Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Hijacked


  • This topic is locked This topic is locked
21 replies to this topic

#1 chrono314

chrono314

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 12 November 2011 - 03:09 PM

Hi, I'm currently running Windows 7 on a sony viao that I haven't used in a while. It seems that internet explorer is opening up on its own and sucking up memory. Does anyone know what's wrong? I ran ad-aware and it seems like it wasn't effective. Here's my hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:08:41 PM, on 11/12/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/2121/aliedit.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = princeton.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = princeton.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = princeton.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 10065 bytes

Can anyone help me?
Thanks!

Edited by Orange Blossom, 12 November 2011 - 03:30 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 12 November 2011 - 04:52 PM

My internet explorer is opening up randomly and sometimes it hides processes that take up memory. I have currently uninstalled ie.
Here is the DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Sida at 15:37:09 on 2011-11-12
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3963.1962 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Users\Sida\Downloads\windows-kb890830-x64-v4.2.exe
c:\3b8043efd77b30bcbd348e38\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.392.com/?5891#
uSearchURL,(Default) = hxxp://ie.123.com.cn/?wd={searchTerms}&ie=utf-8
mSearchAssistant = hxxp://www.123.com.cn/?ie8
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [googletalk] C:\Users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Sida\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 128.112.133.220 128.112.128.1 128.112.129.32
TCP: Interfaces\{CB09B296-E789-4499-8D36-C314C64EC8E2} : DhcpNameServer = 128.112.133.220 128.112.128.1 128.112.129.32
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537} : DhcpNameServer = 128.112.129.111 128.112.129.32 128.112.128.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\2375942554839313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\34D43434 : DhcpNameServer = 221.130.33.52 221.130.33.60
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\3637671607F627E65647 : DhcpNameServer = 128.112.136.10 128.112.136.12
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\B4566796E602845716E676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\C696E6B6379737 : DhcpNameServer = 220.115.240.242 220.115.240.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun-x64: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(118).dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Thunder Extension: {1B33E42F-EF14-4cd3-B6DC-174571C4349C} - %profile%\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-6 104960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-8-28 24652]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-6 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-6 110376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-12 20:35:07 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
2011-11-12 20:34:51 304128 ----a-w- C:\Windows\IsUninst.exe
2011-11-12 20:16:27 -------- d-----w- C:\Program Files (x86)\Final Fantasy VII
2011-11-12 19:56:18 -------- d-----w- C:\3b8043efd77b30bcbd348e38
2011-11-12 12:47:05 -------- d-----w- C:\6ca9d3769a3c79d322307dd08f
2011-11-12 10:48:48 -------- d-----w- C:\0feb16ecc2788eb9f8606e02685a0b94
2011-11-12 10:46:51 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-12 10:46:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-12 10:46:50 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-12 10:46:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-12 10:46:50 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-12 09:15:55 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-11-12 00:39:31 -------- d-----w- C:\Riot Games
2011-11-12 00:21:27 -------- d-----w- C:\Program Files\LeagueOfLegends
2011-11-12 00:14:16 -------- d-----w- C:\Program Files\CCleaner
2011-11-12 00:07:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\offreg.dll
2011-11-12 00:07:00 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\mpengine.dll
2011-11-11 21:41:02 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-11-11 21:41:02 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-11-11 21:41:00 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-11-11 21:14:26 -------- d-----w- C:\Program Files\LOL
2011-11-11 12:07:38 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-11-11 12:07:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-11-11 12:07:38 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-11-11 12:07:37 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-11-11 12:07:37 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-11-11 12:07:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-11-11 12:07:37 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-11-11 12:07:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-11 12:07:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-11 12:07:28 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-11 12:07:10 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-11 06:30:24 388096 ----a-r- C:\Users\Sida\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 04:26:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-11 01:43:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-11 01:06:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 01:03:45 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-11 01:00:17 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-10 23:51:07 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-11-10 23:09:54 -------- d-----w- C:\Users\Sida\AppData\Roaming\GOmXA8zmTN5Tx
2011-11-10 23:08:57 -------- d-----w- C:\Users\Sida\AppData\Roaming\yA9nUalQBdNKxK0
2011-11-10 23:07:59 -------- d-----w- C:\Users\Sida\AppData\Roaming\S1kEDeKFrL
2011-11-10 23:06:59 -------- d-----w- C:\Users\Sida\AppData\Roaming\uvjQx93lZ4PTavC
2011-11-10 23:05:58 -------- d-----w- C:\Users\Sida\AppData\Roaming\Vs1kd2VKFrRGxq4
2011-11-10 23:04:50 -------- d-----w- C:\Users\Sida\AppData\Roaming\ol4Tx6IFRxHC17B
2011-11-10 23:03:50 -------- d-----w- C:\Users\Sida\AppData\Roaming\FBJNdydzH
2011-11-10 23:03:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\p5Q6WfLXYCkVzNA
2011-11-10 23:03:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\LG5Q6WfLXYCkVzN
2011-11-10 23:03:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\L5Q6WfLXYCkVzNA
2011-11-10 23:03:44 -------- d-----w- C:\Users\Sida\AppData\Roaming\iwwUeBzNx1v2b3m
2011-11-10 23:03:44 -------- d-----w- C:\Users\Sida\AppData\Roaming\d9wwUeBzNx1v2b3
2011-11-10 23:03:37 -------- d-----w- C:\Users\Sida\AppData\Roaming\xunW9Yl0DaJZktS
2011-11-10 23:03:33 -------- d-----w- C:\Users\Sida\AppData\Roaming\BgkPDH8wxvmLXtA
2011-11-10 23:03:30 -------- d-----w- C:\Users\Sida\AppData\Roaming\XdYBupETrupWXB0
2011-11-10 23:03:27 -------- d-----w- C:\Users\Sida\AppData\Roaming\w3KY0GfV2Qgr1
2011-11-10 23:03:21 -------- d-----w- C:\Users\Sida\AppData\Roaming\wX1JUAGLVisqO
2011-11-10 23:03:21 -------- d-----w- C:\Users\Sida\AppData\Roaming\UX1JUAGLVisqOb
2011-11-10 23:02:51 -------- d-----w- C:\Users\Sida\AppData\Roaming\VrHemVbX2hbg
2011-11-10 23:02:48 -------- d-----w- C:\Users\Sida\AppData\Roaming\kYv818NHIaw4VF
2011-11-10 23:02:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\UpjiTcdtQe4
2011-11-10 23:02:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\jcLSTihnw4
2011-11-10 23:02:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\dpjiTcdtQe4C
2011-11-10 23:02:43 -------- d-----w- C:\Users\Sida\AppData\Roaming\RorJ0K2wFjFkGCD
2011-11-10 23:02:40 -------- d-----w- C:\Users\Sida\AppData\Roaming\xJk3Lrn9tahiLBd
2011-11-10 23:02:31 -------- d-----w- C:\Users\Sida\AppData\Roaming\IDElvJUiJwDdeSd
2011-11-10 23:02:29 -------- d-----w- C:\Users\Sida\AppData\Roaming\VGjuKkiRViKIiJV
2011-11-10 23:02:29 -------- d-----w- C:\Users\Sida\AppData\Roaming\ImjuKkiRViKIiJV
2011-11-10 18:59:41 -------- d-----we C:\Windows\system64
2011-11-10 18:56:30 -------- d-----w- C:\Users\Sida\AppData\Roaming\B02D9
2011-11-10 18:56:30 -------- d-----w- C:\Program Files (x86)\LP
2011-11-09 02:23:43 -------- d-----w- C:\7673625bb3e861d14f386f84f8afbc
2011-11-08 18:56:34 81920 ----a-w- C:\Windows\SysWow64\devcon.exe
2011-11-08 18:56:34 81920 ----a-w- C:\Windows\System32\devcon.exe
2011-11-06 09:06:42 -------- d-----r- C:\Users\Sida\Dropbox
2011-11-06 09:05:44 -------- d-----w- C:\Users\Sida\AppData\Roaming\Dropbox
2011-11-05 05:30:21 -------- d-----w- C:\Program Files (x86)\SogouInput
2011-11-05 05:30:21 -------- d-----w- C:\Program Files (x86)\SogouExtension
2011-11-05 05:30:09 0 ----a-w- C:\Windows\SysWow64\nsdA676.tmp
2011-11-05 05:19:33 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-11-05 05:19:33 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-11-05 04:59:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-11-05 04:59:06 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-11-05 04:57:38 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-05 04:56:50 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-11-05 04:55:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:54:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-05 04:52:31 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-11-05 04:52:31 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-11-05 04:52:31 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-11-05 04:52:31 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-11-01 09:26:08 -------- d-----w- C:\Windows\SysWow64\data
2011-10-31 08:38:59 -------- d-----w- C:\Users\Sida\riotsGamesLogs
2011-10-31 08:38:28 -------- d-----w- C:\Users\Sida\AppData\Roaming\LolClient
2011-10-31 07:14:11 -------- d-----w- C:\Program Files (x86)\LOL
2011-10-31 07:12:50 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-10-21 06:22:59 -------- d-----w- C:\Users\Sida\AppData\Local\LogMeIn Hamachi
2011-10-21 06:21:11 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-10-21 06:16:05 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-21 05:56:09 -------- d-----w- C:\Users\Sida\AppData\Roaming\.minecraft
.
==================== Find3M ====================
.
2011-11-11 04:26:58 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-11-11 04:26:58 76800 ----a-w- C:\Windows\System32\tdc.ocx
2011-11-11 04:26:58 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2011-11-11 04:26:58 135168 ----a-w- C:\Windows\System32\IEAdvpack.dll
2011-11-11 04:26:58 111616 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-11 04:26:57 448512 ----a-w- C:\Windows\System32\html.iec
2011-11-11 04:26:56 85504 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-11 04:26:53 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-11 04:26:52 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-11 04:26:52 165888 ----a-w- C:\Windows\System32\iexpress.exe
2011-11-11 04:26:52 160256 ----a-w- C:\Windows\System32\wextract.exe
2011-11-11 04:26:51 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-09-15 10:51:18 4706672 ----a-w- C:\Windows\System32\SogouPY.ime
2011-09-15 10:51:18 2692464 ----a-w- C:\Windows\SysWow64\SogouPy.ime
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:32:24 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-07-17 15:59:52 1515380 --sh--r- C:\Windows\SysWOW64\8F00B2\1D8CD9.EXE
.
============= FINISH: 15:49:04.17 ===============
Here is the
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-12 16:51:50
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338a47e9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338a47e9@58170c95698d 0x37 0x05 0x3D 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0xC1 0xCD 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x38 0x8E 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB4 0x50 0x06 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338a47e9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338a47e9@58170c95698d 0x37 0x05 0x3D 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6B 0x8F 0xC8 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0x38 0x8E 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB4 0x50 0x06 0xAC ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Sida\Documents\Azureus Downloads\DIABLO II LOD Expansion CloneCD\diablo2expans_o_tradu__o.exe\diablo2expans 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Sida\Documents\Azureus Downloads\DIABLO II LOD Expansion CloneCD\diablo2_tradu 1

---- EOF - GMER 1.0.15 ----

Can someone help me with this problem?
Thanks

Edited by Orange Blossom, 13 November 2011 - 12:57 AM.
Merged topics. ~ OB


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,623 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 AM

Posted 17 November 2011 - 03:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427584 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 19 November 2011 - 12:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 20 November 2011 - 12:05 PM

Hi Gringo, this is my .logs from DDS.
The problem is that I keep getting redirected from google search links.
Here are the DDS and the Attach

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Sida at 11:53:45 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3963.2785 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\SogouInput\6.0.0.6236\ImeUtil.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.392.com/?5891#
uSearchURL,(Default) = hxxp://ie.123.com.cn/?wd={searchTerms}&ie=utf-8
mSearchAssistant = hxxp://www.123.com.cn/?ie8
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [googletalk] C:\Users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Sida\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: Interfaces\{CB09B296-E789-4499-8D36-C314C64EC8E2} : DhcpNameServer = 128.112.133.220 128.112.128.1 128.112.129.32
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537} : DhcpNameServer = 128.112.129.111 128.112.129.32 128.112.128.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\2375942554839313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\34D43434 : DhcpNameServer = 221.130.33.52 221.130.33.60
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\3637671607F627E65647 : DhcpNameServer = 128.112.136.10 128.112.136.12
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\B4566796E602845716E676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\C696E6B6379737 : DhcpNameServer = 220.115.240.242 220.115.240.246
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No File
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun-x64: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(118).dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Thunder Extension: {1B33E42F-EF14-4cd3-B6DC-174571C4349C} - %profile%\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-6 104960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-8-28 24652]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-17 366152]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\system32\drivers\Mkd2Nadr.sys --> C:\Windows\system32\drivers\Mkd2Nadr.sys [?]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-6 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-6 110376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-20 16:55:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\offreg.dll
2011-11-18 20:08:29 -------- d-----w- C:\Program Files (x86)\Baidu
2011-11-18 20:08:27 -------- d-----w- C:\ProgramData\Baidu
2011-11-18 20:08:25 -------- d-----w- C:\Users\Sida\AppData\Roaming\TTPlayer
2011-11-17 17:40:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\Malwarebytes
2011-11-17 17:40:34 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-17 17:40:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-15 18:58:59 -------- d-----w- C:\Users\Sida\AppData\Local\ElevatedDiagnostics
2011-11-14 23:41:01 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-11-12 20:35:07 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
2011-11-12 20:34:51 304128 ----a-w- C:\Windows\IsUninst.exe
2011-11-12 20:16:27 -------- d-----w- C:\Program Files (x86)\Final Fantasy VII
2011-11-12 12:47:05 -------- d-----w- C:\6ca9d3769a3c79d322307dd08f
2011-11-12 10:48:48 -------- d-----w- C:\0feb16ecc2788eb9f8606e02685a0b94
2011-11-12 10:46:51 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-12 10:46:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-12 10:46:50 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-12 10:46:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-12 10:46:50 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-12 09:15:55 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-11-12 00:39:31 -------- d-----w- C:\Riot Games
2011-11-12 00:21:27 -------- d-----w- C:\Program Files\LeagueOfLegends
2011-11-12 00:14:16 -------- d-----w- C:\Program Files\CCleaner
2011-11-12 00:07:00 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\mpengine.dll
2011-11-11 21:41:02 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-11-11 21:41:02 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-11-11 21:41:00 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-11-11 21:14:26 -------- d-----w- C:\Program Files\LOL
2011-11-11 12:07:38 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-11-11 12:07:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-11-11 12:07:38 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-11-11 12:07:37 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-11-11 12:07:37 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-11-11 12:07:37 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-11-11 12:07:37 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-11-11 12:07:33 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-11 12:07:33 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-11 12:07:28 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-11 12:07:10 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-11 06:30:24 388096 ----a-r- C:\Users\Sida\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 04:26:59 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-11 01:43:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-11 01:06:27 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 01:03:45 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-11 01:00:17 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-10 23:51:07 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-11-10 23:09:54 -------- d-----w- C:\Users\Sida\AppData\Roaming\GOmXA8zmTN5Tx
2011-11-10 23:08:57 -------- d-----w- C:\Users\Sida\AppData\Roaming\yA9nUalQBdNKxK0
2011-11-10 23:07:59 -------- d-----w- C:\Users\Sida\AppData\Roaming\S1kEDeKFrL
2011-11-10 23:06:59 -------- d-----w- C:\Users\Sida\AppData\Roaming\uvjQx93lZ4PTavC
2011-11-10 23:05:58 -------- d-----w- C:\Users\Sida\AppData\Roaming\Vs1kd2VKFrRGxq4
2011-11-10 23:04:50 -------- d-----w- C:\Users\Sida\AppData\Roaming\ol4Tx6IFRxHC17B
2011-11-10 23:03:50 -------- d-----w- C:\Users\Sida\AppData\Roaming\FBJNdydzH
2011-11-10 23:03:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\p5Q6WfLXYCkVzNA
2011-11-10 23:03:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\LG5Q6WfLXYCkVzN
2011-11-10 23:03:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\L5Q6WfLXYCkVzNA
2011-11-10 23:03:44 -------- d-----w- C:\Users\Sida\AppData\Roaming\iwwUeBzNx1v2b3m
2011-11-10 23:03:44 -------- d-----w- C:\Users\Sida\AppData\Roaming\d9wwUeBzNx1v2b3
2011-11-10 23:03:37 -------- d-----w- C:\Users\Sida\AppData\Roaming\xunW9Yl0DaJZktS
2011-11-10 23:03:33 -------- d-----w- C:\Users\Sida\AppData\Roaming\BgkPDH8wxvmLXtA
2011-11-10 23:03:30 -------- d-----w- C:\Users\Sida\AppData\Roaming\XdYBupETrupWXB0
2011-11-10 23:03:27 -------- d-----w- C:\Users\Sida\AppData\Roaming\w3KY0GfV2Qgr1
2011-11-10 23:03:21 -------- d-----w- C:\Users\Sida\AppData\Roaming\wX1JUAGLVisqO
2011-11-10 23:03:21 -------- d-----w- C:\Users\Sida\AppData\Roaming\UX1JUAGLVisqOb
2011-11-10 23:02:51 -------- d-----w- C:\Users\Sida\AppData\Roaming\VrHemVbX2hbg
2011-11-10 23:02:48 -------- d-----w- C:\Users\Sida\AppData\Roaming\kYv818NHIaw4VF
2011-11-10 23:02:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\UpjiTcdtQe4
2011-11-10 23:02:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\jcLSTihnw4
2011-11-10 23:02:45 -------- d-----w- C:\Users\Sida\AppData\Roaming\dpjiTcdtQe4C
2011-11-10 23:02:43 -------- d-----w- C:\Users\Sida\AppData\Roaming\RorJ0K2wFjFkGCD
2011-11-10 23:02:40 -------- d-----w- C:\Users\Sida\AppData\Roaming\xJk3Lrn9tahiLBd
2011-11-10 23:02:31 -------- d-----w- C:\Users\Sida\AppData\Roaming\IDElvJUiJwDdeSd
2011-11-10 23:02:29 -------- d-----w- C:\Users\Sida\AppData\Roaming\VGjuKkiRViKIiJV
2011-11-10 23:02:29 -------- d-----w- C:\Users\Sida\AppData\Roaming\ImjuKkiRViKIiJV
2011-11-10 18:59:41 -------- d-----we C:\Windows\system64
2011-11-10 18:56:30 -------- d-----w- C:\Users\Sida\AppData\Roaming\B02D9
2011-11-10 18:56:30 -------- d-----w- C:\Program Files (x86)\LP
2011-11-09 02:23:43 -------- d-----w- C:\7673625bb3e861d14f386f84f8afbc
2011-11-08 18:56:34 81920 ----a-w- C:\Windows\SysWow64\devcon.exe
2011-11-08 18:56:34 81920 ----a-w- C:\Windows\System32\devcon.exe
2011-11-06 09:06:42 -------- d-----r- C:\Users\Sida\Dropbox
2011-11-06 09:05:44 -------- d-----w- C:\Users\Sida\AppData\Roaming\Dropbox
2011-11-05 05:30:21 -------- d-----w- C:\Program Files (x86)\SogouInput
2011-11-05 05:30:21 -------- d-----w- C:\Program Files (x86)\SogouExtension
2011-11-05 05:30:09 0 ----a-w- C:\Windows\SysWow64\nsdA676.tmp
2011-11-05 05:19:33 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-11-05 05:19:33 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-11-05 04:59:06 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-11-05 04:59:06 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-11-05 04:57:38 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-05 04:56:50 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-11-05 04:55:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 04:54:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-11-05 04:52:31 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-11-05 04:52:31 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-11-05 04:52:31 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-11-05 04:52:31 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-11-01 09:26:08 -------- d-----w- C:\Windows\SysWow64\data
2011-10-31 08:38:59 -------- d-----w- C:\Users\Sida\riotsGamesLogs
2011-10-31 08:38:28 -------- d-----w- C:\Users\Sida\AppData\Roaming\LolClient
2011-10-31 07:14:11 -------- d-----w- C:\Program Files (x86)\LOL
2011-10-31 07:12:50 -------- d-----w- C:\Program Files (x86)\Pando Networks
.
==================== Find3M ====================
.
2011-11-11 04:26:58 91648 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe
2011-11-11 04:26:58 76800 ----a-w- C:\Windows\System32\tdc.ocx
2011-11-11 04:26:58 48640 ----a-w- C:\Windows\System32\mshtmler.dll
2011-11-11 04:26:58 135168 ----a-w- C:\Windows\System32\IEAdvpack.dll
2011-11-11 04:26:58 111616 ----a-w- C:\Windows\System32\iesysprep.dll
2011-11-11 04:26:57 448512 ----a-w- C:\Windows\System32\html.iec
2011-11-11 04:26:56 85504 ----a-w- C:\Windows\System32\iesetup.dll
2011-11-11 04:26:53 1492992 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-11 04:26:52 30720 ----a-w- C:\Windows\System32\licmgr10.dll
2011-11-11 04:26:52 165888 ----a-w- C:\Windows\System32\iexpress.exe
2011-11-11 04:26:52 160256 ----a-w- C:\Windows\System32\wextract.exe
2011-11-11 04:26:51 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-09-15 10:51:18 4706672 ----a-w- C:\Windows\System32\SogouPY.ime
2011-09-15 10:51:18 2692464 ----a-w- C:\Windows\SysWow64\SogouPy.ime
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 12:04:16.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/28/2009 5:29:10 PM
System Uptime: 11/20/2011 11:51:34 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | N/A | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 87.569 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
Z: is NetworkDisk (NTFS) - 5 GiB total, 5.148 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMMATbleepA_DVD-RAM_UJ880AS________________1.20____\4&244C77EB&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: MATbleepA DVD-RAM UJ880AS
PNP Device ID: IDE\CDROMMATbleepA_DVD-RAM_UJ880AS________________1.20____\4&244C77EB&0&0.1.0
Service: cdrom
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C113\7&1ABD46A7&0&58170C95698D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C113\7&1ABD46A7&0&58170C95698D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C113\7&1ABD46A7&0&58170C95698D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C113\7&1ABD46A7&0&58170C95698D_C00000000
Service:
.
==== System Restore Points ===================
.
RP127: 11/10/2011 4:42:07 AM - Windows Defender Checkpoint
RP128: 11/10/2011 6:41:34 AM - Windows Update
RP129: 11/10/2011 6:55:01 PM - Restore Operation
RP130: 11/10/2011 7:58:08 PM - Installed Ad-Aware
RP131: 11/10/2011 7:59:06 PM - Installed Ad-Aware
RP132: 11/10/2011 8:15:07 PM - Windows Modules Installer
RP133: 11/10/2011 8:29:09 PM - Windows Modules Installer
RP134: 11/10/2011 8:43:08 PM - Installed HiJackThis
RP135: 11/10/2011 11:21:27 PM - Windows Modules Installer
RP136: 11/11/2011 6:53:37 AM - Removed League of Legends
RP138: 11/11/2011 7:12:23 AM - Windows Update
RP139: 11/11/2011 7:35:47 AM - Windows Update
RP140: 11/11/2011 4:30:34 PM - Installed League of Legends
RP141: 11/11/2011 7:03:14 PM - Removed Ad-Aware
RP142: 11/11/2011 7:06:36 PM - Windows Update
RP143: 11/11/2011 7:07:51 PM - Removed League of Legends
RP145: 11/11/2011 7:39:17 PM - Installed League of Legends
RP146: 11/12/2011 4:13:39 AM - Installed Ad-Aware
RP147: 11/12/2011 4:14:43 AM - Installed Ad-Aware
RP148: 11/12/2011 5:47:05 AM - Windows Update
RP149: 11/12/2011 3:11:41 PM - Windows Modules Installer
RP150: 11/15/2011 6:10:52 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
.
==== Installed Programs ======================
.
.
Acrobat.com
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
AhnLab Online Security
AIM 7
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
CGoban 3
Compatibility Pack for the 2007 Office system
D&P
Dell Driver Download Manager
Diablo II
DivX Setup
Dropbox
Fate/stay night
Final Fantasy VII - Ultima Edition
Google Talk (remove only)
Google Toolbar for Internet Explorer
GunBound Thor's Hammer
HiJackThis
ICCup Launcher
Inkscape 0.47
Java Auto Updater
Java Platform, Enterprise Edition 5 SDK
Java™ 6 Update 21
Java™ SE Runtime Environment 6
League of Legends
LogMeIn Hamachi
Magic ISO Maker v5.5 (build 0276)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer
Notepad++
OpenMG Secure Module 5.3.00
Primo
Project64 1.6
QuickBooks Financial Center
QuickBooks Simple Start 2009
QuickTime
Ragnarok Renewal
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype Toolbars
Skype? 4.2
Sony Home Network Library
Sony Picture Utility
SpeedFan (remove only)
Starcraft
SupportSoft Assisted Service
TallStick TS-AudioToMIDI 3.30 (remove only)
Turing Machine
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Help and Support
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO Startup Assistant
VAIO Survey
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VLC media player 1.0.1
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinDVD for VAIO
仙剑奇侠传3 简体中文版
千千静听 5.7正式版
搜狗拼音输入法 6.0正式版
百度音乐控件
.
==== Event Viewer Messages From Past Week ========
.
11/20/2011 12:03:30 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
11/20/2011 12:03:30 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
11/20/2011 12:03:30 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
11/20/2011 11:54:16 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/20/2011 11:54:16 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/20/2011 11:52:12 AM, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
11/20/2011 11:52:02 AM, Error: Service Control Manager [7003] - The NVIDIA Display Driver Service service depends the following service: nvlddmkm. This service might not be installed.
11/20/2011 11:51:59 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Alidevice.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/15/2011 11:32:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
.
==== End Of File ===========================

Thanks.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 20 November 2011 - 12:57 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 20 November 2011 - 08:34 PM

Hi, here is the log. I'm still having the same problem with google search results being redirected.
Thanks.
ComboFix 11-11-20.02 - Sida 0/2011 Sun 19:25:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3963.2565 [GMT -5:00]
执行位置: c:\users\Sida\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\lol
c:\program files (x86)\lol\LeagueOfLegends\0x0409.ini
c:\program files (x86)\lol\LeagueOfLegends\data1.cab
c:\program files (x86)\lol\LeagueOfLegends\data1.hdr
c:\program files (x86)\lol\LeagueOfLegends\data2.cab
c:\program files (x86)\lol\LeagueOfLegends\ISSetup.dll
c:\program files (x86)\lol\LeagueOfLegends\layout.bin
c:\program files (x86)\lol\LeagueOfLegends\setup.exe
c:\program files (x86)\lol\LeagueOfLegends\setup.ini
c:\program files (x86)\lol\LeagueOfLegends\setup.inx
c:\program files (x86)\lol\LeagueOfLegends\setup.isn
c:\program files (x86)\LP
c:\program files (x86)\LP\752B\379.tmp
c:\program files (x86)\LP\752B\AB28.tmp
c:\program files (x86)\LP\752B\BD86.tmp
c:\program files (x86)\LP\752B\FB8.tmp
c:\program files (x86)\LP\752B\FF03.tmp
c:\program files\lol
c:\programdata\Roaming
c:\users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
.
.
((((((((((((((((((((((((( 2011-10-21 至 2011-11-21 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-11-21 01:01 . 2011-11-21 01:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-21 01:01 . 2011-11-21 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 20:19 . 2011-11-20 22:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\offreg.dll
2011-11-18 20:08 . 2011-11-18 20:08 -------- d-----w- c:\program files (x86)\Baidu
2011-11-18 20:08 . 2011-11-20 16:42 -------- d-----w- c:\programdata\Baidu
2011-11-18 20:08 . 2011-11-18 20:08 -------- d-----w- c:\users\Sida\AppData\Roaming\TTPlayer
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\users\Sida\AppData\Roaming\Malwarebytes
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-15 18:58 . 2011-11-15 18:58 -------- d-----w- c:\users\Sida\AppData\Local\ElevatedDiagnostics
2011-11-14 23:41 . 2011-11-12 09:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-12 20:35 . 1998-07-17 18:36 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax
2011-11-12 20:34 . 1997-12-17 23:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-11-12 20:16 . 2011-11-12 22:07 -------- d-----w- c:\program files (x86)\Final Fantasy VII
2011-11-12 12:47 . 2011-11-12 12:47 -------- d-----w- C:\6ca9d3769a3c79d322307dd08f
2011-11-12 10:48 . 2011-11-12 10:48 -------- d-----w- C:\0feb16ecc2788eb9f8606e02685a0b94
2011-11-12 10:46 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-11-12 10:46 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-12 10:46 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-11-12 10:46 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-12 10:46 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-12 09:15 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-12 00:39 . 2011-11-12 00:39 -------- d-----w- C:\Riot Games
2011-11-12 00:21 . 2011-11-12 00:35 -------- d-----w- c:\program files\LeagueOfLegends
2011-11-12 00:14 . 2011-11-12 00:14 -------- d-----w- c:\program files\CCleaner
2011-11-12 00:07 . 2011-10-17 18:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\mpengine.dll
2011-11-11 21:41 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-11-11 21:41 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-11-11 21:41 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-11-11 12:07 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-11-11 12:07 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-11-11 12:07 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-11-11 12:07 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-11 12:07 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-11-11 12:07 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-11-11 12:07 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-11-11 12:07 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 12:07 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-11 12:07 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 12:07 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 06:30 . 2011-11-11 06:30 388096 ----a-r- c:\users\Sida\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 04:26 . 2011-11-11 04:26 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-11 01:43 . 2011-11-11 01:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-11 01:06 . 2011-11-11 01:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 01:06 . 2011-11-11 01:06 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 01:03 . 2011-11-11 01:03 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-11 01:00 . 2011-11-11 01:00 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-11 01:00 . 2011-11-12 09:15 -------- d-----w- c:\programdata\Lavasoft
2011-11-10 23:51 . 2011-11-10 23:51 -------- d-----w- c:\program files (x86)\Panda Security
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\Sida\AppData\Roaming\GOmXA8zmTN5Tx
2011-11-10 23:08 . 2011-11-10 23:08 -------- d-----w- c:\users\Sida\AppData\Roaming\yA9nUalQBdNKxK0
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\S1kEDeKFrL
2011-11-10 23:06 . 2011-11-10 23:06 -------- d-----w- c:\users\Sida\AppData\Roaming\uvjQx93lZ4PTavC
2011-11-10 23:05 . 2011-11-10 23:05 -------- d-----w- c:\users\Sida\AppData\Roaming\Vs1kd2VKFrRGxq4
2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----w- c:\users\Sida\AppData\Roaming\ol4Tx6IFRxHC17B
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\FBJNdydzH
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\p5Q6WfLXYCkVzNA
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\LG5Q6WfLXYCkVzN
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\L5Q6WfLXYCkVzNA
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\iwwUeBzNx1v2b3m
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\d9wwUeBzNx1v2b3
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\xunW9Yl0DaJZktS
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\BgkPDH8wxvmLXtA
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\XdYBupETrupWXB0
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\w3KY0GfV2Qgr1
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\wX1JUAGLVisqO
2011-11-10 23:03 . 2011-11-10 23:03 -------- d-----w- c:\users\Sida\AppData\Roaming\UX1JUAGLVisqOb
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\VrHemVbX2hbg
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\kYv818NHIaw4VF
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\UpjiTcdtQe4
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\jcLSTihnw4
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\dpjiTcdtQe4C
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\RorJ0K2wFjFkGCD
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\xJk3Lrn9tahiLBd
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\IDElvJUiJwDdeSd
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\VGjuKkiRViKIiJV
2011-11-10 23:02 . 2011-11-10 23:02 -------- d-----w- c:\users\Sida\AppData\Roaming\ImjuKkiRViKIiJV
2011-11-10 18:59 . 2011-11-10 18:59 -------- d-----we c:\windows\system64
2011-11-10 18:56 . 2011-11-11 00:38 -------- d-----w- c:\users\Sida\AppData\Roaming\B02D9
2011-11-09 02:23 . 2011-11-11 00:49 -------- d-----w- C:\7673625bb3e861d14f386f84f8afbc
2011-11-08 18:56 . 2010-02-09 01:56 81920 ----a-w- c:\windows\SysWow64\devcon.exe
2011-11-08 18:56 . 2010-02-09 01:56 81920 ----a-w- c:\windows\system32\devcon.exe
2011-11-06 09:06 . 2011-11-20 22:33 -------- d-----r- c:\users\Sida\Dropbox
2011-11-06 09:05 . 2011-11-21 00:00 -------- d-----w- c:\users\Sida\AppData\Roaming\Dropbox
2011-11-05 05:30 . 2011-11-11 00:45 -------- d-----w- c:\program files (x86)\SogouExtension
2011-11-05 05:30 . 2011-11-11 00:21 -------- d-----w- c:\program files (x86)\SogouInput
2011-11-05 05:30 . 2011-11-05 05:30 0 ----a-w- c:\windows\SysWow64\nsdA676.tmp
2011-11-05 05:19 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-11-05 05:19 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-11-05 04:59 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-11-05 04:59 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-11-05 04:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-11-05 04:56 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-05 04:55 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:54 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-05 04:52 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-05 04:52 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-11-05 04:52 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-05 04:52 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-11-01 09:26 . 2011-11-01 09:27 -------- d-----w- c:\windows\SysWow64\data
2011-10-31 08:38 . 2011-11-20 07:38 -------- d-----w- c:\users\Sida\riotsGamesLogs
2011-10-31 08:38 . 2011-10-31 08:38 -------- d-----w- c:\users\Sida\AppData\Roaming\LolClient
2011-10-31 07:12 . 2011-11-11 00:21 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 18:10 . 2011-10-21 06:16 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-09-15 10:51 . 2011-09-15 10:51 4706672 ----a-w- c:\windows\system32\SogouPY.ime
2011-09-15 10:51 . 2011-09-15 10:51 2692464 ----a-w- c:\windows\SysWow64\SogouPy.ime
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"googletalk"="c:\users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Sida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 Alidevice;Alidevice; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
计划任务 文件夹 里的内容
.
2011-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-09 1674536]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-06 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-06 82464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.392.com/?5891#
uSearchURL,(Default) = hxxp://ie.123.com.cn/?wd={searchTerms}&ie=utf-8
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\34D43434: DhcpNameServer = 221.130.33.52 221.130.33.60
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\B4566796E602845716E676: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\C696E6B6379737: DhcpNameServer = 220.115.240.242 220.115.240.246
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
FF - ProfilePath - c:\users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Thunder Extension: {1B33E42F-EF14-4cd3-B6DC-174571C4349C} - %profile%\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-VAIORegistration - c:\program files\Sony\First Experience\WelcomeLauncher.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Final Fantasy VII - c:\program files (x86)\Final Fantasy VII\Uninst.isu
AddRemove-Raganrok Renewal - c:\windows\IFinst27.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\貼QRGY燨 O3*]
"DisplayName"="仙剑奇侠传3 简体中文版"
"UninstallString"="c:\\Program Files (x86)\\仙剑奇侠传3\\uninst.exe"
"DisplayIcon"="c:\\Program Files (x86)\\仙剑奇侠传3\\config.exe"
"DisplayVersion"="简体中文版"
"URLInfoAbout"="http://www.youxijidi.com"
"Publisher"="longhumen, Inc."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-11-20 20:24:37
ComboFix-quarantined-files.txt 2011-11-21 01:24
.
Pre-Run: 98,271,424,512 bytes free
Post-Run: 98,511,519,744 bytes free
.
- - End Of File - - C5EFC812B66E775C802515132B4E49E6

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 20 November 2011 - 09:18 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Sida\AppData\Roaming\GOmXA8zmTN5Tx
c:\users\Sida\AppData\Roaming\yA9nUalQBdNKxK0
c:\users\Sida\AppData\Roaming\S1kEDeKFrL
c:\users\Sida\AppData\Roaming\uvjQx93lZ4PTavC
c:\users\Sida\AppData\Roaming\Vs1kd2VKFrRGxq4
c:\users\Sida\AppData\Roaming\ol4Tx6IFRxHC17B
c:\users\Sida\AppData\Roaming\FBJNdydzH
c:\users\Sida\AppData\Roaming\p5Q6WfLXYCkVzNA
c:\users\Sida\AppData\Roaming\LG5Q6WfLXYCkVzN
c:\users\Sida\AppData\Roaming\L5Q6WfLXYCkVzNA
c:\users\Sida\AppData\Roaming\iwwUeBzNx1v2b3m
c:\users\Sida\AppData\Roaming\d9wwUeBzNx1v2b3
c:\users\Sida\AppData\Roaming\xunW9Yl0DaJZktS
c:\users\Sida\AppData\Roaming\BgkPDH8wxvmLXtA
c:\users\Sida\AppData\Roaming\XdYBupETrupWXB0
c:\users\Sida\AppData\Roaming\w3KY0GfV2Qgr1
c:\users\Sida\AppData\Roaming\wX1JUAGLVisqO
c:\users\Sida\AppData\Roaming\UX1JUAGLVisqOb
c:\users\Sida\AppData\Roaming\VrHemVbX2hbg
c:\users\Sida\AppData\Roaming\kYv818NHIaw4VF
c:\users\Sida\AppData\Roaming\UpjiTcdtQe4
c:\users\Sida\AppData\Roaming\jcLSTihnw4
c:\users\Sida\AppData\Roaming\dpjiTcdtQe4C
c:\users\Sida\AppData\Roaming\RorJ0K2wFjFkGCD
c:\users\Sida\AppData\Roaming\xJk3Lrn9tahiLBd
c:\users\Sida\AppData\Roaming\IDElvJUiJwDdeSd
c:\users\Sida\AppData\Roaming\VGjuKkiRViKIiJV
c:\users\Sida\AppData\Roaming\ImjuKkiRViKIiJV
c:\windows\system64
c:\users\Sida\AppData\Roaming\B02D9


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 21 November 2011 - 12:34 AM

Hmm it seems to have fixed the problem ^^

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 21 November 2011 - 12:58 AM

That is great but I need the report and we still have things to do


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 21 November 2011 - 02:04 AM

Yea, I just ran the combo fixer and I got the log but then notepad stopped functioning. It seems that the elements in the script were removed. Should I run it again?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 21 November 2011 - 02:13 AM

Hello

check this first

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 21 November 2011 - 02:24 AM

Here it is.
ComboFix 11-11-20.02 - Sida 1/2011 Mon 0:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3963.2730 [GMT -5:00]
执行位置: c:\users\Sida\Desktop\ComboFix.exe
Command switches used :: c:\users\Sida\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sida\AppData\Roaming\B02D9
c:\users\Sida\AppData\Roaming\B02D9\9A98.02D
c:\users\Sida\AppData\Roaming\BgkPDH8wxvmLXtA
c:\users\Sida\AppData\Roaming\d9wwUeBzNx1v2b3
c:\users\Sida\AppData\Roaming\dpjiTcdtQe4C
c:\users\Sida\AppData\Roaming\FBJNdydzH
c:\users\Sida\AppData\Roaming\GOmXA8zmTN5Tx
c:\users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
c:\users\Sida\AppData\Roaming\IDElvJUiJwDdeSd
c:\users\Sida\AppData\Roaming\ImjuKkiRViKIiJV
c:\users\Sida\AppData\Roaming\iwwUeBzNx1v2b3m
c:\users\Sida\AppData\Roaming\jcLSTihnw4
c:\users\Sida\AppData\Roaming\kYv818NHIaw4VF
c:\users\Sida\AppData\Roaming\L5Q6WfLXYCkVzNA
c:\users\Sida\AppData\Roaming\LG5Q6WfLXYCkVzN
c:\users\Sida\AppData\Roaming\ol4Tx6IFRxHC17B
c:\users\Sida\AppData\Roaming\p5Q6WfLXYCkVzNA
c:\users\Sida\AppData\Roaming\RorJ0K2wFjFkGCD
c:\users\Sida\AppData\Roaming\S1kEDeKFrL
c:\users\Sida\AppData\Roaming\UpjiTcdtQe4
c:\users\Sida\AppData\Roaming\uvjQx93lZ4PTavC
c:\users\Sida\AppData\Roaming\UX1JUAGLVisqOb
c:\users\Sida\AppData\Roaming\VGjuKkiRViKIiJV
c:\users\Sida\AppData\Roaming\VrHemVbX2hbg
c:\users\Sida\AppData\Roaming\Vs1kd2VKFrRGxq4
c:\users\Sida\AppData\Roaming\w3KY0GfV2Qgr1
c:\users\Sida\AppData\Roaming\wX1JUAGLVisqO
c:\users\Sida\AppData\Roaming\XdYBupETrupWXB0
c:\users\Sida\AppData\Roaming\xJk3Lrn9tahiLBd
c:\users\Sida\AppData\Roaming\xunW9Yl0DaJZktS
c:\users\Sida\AppData\Roaming\yA9nUalQBdNKxK0
.
.
((((((((((((((((((((((((( 2011-10-21 至 2011-11-21 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-11-21 06:26 . 2011-11-21 06:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-21 06:26 . 2011-11-21 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 01:30 . 2011-11-21 01:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\offreg.dll
2011-11-18 20:08 . 2011-11-18 20:08 -------- d-----w- c:\program files (x86)\Baidu
2011-11-18 20:08 . 2011-11-20 16:42 -------- d-----w- c:\programdata\Baidu
2011-11-18 20:08 . 2011-11-18 20:08 -------- d-----w- c:\users\Sida\AppData\Roaming\TTPlayer
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\users\Sida\AppData\Roaming\Malwarebytes
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-15 18:58 . 2011-11-15 18:58 -------- d-----w- c:\users\Sida\AppData\Local\ElevatedDiagnostics
2011-11-14 23:41 . 2011-11-12 09:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-12 20:35 . 1998-07-17 18:36 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax
2011-11-12 20:34 . 1997-12-17 23:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-11-12 20:16 . 2011-11-12 22:07 -------- d-----w- c:\program files (x86)\Final Fantasy VII
2011-11-12 12:47 . 2011-11-12 12:47 -------- d-----w- C:\6ca9d3769a3c79d322307dd08f
2011-11-12 10:48 . 2011-11-12 10:48 -------- d-----w- C:\0feb16ecc2788eb9f8606e02685a0b94
2011-11-12 10:46 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-11-12 10:46 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-12 10:46 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-11-12 10:46 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-12 10:46 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-12 09:15 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-12 00:39 . 2011-11-12 00:39 -------- d-----w- C:\Riot Games
2011-11-12 00:21 . 2011-11-12 00:35 -------- d-----w- c:\program files\LeagueOfLegends
2011-11-12 00:14 . 2011-11-12 00:14 -------- d-----w- c:\program files\CCleaner
2011-11-12 00:07 . 2011-10-17 18:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\mpengine.dll
2011-11-11 21:41 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-11-11 21:41 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-11-11 21:41 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-11-11 12:07 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-11-11 12:07 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-11-11 12:07 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-11-11 12:07 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-11 12:07 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-11-11 12:07 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-11-11 12:07 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-11-11 12:07 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 12:07 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-11 12:07 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 12:07 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 06:30 . 2011-11-11 06:30 388096 ----a-r- c:\users\Sida\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 04:26 . 2011-11-11 04:26 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-11 01:43 . 2011-11-11 01:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-11 01:06 . 2011-11-21 01:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 01:06 . 2011-11-11 01:06 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 01:03 . 2011-11-11 01:03 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-11 01:00 . 2011-11-11 01:00 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-11 01:00 . 2011-11-12 09:15 -------- d-----w- c:\programdata\Lavasoft
2011-11-10 23:51 . 2011-11-10 23:51 -------- d-----w- c:\program files (x86)\Panda Security
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\Sida\AppData\Roaming\ZPJO4YuKPaknXcK
2011-11-10 23:08 . 2011-11-10 23:08 -------- d-----w- c:\users\Sida\AppData\Roaming\f1fA8FI6xE1Z2Xp
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\qisqBv58kP25
2011-11-10 23:06 . 2011-11-10 23:06 -------- d-----w- c:\users\Sida\AppData\Roaming\tjlzcvbGJKZXe
2011-11-10 23:05 . 2011-11-10 23:05 -------- d-----w- c:\users\Sida\AppData\Roaming\UHYcswudeo8
2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----w- c:\users\Sida\AppData\Roaming\UEYBvs9PoQhB03
2011-11-10 18:59 . 2011-11-10 18:59 -------- d-----we c:\windows\system64
2011-11-09 02:23 . 2011-11-11 00:49 -------- d-----w- C:\7673625bb3e861d14f386f84f8afbc
2011-11-08 18:56 . 2010-02-09 01:56 81920 ----a-w- c:\windows\SysWow64\devcon.exe
2011-11-08 18:56 . 2010-02-09 01:56 81920 ----a-w- c:\windows\system32\devcon.exe
2011-11-06 09:06 . 2011-11-21 01:29 -------- d-----r- c:\users\Sida\Dropbox
2011-11-06 09:05 . 2011-11-21 01:29 -------- d-----w- c:\users\Sida\AppData\Roaming\Dropbox
2011-11-05 05:30 . 2011-11-11 00:45 -------- d-----w- c:\program files (x86)\SogouExtension
2011-11-05 05:30 . 2011-11-11 00:21 -------- d-----w- c:\program files (x86)\SogouInput
2011-11-05 05:30 . 2011-11-05 05:30 0 ----a-w- c:\windows\SysWow64\nsdA676.tmp
2011-11-05 05:19 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-11-05 05:19 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-11-05 04:59 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-11-05 04:59 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-11-05 04:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-11-05 04:56 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-05 04:55 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:54 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-05 04:52 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-05 04:52 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-11-05 04:52 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-05 04:52 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-11-01 09:26 . 2011-11-01 09:27 -------- d-----w- c:\windows\SysWow64\data
2011-10-31 08:38 . 2011-11-21 01:29 -------- d-----w- c:\users\Sida\riotsGamesLogs
2011-10-31 08:38 . 2011-10-31 08:38 -------- d-----w- c:\users\Sida\AppData\Roaming\LolClient
2011-10-31 07:12 . 2011-11-11 00:21 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 18:10 . 2011-10-21 06:16 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-09-15 10:51 . 2011-09-15 10:51 4706672 ----a-w- c:\windows\system32\SogouPY.ime
2011-09-15 10:51 . 2011-09-15 10:51 2692464 ----a-w- c:\windows\SysWow64\SogouPy.ime
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-21_01.03.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 13:16 . 2011-11-21 01:29 53040 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-12-30 13:16 . 2011-11-20 20:19 53040 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 01:29 43676 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-20 22:34 43676 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-12-30 13:16 . 2011-11-20 20:19 53040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-12-30 13:16 . 2011-11-21 01:29 53040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 01:29 43676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-20 22:34 43676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-21 01:27 . 2011-11-21 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-20 20:17 . 2011-11-20 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-20 20:17 . 2011-11-20 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-21 01:27 . 2011-11-21 01:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-21 01:42 . 2011-11-21 01:42 243872 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe
+ 2009-07-14 02:36 . 2011-11-21 01:31 772430 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-21 01:31 772430 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-20 19:31 423376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-21 01:26 423376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-18 03:21 . 2011-11-21 01:42 6276768 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 02:36 . 2011-11-21 01:31 1344704 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-21 01:31 1344704 c:\windows\system32\perfh009.dat
+ 2011-11-13 19:32 . 2011-11-21 01:26 5452064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1474808878-2592519670-514988867-1000-12288.dat
- 2009-07-14 02:34 . 2011-11-20 07:45 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 02:22 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-11-20 07:45 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 02:22 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"googletalk"="c:\users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Sida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 Alidevice;Alidevice; [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-09 1674536]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-06 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-06 82464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.392.com/?5891#
uSearchURL,(Default) = hxxp://ie.123.com.cn/?wd={searchTerms}&ie=utf-8
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\34D43434: DhcpNameServer = 221.130.33.52 221.130.33.60
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\B4566796E602845716E676: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\C696E6B6379737: DhcpNameServer = 220.115.240.242 220.115.240.246
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
FF - ProfilePath - c:\users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Thunder Extension: {1B33E42F-EF14-4cd3-B6DC-174571C4349C} - %profile%\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\貼QRGY燨 O3*]
"DisplayName"="仙剑奇侠传3 简体中文版"
"UninstallString"="c:\\Program Files (x86)\\仙剑奇侠传3\\uninst.exe"
"DisplayIcon"="c:\\Program Files (x86)\\仙剑奇侠传3\\config.exe"
"DisplayVersion"="简体中文版"
"URLInfoAbout"="http://www.youxijidi.com"
"Publisher"="longhumen, Inc."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-11-21 01:47:34
ComboFix-quarantined-files.txt 2011-11-21 06:47
ComboFix2.txt 2011-11-21 01:24
.
Pre-Run: 98,558,238,720 bytes free
Post-Run: 98,546,626,560 bytes free
.
- - End Of File - - 79C63C2783079E283294E509C975813B

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:38 AM

Posted 21 November 2011 - 02:29 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Sida\AppData\Roaming\ZPJO4YuKPaknXcK
c:\users\Sida\AppData\Roaming\f1fA8FI6xE1Z2Xp
c:\users\Sida\AppData\Roaming\qisqBv58kP25
c:\users\Sida\AppData\Roaming\tjlzcvbGJKZXe
c:\users\Sida\AppData\Roaming\UHYcswudeo8
c:\users\Sida\AppData\Roaming\UEYBvs9PoQhB03
c:\windows\system64


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chrono314

chrono314
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 21 November 2011 - 04:49 AM

It seems like the google search problem still persists. Here is my log. Btw thanks for all the help!
ComboFix 11-11-20.02 - Sida 1/2011 Mon 3:43.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3963.2694 [GMT -5:00]
执行位置: c:\users\Sida\Desktop\ComboFix.exe
Command switches used :: c:\users\Sida\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sida\AppData\Roaming\f1fA8FI6xE1Z2Xp
c:\users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
c:\users\Sida\AppData\Roaming\qisqBv58kP25
c:\users\Sida\AppData\Roaming\tjlzcvbGJKZXe
c:\users\Sida\AppData\Roaming\UEYBvs9PoQhB03
c:\users\Sida\AppData\Roaming\UHYcswudeo8
c:\users\Sida\AppData\Roaming\ZPJO4YuKPaknXcK
.
.
((((((((((((((((((((((((( 2011-10-21 至 2011-11-21 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-11-21 09:17 . 2011-11-21 09:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-21 09:17 . 2011-11-21 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 07:03 . 2011-11-21 07:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\offreg.dll
2011-11-18 20:08 . 2011-11-18 20:08 -------- d-----w- c:\program files (x86)\Baidu
2011-11-18 20:08 . 2011-11-20 16:42 -------- d-----w- c:\programdata\Baidu
2011-11-18 20:08 . 2011-11-18 20:08 -------- d-----w- c:\users\Sida\AppData\Roaming\TTPlayer
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\users\Sida\AppData\Roaming\Malwarebytes
2011-11-17 17:40 . 2011-11-17 17:40 -------- d-----w- c:\programdata\Malwarebytes
2011-11-17 17:40 . 2011-11-21 07:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-15 18:58 . 2011-11-15 18:58 -------- d-----w- c:\users\Sida\AppData\Local\ElevatedDiagnostics
2011-11-14 23:41 . 2011-11-12 09:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-12 20:35 . 1998-07-17 18:36 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax
2011-11-12 20:34 . 1997-12-17 23:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-11-12 20:16 . 2011-11-12 22:07 -------- d-----w- c:\program files (x86)\Final Fantasy VII
2011-11-12 12:47 . 2011-11-12 12:47 -------- d-----w- C:\6ca9d3769a3c79d322307dd08f
2011-11-12 10:48 . 2011-11-12 10:48 -------- d-----w- C:\0feb16ecc2788eb9f8606e02685a0b94
2011-11-12 10:46 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-11-12 10:46 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-12 10:46 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-11-12 10:46 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-12 10:46 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-12 09:15 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-12 00:39 . 2011-11-12 00:39 -------- d-----w- C:\Riot Games
2011-11-12 00:21 . 2011-11-12 00:35 -------- d-----w- c:\program files\LeagueOfLegends
2011-11-12 00:07 . 2011-10-17 18:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C5B2EDF-01C8-4B50-A031-20A5A31670B4}\mpengine.dll
2011-11-11 21:41 . 2008-07-12 13:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-11-11 21:41 . 2008-07-12 13:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-11-11 21:41 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-11-11 12:07 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-11-11 12:07 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-11-11 12:07 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-11-11 12:07 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-11 12:07 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-11-11 12:07 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-11-11 12:07 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-11-11 12:07 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 12:07 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-11 12:07 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 12:07 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 06:30 . 2011-11-11 06:30 388096 ----a-r- c:\users\Sida\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 04:26 . 2011-11-11 04:26 995328 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-11-11 01:43 . 2011-11-11 01:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-11 01:06 . 2011-11-21 01:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 01:06 . 2011-11-11 01:06 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 01:03 . 2011-11-11 01:03 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-11 01:00 . 2011-11-11 01:00 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-11 01:00 . 2011-11-12 09:15 -------- d-----w- c:\programdata\Lavasoft
2011-11-10 23:51 . 2011-11-10 23:51 -------- d-----w- c:\program files (x86)\Panda Security
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\Sida\AppData\Roaming\XUDRPJlpj2RxQ
2011-11-10 23:08 . 2011-11-10 23:08 -------- d-----w- c:\users\Sida\AppData\Roaming\LHtd1TFV60T
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\kCybHLetbQ9
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\po6Xxn7e0nfwPn7
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\YvY4t8DBE1Xay9n
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\kaLIuQgtDWYx3JY
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\fmP9ptTm0YQAwJA
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\h3HfqItSn6EqVPv
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\bsZktiFs8XlNvp
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\xhoXFemIdO72Y4
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\u0baJgwOy3mLXOy
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\DJ3w5PRbIfSZnka
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\gj6xT4Bd1w5yXbY
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\ZwHy9mygaN9bkJA
2011-11-10 23:07 . 2011-11-10 23:07 -------- d-----w- c:\users\Sida\AppData\Roaming\A1jsyjHxXQNfneQ
2011-11-10 23:05 . 2011-11-10 23:05 -------- d-----w- c:\users\Sida\AppData\Roaming\sV1shPFfkSWCuQT
2011-11-10 23:04 . 2011-11-10 23:04 -------- d-----w- c:\users\Sida\AppData\Roaming\GCcqyWkvgyJUS
2011-11-10 18:59 . 2011-11-10 18:59 -------- d-----we c:\windows\system64
2011-11-09 02:23 . 2011-11-11 00:49 -------- d-----w- C:\7673625bb3e861d14f386f84f8afbc
2011-11-08 18:56 . 2010-02-09 01:56 81920 ----a-w- c:\windows\SysWow64\devcon.exe
2011-11-08 18:56 . 2010-02-09 01:56 81920 ----a-w- c:\windows\system32\devcon.exe
2011-11-06 09:06 . 2011-11-21 07:01 -------- d-----r- c:\users\Sida\Dropbox
2011-11-06 09:05 . 2011-11-21 07:01 -------- d-----w- c:\users\Sida\AppData\Roaming\Dropbox
2011-11-05 05:30 . 2011-11-11 00:45 -------- d-----w- c:\program files (x86)\SogouExtension
2011-11-05 05:30 . 2011-11-11 00:21 -------- d-----w- c:\program files (x86)\SogouInput
2011-11-05 05:30 . 2011-11-05 05:30 0 ----a-w- c:\windows\SysWow64\nsdA676.tmp
2011-11-05 05:19 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-11-05 05:19 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-11-05 04:59 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-11-05 04:59 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-11-05 04:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-11-05 04:56 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-05 04:55 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:54 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-05 04:52 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-05 04:52 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-11-05 04:52 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-11-05 04:52 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-11-01 09:26 . 2011-11-01 09:27 -------- d-----w- c:\windows\SysWow64\data
2011-10-31 08:38 . 2011-11-21 07:41 -------- d-----w- c:\users\Sida\riotsGamesLogs
2011-10-31 08:38 . 2011-10-31 08:38 -------- d-----w- c:\users\Sida\AppData\Roaming\LolClient
2011-10-31 07:12 . 2011-11-11 00:21 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 07:43 . 2011-10-21 06:16 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-09-15 10:51 . 2011-09-15 10:51 4706672 ----a-w- c:\windows\system32\SogouPY.ime
2011-09-15 10:51 . 2011-09-15 10:51 2692464 ----a-w- c:\windows\SysWow64\SogouPy.ime
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-21_01.03.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-21 07:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-20 22:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-20 22:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-21 07:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-20 22:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-21 07:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-30 13:16 . 2011-11-21 07:02 53040 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-12-30 13:16 . 2011-11-20 20:19 53040 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-20 22:34 43676 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 07:02 43676 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-29 11:22 . 2011-11-21 07:02 24174 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474808878-2592519670-514988867-1000_UserData.bin
- 2009-12-29 11:22 . 2011-11-20 22:34 24174 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474808878-2592519670-514988867-1000_UserData.bin
- 2009-12-30 13:16 . 2011-11-20 20:19 53040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-12-30 13:16 . 2011-11-21 07:02 53040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-20 22:34 43676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 07:02 43676 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-12-29 11:22 . 2011-11-20 22:34 24174 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474808878-2592519670-514988867-1000_UserData.bin
+ 2009-12-29 11:22 . 2011-11-21 07:02 24174 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474808878-2592519670-514988867-1000_UserData.bin
+ 2011-11-21 07:00 . 2011-11-21 07:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-20 20:17 . 2011-11-20 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-21 07:00 . 2011-11-21 07:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-20 20:17 . 2011-11-20 22:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-21 01:42 . 2011-11-21 01:42 243872 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe
+ 2009-07-14 02:36 . 2011-11-21 01:31 772430 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-21 01:31 772430 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-20 19:31 423376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-21 06:59 423376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-18 03:21 . 2011-11-21 01:42 6276768 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2009-07-14 02:36 . 2011-11-21 01:31 1344704 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-21 01:31 1344704 c:\windows\system32\perfh009.dat
+ 2011-11-13 19:32 . 2011-11-21 06:59 5631808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1474808878-2592519670-514988867-1000-12288.dat
- 2009-07-14 02:34 . 2011-11-20 07:45 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 07:14 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-11-20 07:45 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 07:14 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"googletalk"="c:\users\Sida\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\users\Sida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sida\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 Alidevice;Alidevice; [x]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - Lavasoft Kernexplorer
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Sida\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-09 1674536]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
"Skytel"="Skytel.exe" [2008-09-16 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-06 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-06 82464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.392.com/?5891#
uSearchURL,(Default) = hxxp://ie.123.com.cn/?wd={searchTerms}&ie=utf-8
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\34D43434: DhcpNameServer = 221.130.33.52 221.130.33.60
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\B4566796E602845716E676: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FB8DA930-5B0A-480D-AA4C-D822EE66A537}\C696E6B6379737: DhcpNameServer = 220.115.240.242 220.115.240.246
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://img.alipay.com/download/2121/aliedit.cab
FF - ProfilePath - c:\users\Sida\AppData\Roaming\Mozilla\Firefox\Profiles\p3zdedir.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Thunder Extension: {1B33E42F-EF14-4cd3-B6DC-174571C4349C} - %profile%\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\貼QRGY燨 O3*]
"DisplayName"="仙剑奇侠传3 简体中文版"
"UninstallString"="c:\\Program Files (x86)\\仙剑奇侠传3\\uninst.exe"
"DisplayIcon"="c:\\Program Files (x86)\\仙剑奇侠传3\\config.exe"
"DisplayVersion"="简体中文版"
"URLInfoAbout"="http://www.youxijidi.com"
"Publisher"="longhumen, Inc."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-11-21 04:38:35
ComboFix-quarantined-files.txt 2011-11-21 09:38
ComboFix2.txt 2011-11-21 06:47
ComboFix3.txt 2011-11-21 01:24
.
Pre-Run: 98,691,436,544 bytes free
Post-Run: 98,629,677,056 bytes free
.
- - End Of File - - 102814577096E01FF366F99AA3406959




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users