28 07:38 10752 ----a-w- c:\windows\system32\drivers\SABI.sys
2010-04-15 11:57 . 2010-04-15 12:05 -------- d-----w- c:\program files\Samsung
2010-04-15 11:57 . 2010-04-15 11:57 -------- d-----w- c:\windows\CU
2010-04-15 11:56 . 2010-04-15 11:57 -------- d-----w- c:\program files\Atheros Client Installation Program
2010-04-15 11:55 . 2009-11-19 03:15 2824704 ----a-w- c:\windows\system32\AInst3141.exe
2010-04-15 11:53 . 2010-04-15 11:53 -------- d-----w- c:\windows\system32\RTCOM
2010-04-15 11:53 . 2010-04-15 11:53 -------- d-----w- c:\program files\Realtek
2010-04-15 11:53 . 2009-08-10 08:21 485920 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-15 11:51 . 2010-04-15 11:51 -------- d-----w- c:\program files\LSI SoftModem
2010-04-15 11:44 . 2009-07-03 03:29 1436560 ----a-w- c:\windows\system32\drivers\StkCMini.sys
2010-04-15 11:44 . 2009-06-12 11:23 88592 ----a-w- c:\windows\StkUnist.exe
2010-04-15 11:44 . 2009-06-11 07:16 113168 ----a-w- c:\windows\StkC112X.exe
2010-04-15 11:44 . 2009-06-11 07:15 347152 ----a-w- c:\windows\VideoView.exe
2010-04-15 11:44 . 2009-05-03 07:05 55824 ----a-w- c:\windows\system32\StkSSrv.dll
2010-04-15 11:44 . 2009-05-03 07:05 76304 ----a-w- c:\windows\system32\StkCWIA.dll
2010-04-15 11:44 . 2009-05-03 07:05 31248 ----a-w- c:\windows\system32\StkCSrv.exe
2010-04-15 11:44 . 2009-05-03 07:04 197648 ----a-w- c:\windows\system32\drivers\StkCSF.sys
2010-04-15 11:44 . 2008-01-16 11:28 12940048 ----a-w- c:\windows\system32\drivers\StkCPipe.sys
2010-04-15 11:44 . 2010-04-16 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-15 11:43 . 2010-04-15 11:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\InstallShield
2010-04-15 11:34 . 2010-04-15 11:34 -------- d-----w- c:\program files\WIDCOMM
2010-04-15 11:33 . 2010-04-15 11:33 -------- d-----w- c:\program files\DIFX
2010-04-15 11:33 . 2010-04-15 11:33 -------- d-----w- c:\program files\Microsoft
2010-04-15 11:31 . 2010-04-15 11:31 -------- d-----w- c:\windows\PCHEALTH
2010-04-15 11:20 . 2010-04-16 08:05 -------- d-----w- c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2010-04-15 11:17 . 2010-04-15 11:17 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-15 11:16 . 2010-04-17 08:53 60816 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-15 11:09 . 2010-04-18 00:52 -------- d-----w- c:\program files\Common Files\uusee
2010-04-15 11:08 . 2010-04-15 11:08 -------- d-----w- c:\windows\system32\Macromed
2010-04-15 10:58 . 2010-04-18 13:35 -------- d-----w- c:\users\Administrator\AppData\Local\CrashDumps
2010-04-15 10:56 . 2010-04-15 10:56 -------- d-----w- c:\users\Public\Real
2010-04-15 10:56 . 2010-04-15 10:56 20 ----a-w- c:\windows\system32\pub_store.dat
2010-04-15 10:56 . 2010-04-15 10:56 -------- d-----w- c:\programdata\Thunder Network
2010-04-15 10:56 . 2010-04-16 23:03 -------- d-----w- c:\users\Public\Thunder Network
2010-04-15 10:56 . 2010-04-15 10:56 -------- d-----w- c:\program files\Common Files\Thunder Network
2010-04-15 10:35 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-15 10:31 . 2010-04-15 10:31 -------- d-----w- c:\windows\system32\Spool\prtprocs\w32x86\en-US
2010-04-15 10:29 . 2010-04-15 14:06 -------- d-----w- c:\program files\Symantec
2010-04-15 10:29 . 2010-04-15 14:36 -------- d-----w- c:\windows\system32\drivers\NIS
2010-04-15 10:29 . 2010-04-15 14:06 -------- d-----w- c:\programdata\Norton
2010-04-15 10:28 . 2010-04-15 14:06 -------- d-----w- c:\programdata\NortonInstaller
2010-04-15 10:25 . 2010-02-24 02:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-15 10:22 . 2010-02-25 03:22 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-15 10:19 . 2010-02-25 03:15 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-04-15 10:19 . 2010-02-25 03:15 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-15 10:19 . 2010-04-15 10:19 -------- d-----w- c:\users\Administrator\AppData\Roaming\TuneUp Software

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 21:56 . 2009-07-14 08:27 355328 ----a-w- c:\windows\system32\prfh0804.dat
2010-04-20 21:56 . 2009-07-14 08:27 101428 ----a-w- c:\windows\system32\prfc0804.dat
2010-04-20 21:46 . 2009-07-13 23:34 133200 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-15 19:26 . 2010-04-15 19:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-04-15 14:33 . 2010-04-15 14:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-15 14:06 . 2010-04-15 14:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-15 14:06 . 2010-04-15 14:06 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-15 14:06 . 2010-04-15 14:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-15 14:06 . 2010-04-15 14:06 -------- d-----w- c:\program files\Norton Internet Security
2010-03-08 21:33 . 2010-04-15 10:15 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07 . 2010-04-15 10:15 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-15 10:15 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-15 10:15 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-15 10:15 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-15 10:15 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-26 02:33 . 2010-02-26 02:33 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-02-26 02:31 . 2010-02-26 02:31 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-02-26 02:31 . 2010-02-26 02:31 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-02-26 02:31 . 2010-02-26 02:31 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-02-26 02:31 . 2010-02-26 02:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-02-02 07:45 . 2010-04-15 10:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-29 05:46 . 2009-12-23 06:58 6559393 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WIN7.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-16_11.31.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-20 21:52 . 2010-04-20 21:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-16 08:56 . 2010-04-16 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D90D33C-DE76-42D0-9040-E4466DDC24AC}]
2010-03-31 06:42 141008 ----a-w- d:\program files\Thunder Network\Thunder\Program\EmbedDetectNow.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-16 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-03-29 20824]
R3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-03-29 303952]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\SYMEFA.SYS [2010-02-04 172592]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1106000.020\ccHPx86.sys [2010-02-25 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100415.001\IDSvix86.sys [2009-11-17 343088]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\Ironx86.SYS [2010-02-27 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1106000.020\SYMTDIV.SYS [2010-02-04 340016]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-25 126392]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2009-05-03 31248]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-15 102448]
S3 netw5v32;适用于 Windows Vista 32 位的 Intel® Wireless WiFi 链接 5000 系列适配器驱动程序;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2009-07-03 1436560]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.arsenal-world.co.uk/
mStart Page = hxxp://www.2345.com/index.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: 使用UUSee下载 - d:\program files\uusee\geturltodown.htm
IE: 使用UUSee加速播放 - d:\program files\uusee\geturltoplay.htm
IE: 使用迅雷下载 - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷查看图片 - d:\program files\Thunder Network\Thunder\Program\repairimage.htm
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - d:\program files\Thunder Network\Thunder\Program\repairimage.htm
IE: {{998A88A0-A355-809B-831C-B83A80000991} - http://www.ugege.com/
IE: {{998A88A0-A355-809B-831C-B83A80000992} - d:\program files\uusee\UUSeePlayer.exe
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jp0znw5q.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(557).dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: d:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

---- 火狐配置文件 ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-klmdb.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,0e,39,1a,23,dd,b6,44,b3,ba,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,0e,39,1a,23,dd,b6,44,b3,ba,3e,\

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
@=""
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
@=""
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
@=""
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
@=""
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2789408885-3468359723-3425312017-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\windows\system32\conhost.exe
c:\program files\Secunia\PSI\psi.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
完成时间: 2010-04-21 06:03:28 - 电脑已重新启动
ComboFix-quarantined-files.txt 2010-04-20 22:03

Pre-Run: 41,243,430,912 bytes free
Post-Run: 43,844,595,712 bytes free

- - End Of File - - ADC64ADCB152A7FB3228712893A6B594


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 21 April 2010 - 04:21 AM

Hi,

the log is looking promising how is your pc doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 qzchan

qzchan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 21 April 2010 - 05:27 AM

I have to say it seems like everything is normal. I checked the NIS log for the morning, no sign of attack. thumbup.gif

Windows update is working again too.

THXS!

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 21 April 2010 - 06:48 AM

Hi,

happy to hear that! smile.gif

just to be safe, I'd like you to run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 qzchan

qzchan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 21 April 2010 - 09:07 AM

Hi, I'm not sure if it's normal.. It took forever for the downloading of virus signature to finish. The scan was really quick though.

However, I was unable to perform instructions 9-12

This is the screen capture of the scanner after completion.

regards
Qz

Attached Files

  • Attached File  Eset.jpg   45.14KB   4 downloads


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 21 April 2010 - 01:03 PM

Hi,

this is looking good, if you don't have any more problems, all that is left to do is to remove the programs we used:
Please do the following to clean up your PC:
  1. Delete the tools used during the disinfection:
  2. Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTC from the following mirror and save it to your desktop:
    • Double click on
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  3. If OTC faild to remove all programs from your Desktop, please delete the rest manually.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 qzchan

qzchan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 21 April 2010 - 01:18 PM

thumbup2.gif All done.

I'm already running almost all of the programs u had listed out. lol

Thx once again!!!!

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:21 AM

Posted 27 April 2010 - 08:41 AM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users