Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 dotdots

dotdots

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 06 March 2012 - 03:27 AM

Hi! I've had this redirect issue for 2-3 months now... I didn't think it would be a big deal but it only happens when I go on the Bestbuy website... when I click on their game page I immediately got redirected to a website that tells me I need to download a XVID player and got redirect to another site and the web address is ics.fivemillionfriends. Kaspersky blocked it from downloading anything on my computer and I scanned my computer with Malware Bytes and found few infected objects (URL searchhook). This is the second time it happened... I'm not sure what to do.

Thanks for taking your time to help me. Here are the logs



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Owner at 3:13:08 on 2012-03-06
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\SysWOW64\NlsSrv32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TENCENT\SOSOUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\wmi64.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: QQCycloneHelper Class: {00000000-12c9-4305-82f9-43058f20e8d2} - C:\PROGRA~2\Tencent\QQDOWN~1\QQIEHE~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Download_Bho Class: {a986e409-30cc-4185-89bb-ab212c104524} - C:\Program Files (x86)\PPLive\PPVA\DownloaderManager.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\HOMERunner.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" -background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Facebook Update] "C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
mRun: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\patchvt.lnk - C:\softbatch\patchvt.bat
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &使用QQ旋风下载 - C:\Program Files (x86)\Tencent\QQDownload\geturl.htm
IE: &使用QQ旋风下载全部链接 - C:\Program Files (x86)\Tencent\QQDownload\getAllurl.htm
IE: &使用QQ旋风离线下载 - C:\Program Files (x86)\Tencent\QQDownload\xfofflinedown.htm
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/zh-Hant/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{1C4C76BD-ADF8-4605-883D-FBB144CF0A22} : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou7\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KuGou7\KUGOO3~1.OCX
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: QQCycloneHelper Class: {00000000-12C9-4305-82F9-43058F20E8D2} - C:\PROGRA~2\Tencent\QQDOWN~1\QQIEHE~1.DLL
BHO-X64: QQCycloneHelper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-X64: XunleiBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Download_Bho Class: {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files (x86)\PPLive\PPVA\DownloaderManager.dll
BHO-X64: PPVADownloader - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
mRun-x64: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 59.151.32.16 i.mtime.com
Hosts: 59.151.32.20 www.mtime.com
Hosts: 59.151.32.28 app.mtime.com
Hosts: 59.151.32.32 theater.mtime.com
Hosts: 59.151.32.36 api.mtime.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 61.92.58.11
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(666).dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-11-2 365336]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe [2010-1-26 61440]
R2 SOSOUpSvc;Tencent SOSO Update Service;C:\Program Files\TENCENT\SOSOUpdate.exe [2012-1-23 111992]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-30 2358656]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-20 46392]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 0027131230143207mcinstcleanup;0027131230143207mcinstcleanup; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-3-13 8192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2008-9-12 937984]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2011-3-25 517096]
S3 TesSafe;TesSafe;\??\C:\Windows\system32\TesSafe.sys --> C:\Windows\system32\TesSafe.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-19 89920]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-06 06:23:21 -------- d-----w- C:\Users\Owner\AppData\Local\{AF15DEBB-AA91-4C5A-9187-62D331D2E8DA}
2012-03-06 06:23:11 -------- d-----w- C:\Users\Owner\AppData\Local\{2AFCF996-A1E7-495C-9507-F974C72C7393}
2012-03-05 03:35:06 -------- d-----w- C:\Users\Owner\AppData\Local\Temporary Projects
2012-03-05 03:28:52 -------- d-----w- C:\Users\Owner\AppData\Local\{AF4DFE90-6104-4124-AAC1-2EF57DADD254}
2012-03-05 03:28:48 -------- d-----w- C:\Users\Owner\AppData\Local\{FEB706BF-060E-4A0E-B508-6DA1FCBC1B91}
2012-03-04 03:42:33 -------- d-----w- C:\Users\Owner\AppData\Local\{C39C69F3-1607-4E7E-8C7B-47C16C8EEBC1}
2012-03-04 03:42:13 -------- d-----w- C:\Users\Owner\AppData\Local\{BFF5D03F-E6AC-4907-A8EF-A2506527BB35}
2012-03-03 01:30:33 -------- d-----w- C:\Users\Owner\AppData\Local\{9AB4C948-42B9-4257-B6AA-5D36B17DE18F}
2012-03-03 01:30:24 -------- d-----w- C:\Users\Owner\AppData\Local\{86F18F38-0D8C-4D8B-8212-FE22D1D674D1}
2012-03-02 03:13:43 -------- d-----w- C:\Users\Owner\AppData\Local\{8E11A4F4-FF16-41FE-869C-5763A1466D65}
2012-03-02 03:13:37 -------- d-----w- C:\Users\Owner\AppData\Local\{E3B8F3EF-1937-42C4-A249-28E78394E926}
2012-03-01 01:27:21 -------- d-----w- C:\Users\Owner\AppData\Local\{562C7638-9ACA-4AAA-81C1-DCBA8CDFD356}
2012-03-01 01:27:17 -------- d-----w- C:\Users\Owner\AppData\Local\{77965B21-7F7B-4C8B-964E-D1E6E10E50C3}
2012-02-29 02:03:32 -------- d-----w- C:\Users\Owner\AppData\Local\{A180D8C2-F971-4869-9B55-1F1581293C83}
2012-02-29 02:03:23 -------- d-----w- C:\Users\Owner\AppData\Local\{DCBC0890-8CA0-4198-927C-464B805F4D4B}
2012-02-28 03:08:06 -------- d-----w- C:\Users\Owner\AppData\Local\{84BBC536-0FE9-464A-9B61-E969AF43CE47}
2012-02-28 03:07:58 -------- d-----w- C:\Users\Owner\AppData\Local\{63180006-DF9C-49AC-979C-8CC853EB9B59}
2012-02-27 03:19:33 -------- d-----w- C:\Users\Owner\AppData\Local\{0E6CCD76-3644-4F3E-97C2-A79D169FAAFE}
2012-02-27 03:19:29 -------- d-----w- C:\Users\Owner\AppData\Local\{5AB03B33-A214-4E15-8E5D-F5FD5D771467}
2012-02-24 19:36:06 -------- d-----w- C:\Users\Owner\AppData\Local\{C32A18BE-21D6-4CDD-9D5D-D31787EDB4A0}
2012-02-24 19:36:00 -------- d-----w- C:\Users\Owner\AppData\Local\{C7C48770-566D-44D8-9617-AD4461F12614}
2012-02-24 01:59:25 -------- d-----w- C:\Users\Owner\AppData\Local\{79EE9C4B-8F2F-4AFD-AFF0-BE0A21A8F11E}
2012-02-24 01:59:21 -------- d-----w- C:\Users\Owner\AppData\Local\{E9B98E26-110D-4FED-9B0C-13FE77EB54FA}
2012-02-22 15:39:47 -------- d-----w- C:\Users\Owner\AppData\Local\{90208527-D418-4507-8F28-11705255EFC9}
2012-02-22 15:39:43 -------- d-----w- C:\Users\Owner\AppData\Local\{222CE4B0-E4E4-441B-84B2-EA495218981D}
2012-02-21 21:52:10 -------- d-----w- C:\Users\Owner\AppData\Local\{FCD3E3D0-223E-4A96-9A94-129E3D6DB83B}
2012-02-21 21:52:03 -------- d-----w- C:\Users\Owner\AppData\Local\{9CC91E26-221C-41B0-92AB-7ABE484FB045}
2012-02-21 02:10:09 -------- d-----w- C:\Users\Owner\AppData\Local\{D094BB67-EACA-4829-996D-D73EFFD30FB7}
2012-02-21 02:10:04 -------- d-----w- C:\Users\Owner\AppData\Local\{0087F67D-B54C-4775-AC51-13AB6E9837DF}
2012-02-20 00:20:38 -------- d-----w- C:\Users\Owner\AppData\Local\{23DFE3AE-D6E3-408D-9DC6-6FD0E18B7873}
2012-02-20 00:20:35 -------- d-----w- C:\Users\Owner\AppData\Local\{70886246-EB01-445D-B0DA-406115D5DE74}
2012-02-19 02:30:59 -------- d-----w- C:\Users\Owner\AppData\Local\{E731C0D9-9B12-4D45-8AFD-F3A59340F7E4}
2012-02-19 02:30:53 -------- d-----w- C:\Users\Owner\AppData\Local\{81B251F8-454E-4EAC-9B1C-8E54690A57D6}
2012-02-19 02:28:00 94208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2012-02-19 02:28:00 144984 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-02-19 02:27:56 -------- d-----w- C:\Users\Owner\AppData\Local\Real
2012-02-19 02:27:56 -------- d-----w- C:\Program Files (x86)\Real Alternative
2012-02-17 01:13:22 -------- d-----w- C:\Users\Owner\AppData\Local\{4AD685B9-BB3B-49B4-8961-894F6682FF52}
2012-02-17 01:13:18 -------- d-----w- C:\Users\Owner\AppData\Local\{952B8B3C-A6D3-4A66-84A0-E85EF91DE52D}
2012-02-16 17:57:06 621056 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-16 17:57:05 680448 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 17:57:04 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 17:56:56 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 17:55:18 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-02-16 17:55:18 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 03:20:03 -------- d-----w- C:\Users\Owner\AppData\Local\{8594886F-4CFF-4784-93F0-632ABEFA9EA1}
2012-02-16 03:19:59 -------- d-----w- C:\Users\Owner\AppData\Local\{08657474-DCB6-4341-B2A2-0EAD16017F3A}
2012-02-15 01:55:48 -------- d-----w- C:\Users\Owner\AppData\Local\{28BE68AD-978F-4A54-B98F-4AE286F82F3E}
2012-02-15 01:55:43 -------- d-----w- C:\Users\Owner\AppData\Local\{45791161-9A7A-4C9D-88D1-808C6DE545A9}
2012-02-13 01:07:21 -------- d-----w- C:\Users\Owner\AppData\Local\{E811FB42-EBFB-4577-B1B1-22AF3BEA012B}
2012-02-13 01:07:11 -------- d-----w- C:\Users\Owner\AppData\Local\{DB53B6E7-087C-4E8B-9766-38241E82B985}
2012-02-11 22:47:48 -------- d-----w- C:\Users\Owner\AppData\Local\{5BD85603-5E7F-47F5-83C7-EC206D72E202}
2012-02-11 22:47:42 -------- d-----w- C:\Users\Owner\AppData\Local\{B62AC994-76EB-4AB1-8261-3F845EA5CB86}
2012-02-11 03:55:13 -------- d-----w- C:\Users\Owner\AppData\Local\{9D2EE848-6273-4940-B391-2286D958D2D0}
2012-02-11 03:55:09 -------- d-----w- C:\Users\Owner\AppData\Local\{2EEA93BE-A56E-48D6-862B-40CDED9CE212}
2012-02-08 16:08:52 -------- d-----w- C:\Users\Owner\AppData\Local\{FF54C491-45FC-4AAB-8CF4-769259DD26EE}
2012-02-08 16:08:49 -------- d-----w- C:\Users\Owner\AppData\Local\{5D96FFE6-1D82-4D7E-906B-C132FE1BA363}
2012-02-08 03:40:00 -------- d-----w- C:\Users\Owner\AppData\Local\{F1C54D05-D827-462A-8580-94FE0BC7ECF7}
2012-02-08 03:39:54 -------- d-----w- C:\Users\Owner\AppData\Local\{10AC2079-CF47-4D90-B9B8-F3FC4A36C08F}
2012-02-07 04:02:09 -------- d-----w- C:\Users\Owner\AppData\Local\{091EC07D-E06E-4889-A4ED-B4140299C071}
2012-02-07 04:02:05 -------- d-----w- C:\Users\Owner\AppData\Local\{1027B64F-5FC4-4D82-AF7A-F5793C920A7E}
2012-02-06 01:51:04 -------- d-----w- C:\Users\Owner\AppData\Local\{F59B7E57-04EB-4745-834D-C6FA163B007C}
2012-02-06 01:50:59 -------- d-----w- C:\Users\Owner\AppData\Local\{470F172F-B7B6-45E8-B3B8-0B71F34491B8}
.
==================== Find3M ====================
.
2012-03-06 08:09:56 151552 ----a-w- C:\Windows\KMSEmulator.exe
2012-03-06 08:02:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-30 00:16:12 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-13 19:17:52 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-01-13 19:17:52 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 3:19:24.88 ===============


I saved the attached.text file on my computer in case you need to see that.

Thank you in advance

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 06 March 2012 - 11:59 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 06 March 2012 - 11:44 PM

So far I don't see any other symptoms on my computer besides the browser redirect when i go to best buy gaming page. here is the log from combofix. Should i change my laptop's language so the report is in english?

ComboFix 12-03-06.01 - Owner 6/2012 Tue 23:05:36.1.2 - x64
执行位置: c:\users\Owner\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
C:\ghos
c:\ghos\giex
c:\msocache\ms0.dat
c:\msocache\ms0.dll
c:\msocache\wcods.dat
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12872hhb.jpg
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12904hhb.jpg
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_342hhb.jpg
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_361hhb.jpg
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_398hhb.jpg
c:\users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TESSAFE
-------\Service_TesSafe
.
.
((((((((((((((((((((((((( 2012-02-07 至 2012-03-07 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-03-07 04:25 . 2012-03-07 04:31 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-03-07 04:25 . 2012-03-07 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 08:04 . 2012-03-06 08:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-06 08:02 . 2012-03-06 08:02 -------- d-----w- c:\program files (x86)\Java
2012-03-05 03:35 . 2012-03-05 03:52 -------- d-----w- c:\users\Owner\AppData\Local\Temporary Projects
2012-02-19 02:28 . 2008-04-28 03:00 94208 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2012-02-19 02:28 . 2008-04-28 03:00 144984 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-02-19 02:27 . 2012-02-19 02:28 -------- d-----w- c:\program files (x86)\Real Alternative
2012-02-19 02:27 . 2012-02-19 02:27 -------- d-----w- c:\users\Owner\AppData\Local\Real
2012-02-16 17:57 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 17:57 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-16 17:57 . 2012-01-12 20:16 2765824 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 17:56 . 2012-01-03 14:25 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 17:55 . 2011-12-20 10:56 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-16 17:55 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 04:29 . 2011-09-29 00:32 151552 ----a-w- c:\windows\KMSEmulator.exe
2012-03-06 08:02 . 2010-05-28 17:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-30 00:16 . 2011-10-27 21:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-23 08:49 . 2012-01-11 04:43 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-01-13 19:17 . 2010-03-18 14:15 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-01-13 19:17 . 2010-03-18 14:15 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2011-12-10 20:24 . 2011-02-22 06:29 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{45819714-710C-B370-68F2-8DE2F078C7F6}]
2012-02-28 11:02 516472 ----a-w- c:\program files (x86)\Tencent\SOSOAddr\ieaddr.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" [2011-05-20 439744]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-30 3077528]
"Facebook Update"="c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2011-03-25 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2011-03-25 406992]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
patchvt.lnk - c:\softbatch\patchvt.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 0027131230143207mcinstcleanup;0027131230143207mcinstcleanup; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ XLDoctor Service
.
计划任务 文件夹 里的内容
.
2012-03-07 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-09-29 00:33]
.
2012-03-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 03:25]
.
2012-03-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 03:25]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 21:39]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 21:39]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{7842C86A-50CA-44B3-A941-E6D44BBA0B2F}.job
- c:\windows\system32\msfeedssync.exe [2011-06-02 23:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-30 5682688]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1432144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF16042.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &使用QQ旋风下载 - c:\program files (x86)\Tencent\QQDownload\geturl.htm
IE: &使用QQ旋风下载全部链接 - c:\program files (x86)\Tencent\QQDownload\getAllurl.htm
IE: &使用QQ旋风离线下载 - c:\program files (x86)\Tencent\QQDownload\xfofflinedown.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 10.0.0.1
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KuGou7\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KuGou7\KUGOO3~1.OCX
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 61.92.58.11
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\HOMERunner.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MusicManager - c:\users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\Jumpstart\jswtrayutil.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(uQ*Q*薳螛 N}廬
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Tencent\\QQDownload\\geturl.htm"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(uQ*Q*薳螛 N}廻Q钀]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Tencent\\QQDownload\\getAllurl.htm"
"Contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(uQ*Q*薳螛粂縹 N}廬
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Tencent\\QQDownload\\xfofflinedown.htm"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*8nb]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,00,00,00,00,00,00,30,df,09,
42,4a,07,ca,01,07,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
"Changed"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*sQ胈峐]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*sQ胈峐\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. R@
嬇`_]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. R@
嬇`_\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000_Classes\BitTorrent\Shell\O(uQ*Q*薳螛Sb*_鍕B*T*噀鯪(*&*Q*)*\Command]
@="\"c:\\Program Files (x86)\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000_Classes\Wow6432Node\BitTorrent\Shell\O(uQ*Q*薳螛Sb*_鍕B*T*噀鯪(*&*Q*)*\Command]
@="\"c:\\Program Files (x86)\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_USERS\S-1-5-21-1181517193-3524019295-1311160477-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e5,75,ca,51,89,47,0b,05,e6,17,e8,b2,18,11,9f,4f,2e,e6,b6,79,f0,
e7,c5,07,f6,ef,ff,1b,ec,92,d9,8d,82,42,5e,8f,2f,f7,f3,21,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitTorrent\Shell\O(uQ*Q*薳螛Sb*_鍕B*T*噀鯪(*&*Q*)*\Command]
@="\"c:\\Program Files (x86)\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b3,ed,ae,63,18,26,76,09,99,bf,79,7d,d3,ee,9f,f6,9d,6a,f3,95,b0,
dc,20,d9,0f,1a,aa,d6,c1,f4,45,ea,e3,8d,2f,02,f2,09,b8,40,3e,5b,bf,78,81,73,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\BitTorrent\Shell\O(uQ*Q*薳螛Sb*_鍕B*T*噀鯪(*&*Q*)*\Command]
@="\"c:\\Program Files (x86)\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:54,a0,71,ef,d4,fb,44,5e,bf,82,50,fb,bc,5d,95,d6,c8,0c,d3,5d,88,
16,a1,c3,e0,4c,a9,1b,03,f8,00,16,d8,4e,c7,85,8e,bc,c3,d6,0e,10,de,19,8a,e0,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b3,ed,ae,63,18,26,76,09,99,bf,79,7d,d3,ee,9f,f6,9d,6a,f3,95,b0,
dc,20,d9,0f,1a,aa,d6,c1,f4,45,ea,e3,8d,2f,02,f2,09,b8,40,3e,5b,bf,78,81,73,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files\TENCENT\SOSOUpdate.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
完成时间: 2012-03-06 23:39:55 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-03-07 04:39
.
Pre-Run: 9,951,383,552 bytes free
Post-Run: 16,722,145,280 bytes free
.
- - End Of File - - 7167101D33993B601C7C222095B15EE6

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 07 March 2012 - 11:16 AM

Greetings

you can leave the language the way it is for now.

you only get redirected from one page?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 07 March 2012 - 02:58 PM

Out of all the web addresses i go to... only the bestbuy - games link redirects me. That's why I didn't pay much attentions to it at first but it happened again so it got me worried. Both times after it redirects me... Malwarebytes detects infected objects.

I keep holding off updating Adobe flash... because every time i update it to the newer version... my computer would crash and go to a blue screen and I had to go back to last known configuration in order to stop the random crash. I'm not sure if that will make my computer more vulnerable..

here is the TDSS log:

13:18:29.0589 4556 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
13:18:30.0189 4556 ============================================================
13:18:30.0189 4556 Current date / time: 2012/03/07 13:18:30.0189
13:18:30.0189 4556 SystemInfo:
13:18:30.0189 4556
13:18:30.0189 4556 OS Version: 6.0.6002 ServicePack: 2.0
13:18:30.0189 4556 Product type: Workstation
13:18:30.0189 4556 ComputerName: OWNER-PC
13:18:30.0190 4556 UserName: Owner
13:18:30.0190 4556 Windows directory: C:\Windows
13:18:30.0190 4556 System windows directory: C:\Windows
13:18:30.0190 4556 Running under WOW64
13:18:30.0190 4556 Processor architecture: Intel x64
13:18:30.0190 4556 Number of processors: 2
13:18:30.0190 4556 Page size: 0x1000
13:18:30.0190 4556 Boot type: Normal boot
13:18:30.0190 4556 ============================================================
13:18:32.0195 4556 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:32.0202 4556 \Device\Harddisk0\DR0:
13:18:32.0203 4556 MBR used
13:18:32.0203 4556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
13:18:32.0244 4556 Initialize success
13:18:32.0244 4556 ============================================================
13:18:37.0177 1092 ============================================================
13:18:37.0177 1092 Scan started
13:18:37.0177 1092 Mode: Manual;
13:18:37.0177 1092 ============================================================
13:18:41.0966 1092 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:18:41.0976 1092 ACPI - ok
13:18:42.0166 1092 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:18:42.0171 1092 adfs - ok
13:18:42.0315 1092 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:18:42.0331 1092 adp94xx - ok
13:18:42.0477 1092 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:18:42.0489 1092 adpahci - ok
13:18:42.0576 1092 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:18:42.0581 1092 adpu160m - ok
13:18:42.0700 1092 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:18:42.0706 1092 adpu320 - ok
13:18:42.0970 1092 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:18:42.0981 1092 AFD - ok
13:18:43.0200 1092 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
13:18:43.0226 1092 AgereSoftModem - ok
13:18:43.0382 1092 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:18:43.0386 1092 agp440 - ok
13:18:43.0492 1092 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:18:43.0498 1092 aic78xx - ok
13:18:43.0514 1092 Alidevice - ok
13:18:43.0613 1092 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:18:43.0618 1092 aliide - ok
13:18:43.0679 1092 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:18:43.0682 1092 amdide - ok
13:18:43.0774 1092 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
13:18:43.0778 1092 AmdK8 - ok
13:18:43.0878 1092 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:18:43.0893 1092 arc - ok
13:18:44.0038 1092 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:18:44.0042 1092 arcsas - ok
13:18:44.0184 1092 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:18:44.0187 1092 AsyncMac - ok
13:18:44.0231 1092 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:18:44.0243 1092 atapi - ok
13:18:44.0432 1092 athr (45511c7e870d3adddd60049232ea96b3) C:\Windows\system32\DRIVERS\athrx.sys
13:18:44.0464 1092 athr - ok
13:18:44.0722 1092 atikmdag (3d284fcda3a1e27b0f1227b4d1c188cf) C:\Windows\system32\DRIVERS\atikmdag.sys
13:18:44.0813 1092 atikmdag - ok
13:18:44.0987 1092 AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:18:44.0991 1092 AtiPcie - ok
13:18:45.0172 1092 Beep - ok
13:18:45.0301 1092 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:18:45.0305 1092 blbdrive - ok
13:18:45.0426 1092 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:18:45.0433 1092 bowser - ok
13:18:45.0552 1092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:18:45.0556 1092 BrFiltLo - ok
13:18:45.0608 1092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:18:45.0611 1092 BrFiltUp - ok
13:18:45.0700 1092 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:18:45.0704 1092 Brserid - ok
13:18:45.0767 1092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:18:45.0771 1092 BrSerWdm - ok
13:18:45.0846 1092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:18:45.0851 1092 BrUsbMdm - ok
13:18:45.0907 1092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:18:45.0910 1092 BrUsbSer - ok
13:18:46.0060 1092 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:18:46.0063 1092 BTHMODEM - ok
13:18:46.0101 1092 catchme - ok
13:18:46.0196 1092 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:18:46.0210 1092 cdfs - ok
13:18:46.0320 1092 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:18:46.0324 1092 cdrom - ok
13:18:46.0431 1092 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:18:46.0435 1092 circlass - ok
13:18:46.0510 1092 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:18:46.0521 1092 CLFS - ok
13:18:46.0667 1092 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
13:18:46.0671 1092 CmBatt - ok
13:18:46.0698 1092 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:18:46.0701 1092 cmdide - ok
13:18:46.0736 1092 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
13:18:46.0740 1092 Compbatt - ok
13:18:46.0991 1092 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:18:46.0996 1092 crcdisk - ok
13:18:47.0140 1092 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:18:47.0154 1092 DfsC - ok
13:18:47.0429 1092 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:18:47.0471 1092 disk - ok
13:18:47.0679 1092 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:18:47.0682 1092 drmkaud - ok
13:18:47.0782 1092 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:18:47.0802 1092 DXGKrnl - ok
13:18:47.0982 1092 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:18:47.0987 1092 E1G60 - ok
13:18:48.0072 1092 easytether - ok
13:18:48.0152 1092 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:18:48.0158 1092 Ecache - ok
13:18:48.0288 1092 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:18:48.0298 1092 elxstor - ok
13:18:48.0426 1092 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:18:48.0432 1092 ErrDev - ok
13:18:48.0540 1092 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:18:48.0550 1092 exfat - ok
13:18:48.0592 1092 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:18:48.0599 1092 fastfat - ok
13:18:48.0706 1092 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:18:48.0717 1092 fdc - ok
13:18:48.0761 1092 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:18:48.0768 1092 FileInfo - ok
13:18:48.0797 1092 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:18:48.0802 1092 Filetrace - ok
13:18:48.0949 1092 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:18:48.0963 1092 flpydisk - ok
13:18:49.0044 1092 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:18:49.0067 1092 FltMgr - ok
13:18:49.0239 1092 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:18:49.0247 1092 Fs_Rec - ok
13:18:49.0331 1092 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
13:18:49.0335 1092 FwLnk - ok
13:18:49.0372 1092 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:18:49.0376 1092 gagp30kx - ok
13:18:49.0479 1092 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:18:49.0483 1092 GEARAspiWDM - ok
13:18:49.0601 1092 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:18:49.0609 1092 HdAudAddService - ok
13:18:49.0748 1092 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:18:49.0768 1092 HDAudBus - ok
13:18:49.0871 1092 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:18:49.0875 1092 HidBth - ok
13:18:49.0901 1092 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:18:49.0922 1092 HidIr - ok
13:18:50.0038 1092 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:18:50.0041 1092 HidUsb - ok
13:18:50.0210 1092 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:18:50.0215 1092 HpCISSs - ok
13:18:50.0327 1092 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:18:50.0343 1092 HTTP - ok
13:18:50.0437 1092 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:18:50.0440 1092 i2omp - ok
13:18:50.0539 1092 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:18:50.0543 1092 i8042prt - ok
13:18:50.0581 1092 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:18:50.0589 1092 iaStorV - ok
13:18:50.0746 1092 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:18:50.0749 1092 iirsp - ok
13:18:50.0902 1092 IntcAzAudAddService (f93149ce3e6a866c5f42878bcff34b6a) C:\Windows\system32\drivers\RTKVHD64.sys
13:18:50.0941 1092 IntcAzAudAddService - ok
13:18:51.0119 1092 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:18:51.0123 1092 intelide - ok
13:18:51.0161 1092 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:18:51.0165 1092 intelppm - ok
13:18:51.0273 1092 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:18:51.0281 1092 IpFilterDriver - ok
13:18:51.0322 1092 IpInIp - ok
13:18:51.0394 1092 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:18:51.0398 1092 IPMIDRV - ok
13:18:51.0435 1092 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:18:51.0441 1092 IPNAT - ok
13:18:51.0468 1092 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:18:51.0473 1092 IRENUM - ok
13:18:51.0596 1092 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:18:51.0600 1092 isapnp - ok
13:18:51.0669 1092 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:18:51.0677 1092 iScsiPrt - ok
13:18:51.0752 1092 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:18:51.0756 1092 iteatapi - ok
13:18:51.0843 1092 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:18:51.0847 1092 iteraid - ok
13:18:52.0117 1092 JSWPSLWF (d5f6061c3109db7608002665ea40ea86) C:\Windows\system32\DRIVERS\jswpslwfx.sys
13:18:52.0127 1092 JSWPSLWF - ok
13:18:52.0398 1092 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:18:52.0402 1092 kbdclass - ok
13:18:52.0567 1092 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:18:52.0570 1092 kbdhid - ok
13:18:52.0672 1092 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
13:18:52.0686 1092 KL1 - ok
13:18:52.0776 1092 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
13:18:52.0779 1092 kl2 - ok
13:18:52.0828 1092 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
13:18:52.0838 1092 KLIF - ok
13:18:53.0008 1092 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
13:18:53.0012 1092 KLIM6 - ok
13:18:53.0082 1092 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
13:18:53.0086 1092 klmouflt - ok
13:18:53.0186 1092 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
13:18:53.0194 1092 KR10I64 - ok
13:18:53.0258 1092 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
13:18:53.0266 1092 KR10N64 - ok
13:18:53.0351 1092 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:18:53.0364 1092 KSecDD - ok
13:18:53.0475 1092 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:18:53.0479 1092 ksthunk - ok
13:18:53.0529 1092 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:18:53.0534 1092 lltdio - ok
13:18:53.0583 1092 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:18:53.0588 1092 LSI_FC - ok
13:18:53.0699 1092 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:18:53.0704 1092 LSI_SAS - ok
13:18:53.0764 1092 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:18:53.0769 1092 LSI_SCSI - ok
13:18:53.0801 1092 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:18:53.0807 1092 luafv - ok
13:18:53.0975 1092 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:18:53.0979 1092 megasas - ok
13:18:54.0047 1092 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:18:54.0057 1092 MegaSR - ok
13:18:54.0202 1092 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:18:54.0206 1092 Modem - ok
13:18:54.0301 1092 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:18:54.0305 1092 monitor - ok
13:18:54.0344 1092 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:18:54.0349 1092 mouclass - ok
13:18:54.0449 1092 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:18:54.0452 1092 mouhid - ok
13:18:54.0502 1092 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:18:54.0508 1092 MountMgr - ok
13:18:54.0591 1092 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:18:54.0599 1092 mpio - ok
13:18:54.0704 1092 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:18:54.0708 1092 mpsdrv - ok
13:18:54.0748 1092 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:18:54.0752 1092 Mraid35x - ok
13:18:54.0795 1092 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:18:54.0802 1092 MRxDAV - ok
13:18:54.0902 1092 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:18:54.0918 1092 mrxsmb - ok
13:18:55.0034 1092 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:18:55.0048 1092 mrxsmb10 - ok
13:18:55.0097 1092 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:18:55.0105 1092 mrxsmb20 - ok
13:18:55.0231 1092 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:18:55.0235 1092 msahci - ok
13:18:55.0284 1092 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:18:55.0289 1092 msdsm - ok
13:18:55.0332 1092 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:18:55.0337 1092 Msfs - ok
13:18:55.0486 1092 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:18:55.0490 1092 msisadrv - ok
13:18:55.0577 1092 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:18:55.0581 1092 MSKSSRV - ok
13:18:55.0723 1092 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:18:55.0727 1092 MSPCLOCK - ok
13:18:55.0803 1092 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:18:55.0814 1092 MSPQM - ok
13:18:55.0862 1092 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:18:55.0873 1092 MsRPC - ok
13:18:56.0003 1092 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:18:56.0008 1092 mssmbios - ok
13:18:56.0071 1092 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:18:56.0077 1092 MSTEE - ok
13:18:56.0120 1092 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:18:56.0125 1092 Mup - ok
13:18:56.0255 1092 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:18:56.0269 1092 NativeWifiP - ok
13:18:56.0360 1092 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:18:56.0378 1092 NDIS - ok
13:18:56.0457 1092 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:18:56.0461 1092 NdisTapi - ok
13:18:56.0486 1092 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:18:56.0491 1092 Ndisuio - ok
13:18:56.0551 1092 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:18:56.0561 1092 NdisWan - ok
13:18:56.0584 1092 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:18:56.0589 1092 NDProxy - ok
13:18:56.0725 1092 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:18:56.0731 1092 NetBIOS - ok
13:18:56.0787 1092 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:18:56.0799 1092 netbt - ok
13:18:56.0877 1092 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:18:56.0884 1092 nfrd960 - ok
13:18:57.0038 1092 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:18:57.0043 1092 Npfs - ok
13:18:57.0097 1092 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:18:57.0104 1092 nsiproxy - ok
13:18:57.0206 1092 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:18:57.0239 1092 Ntfs - ok
13:18:57.0346 1092 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:18:57.0352 1092 Null - ok
13:18:57.0599 1092 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:18:57.0614 1092 nvraid - ok
13:18:57.0764 1092 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:18:57.0771 1092 nvstor - ok
13:18:57.0801 1092 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:18:57.0807 1092 nv_agp - ok
13:18:57.0877 1092 NwlnkFlt - ok
13:18:57.0918 1092 NwlnkFwd - ok
13:18:58.0024 1092 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
13:18:58.0029 1092 ohci1394 - ok
13:18:58.0203 1092 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:18:58.0210 1092 Parport - ok
13:18:58.0270 1092 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
13:18:58.0277 1092 partmgr - ok
13:18:58.0328 1092 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:18:58.0338 1092 pci - ok
13:18:58.0482 1092 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:18:58.0489 1092 pciide - ok
13:18:58.0584 1092 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:18:58.0593 1092 pcmcia - ok
13:18:58.0641 1092 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:18:58.0657 1092 PEAUTH - ok
13:18:58.0891 1092 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:18:58.0906 1092 PptpMiniport - ok
13:18:58.0999 1092 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:18:59.0004 1092 Processor - ok
13:18:59.0125 1092 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:18:59.0135 1092 PSched - ok
13:18:59.0260 1092 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:18:59.0287 1092 ql2300 - ok
13:18:59.0402 1092 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:18:59.0407 1092 ql40xx - ok
13:18:59.0445 1092 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:18:59.0451 1092 QWAVEdrv - ok
13:18:59.0475 1092 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:18:59.0478 1092 RasAcd - ok
13:18:59.0655 1092 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:18:59.0663 1092 Rasl2tp - ok
13:18:59.0721 1092 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:18:59.0729 1092 RasPppoe - ok
13:18:59.0762 1092 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:18:59.0770 1092 RasSstp - ok
13:18:59.0888 1092 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:18:59.0897 1092 rdbss - ok
13:19:00.0018 1092 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:00.0024 1092 RDPCDD - ok
13:19:00.0101 1092 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:19:00.0110 1092 rdpdr - ok
13:19:00.0196 1092 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:19:00.0202 1092 RDPENCDD - ok
13:19:00.0318 1092 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
13:19:00.0329 1092 RDPWD - ok
13:19:00.0510 1092 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:19:00.0516 1092 rspndr - ok
13:19:00.0665 1092 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:19:00.0686 1092 RTL8169 - ok
13:19:00.0838 1092 RTSTOR (e0579df3e170c00bc139f610405aef7a) C:\Windows\system32\drivers\RTSTOR64.SYS
13:19:00.0843 1092 RTSTOR - ok
13:19:00.0913 1092 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:19:00.0927 1092 sbp2port - ok
13:19:00.0983 1092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:19:00.0987 1092 secdrv - ok
13:19:01.0163 1092 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:19:01.0167 1092 Serenum - ok
13:19:01.0227 1092 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:19:01.0234 1092 Serial - ok
13:19:01.0342 1092 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:19:01.0346 1092 sermouse - ok
13:19:01.0396 1092 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:19:01.0400 1092 sffdisk - ok
13:19:01.0427 1092 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:19:01.0431 1092 sffp_mmc - ok
13:19:01.0457 1092 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:19:01.0461 1092 sffp_sd - ok
13:19:01.0554 1092 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:19:01.0559 1092 sfloppy - ok
13:19:01.0600 1092 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:19:01.0614 1092 SiSRaid2 - ok
13:19:01.0648 1092 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:19:01.0656 1092 SiSRaid4 - ok
13:19:01.0862 1092 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:19:01.0870 1092 Smb - ok
13:19:01.0966 1092 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:19:01.0971 1092 spldr - ok
13:19:02.0141 1092 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
13:19:02.0164 1092 sptd - ok
13:19:02.0300 1092 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:19:02.0315 1092 srv - ok
13:19:02.0437 1092 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:19:02.0448 1092 srv2 - ok
13:19:02.0540 1092 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:19:02.0550 1092 srvnet - ok
13:19:02.0674 1092 SVRPEDRV - ok
13:19:02.0738 1092 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:19:02.0743 1092 swenum - ok
13:19:02.0912 1092 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:19:02.0930 1092 Symc8xx - ok
13:19:02.0978 1092 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:19:02.0982 1092 Sym_hi - ok
13:19:03.0058 1092 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:19:03.0063 1092 Sym_u3 - ok
13:19:03.0147 1092 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
13:19:03.0155 1092 SynTP - ok
13:19:03.0310 1092 tcphoc - ok
13:19:03.0427 1092 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
13:19:03.0462 1092 Tcpip - ok
13:19:03.0671 1092 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
13:19:03.0688 1092 Tcpip6 - ok
13:19:03.0824 1092 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
13:19:03.0831 1092 tcpipreg - ok
13:19:03.0909 1092 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
13:19:03.0927 1092 tdcmdpst - ok
13:19:03.0983 1092 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:19:03.0990 1092 TDPIPE - ok
13:19:04.0094 1092 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:19:04.0100 1092 TDTCP - ok
13:19:04.0196 1092 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:19:04.0205 1092 tdx - ok
13:19:04.0361 1092 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:19:04.0365 1092 TermDD - ok
13:19:04.0491 1092 tos_sps64 (711ee5ea958c345a50b69abbbd74d646) C:\Windows\system32\DRIVERS\tos_sps64.sys
13:19:04.0505 1092 tos_sps64 - ok
13:19:04.0610 1092 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:04.0616 1092 tssecsrv - ok
13:19:04.0685 1092 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:19:04.0690 1092 tunmp - ok
13:19:04.0754 1092 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:19:04.0762 1092 tunnel - ok
13:19:04.0867 1092 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
13:19:04.0872 1092 TVALZ - ok
13:19:04.0905 1092 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:19:04.0932 1092 uagp35 - ok
13:19:05.0070 1092 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:19:05.0082 1092 udfs - ok
13:19:05.0242 1092 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:19:05.0247 1092 uliagpkx - ok
13:19:05.0332 1092 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:19:05.0340 1092 uliahci - ok
13:19:05.0443 1092 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:19:05.0449 1092 UlSata - ok
13:19:05.0521 1092 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:19:05.0527 1092 ulsata2 - ok
13:19:05.0555 1092 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:19:05.0560 1092 umbus - ok
13:19:05.0677 1092 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:19:05.0681 1092 USBAAPL64 - ok
13:19:05.0731 1092 usbbus (e493a1ab49cec05e48828cf949a5a2c3) C:\Windows\system32\DRIVERS\lgx64bus.sys
13:19:05.0734 1092 usbbus - ok
13:19:05.0769 1092 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:19:05.0774 1092 usbccgp - ok
13:19:05.0863 1092 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:19:05.0869 1092 usbcir - ok
13:19:06.0000 1092 UsbDiag (0614c32187d0d12ad971d83df2eb9b53) C:\Windows\system32\DRIVERS\lgx64diag.sys
13:19:06.0003 1092 UsbDiag - ok
13:19:06.0103 1092 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:19:06.0112 1092 usbehci - ok
13:19:06.0174 1092 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:19:06.0183 1092 usbhub - ok
13:19:06.0359 1092 USBModem (ecc1f29b4d25ef757bd0986c6a0518d6) C:\Windows\system32\DRIVERS\lgx64modem.sys
13:19:06.0362 1092 USBModem - ok
13:19:06.0432 1092 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
13:19:06.0436 1092 usbohci - ok
13:19:06.0499 1092 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:19:06.0503 1092 usbprint - ok
13:19:06.0560 1092 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:06.0568 1092 USBSTOR - ok
13:19:06.0654 1092 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:19:06.0660 1092 usbuhci - ok
13:19:06.0776 1092 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
13:19:06.0784 1092 usbvideo - ok
13:19:06.0835 1092 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
13:19:06.0839 1092 UVCFTR - ok
13:19:06.0909 1092 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:06.0922 1092 vga - ok
13:19:07.0001 1092 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:19:07.0007 1092 VgaSave - ok
13:19:07.0046 1092 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:19:07.0050 1092 viaide - ok
13:19:07.0127 1092 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:19:07.0133 1092 volmgr - ok
13:19:07.0229 1092 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:19:07.0240 1092 volmgrx - ok
13:19:07.0332 1092 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:19:07.0341 1092 volsnap - ok
13:19:07.0459 1092 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:19:07.0465 1092 vsmraid - ok
13:19:07.0543 1092 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:19:07.0547 1092 WacomPen - ok
13:19:07.0583 1092 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:07.0591 1092 Wanarp - ok
13:19:07.0598 1092 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:07.0607 1092 Wanarpv6 - ok
13:19:07.0702 1092 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:19:07.0707 1092 Wd - ok
13:19:07.0800 1092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:19:07.0826 1092 Wdf01000 - ok
13:19:07.0936 1092 WinFLdrv - ok
13:19:08.0468 1092 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:19:08.0472 1092 WinUsb - ok
13:19:08.0560 1092 WinVd32 (8938da7b728ad4987df3e5c0fe22a24e) C:\Windows\WinVd32.sys
13:19:08.0566 1092 WinVd32 - ok
13:19:08.0689 1092 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:19:08.0693 1092 WmiAcpi - ok
13:19:08.0796 1092 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:19:08.0801 1092 WpdUsb - ok
13:19:08.0981 1092 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:19:08.0987 1092 ws2ifsl - ok
13:19:09.0073 1092 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:09.0080 1092 WUDFRd - ok
13:19:09.0125 1092 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:19:09.0180 1092 \Device\Harddisk0\DR0 - ok
13:19:09.0185 1092 Boot (0x1200) (f02069db5675f0845e4dede59bc00d6f) \Device\Harddisk0\DR0\Partition0
13:19:09.0187 1092 \Device\Harddisk0\DR0\Partition0 - ok
13:19:09.0189 1092 ============================================================
13:19:09.0189 1092 Scan finished
13:19:09.0189 1092 ============================================================
13:19:09.0207 5996 Detected object count: 0
13:19:09.0207 5996 Actual detected object count: 0


aswMBR log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-07 13:20:24
-----------------------------
13:20:24.236 OS Version: Windows x64 6.0.6002 Service Pack 2
13:20:24.236 Number of processors: 2 586 0x6802
13:20:24.237 ComputerName: OWNER-PC UserName: Owner
13:20:43.449 Initialize success
13:21:37.093 AVAST engine defs: 12030700
13:22:03.763 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:22:03.766 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC33P Size: 238475MB BusType: 3
13:22:03.792 Disk 0 MBR read successfully
13:22:03.795 Disk 0 MBR scan
13:22:03.803 Disk 0 Windows VISTA default MBR code
13:22:03.808 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:22:03.824 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
13:22:03.851 Disk 0 scanning C:\Windows\system32\drivers
13:22:18.931 Service scanning
13:23:07.599 Modules scanning
13:23:07.609 Disk 0 trace - called modules:
13:23:07.634 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:23:07.638 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058dc790]
13:23:08.001 3 CLASSPNP.SYS[fffffa60019aac33] -> nt!IofCallDriver -> [0xfffffa8004745760]
13:23:08.008 5 acpi.sys[fffffa600080efde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047364b0]
13:23:10.288 AVAST engine scan C:\Windows
13:23:30.177 AVAST engine scan C:\Windows\system32
13:38:11.837 AVAST engine scan C:\Windows\system32\drivers
13:38:42.245 AVAST engine scan C:\Users\Owner
14:27:01.196 AVAST engine scan C:\ProgramData
14:51:09.506 Scan finished successfully
14:55:54.738 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:55:54.744 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 07 March 2012 - 08:22 PM

Hello

Most likely because it only happens on one website it is not malware, I will do a few more checks but so far things seem to be pretty clean.

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 08 March 2012 - 12:57 AM

I just Google my issue and it seems like it is happening with others as well. I feel a little more relieved knowing it is not my system that is infected. I noticed ComboFix deleted Google Music... was it a bad program?



here is the log...


OTL logfile created on: 3/7/2012 11:35:47 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 42.70% Memory free
7.96 Gb Paging File | 5.50 Gb Available in Paging File | 69.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.42 Gb Total Space | 11.61 Gb Free Space | 5.02% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TENCENT\SOSOUpdate.exe (Tencent)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SOSOUpSvc) -- C:\Program Files\TENCENT\SOSOUpdate.exe (Tencent)
SRV:64bit: - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV:64bit: - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (jswpsapi) -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\DRIVERS\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (KR10N64) -- C:\Windows\SysNative\drivers\kr10n64.sys (TOSHIBA CORPORATION)
DRV:64bit: - (KR10I64) -- C:\Windows\SysNative\drivers\kr10i64.sys (TOSHIBA CORPORATION)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (WinVd32) -- C:\Windows\WinVd32.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3494DBAE-6BF6-40F8-B19A-F75BA1F99AC4}
IE:64bit: - HKLM\..\SearchScopes\{3494DBAE-6BF6-40F8-B19A-F75BA1F99AC4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=kz0d7rzRXkKl1Z2BxnBC!6060wc50g00&lr=&ie={inputEncoding}&unc=y400372_2
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(666).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 17:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 17:56:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 17:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 21:35:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/18 21:28:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Owner\Application Data\IDM\idmmzcc5

[2010/07/13 18:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2009/01/03 20:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/07/13 18:57:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/03/04 13:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions
[2011/05/15 12:27:45 | 000,000,000 | ---D | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/09/04 09:33:56 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/10/27 21:48:25 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2010/05/18 20:41:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/04 13:50:20 | 000,000,000 | ---D | M] (Personas Rotator) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}
[2010/07/14 23:07:01 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2011/12/23 23:24:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/22 13:31:28 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/12 23:54:16 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2rk37a9z.default\extensions\personas@christopher.beard
[2012/03/06 03:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/06 03:03:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/19 22:39:21 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011/04/19 22:39:14 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/02/18 21:35:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/23 04:14:16 | 000,070,984 | ---- | M] (Tencent Technology (Shenzhen) Company Limited) -- C:\Program Files (x86)\mozilla firefox\components\QQDownloadFFH.dll
[2009/11/16 05:09:22 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files (x86)\mozilla firefox\components\ThunderComponent.dll
[2012/03/06 03:02:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/05 02:29:18 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/10 11:17:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/06 23:30:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (QQCycloneHelper Class) - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
O2 - BHO: (IE Search Helper) - {45819714-710C-B370-68F2-8DE2F078C7F6} - C:\Program Files (x86)\Tencent\SOSOAddr\ieaddr.dll (腾讯)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files (x86)\PPLive\PPVA\DownloaderManager.dll (Synacast)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\patchvt.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &使用QQ旋风下载 - C:\Program Files (x86)\Tencent\QQDownload\geturl.htm ()
O8:64bit: - Extra context menu item: &使用QQ旋风下载全部链接 - C:\Program Files (x86)\Tencent\QQDownload\getAllurl.htm ()
O8:64bit: - Extra context menu item: &使用QQ旋风离线下载 - C:\Program Files (x86)\Tencent\QQDownload\xfofflinedown.htm ()
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: &使用QQ旋风下载 - C:\Program Files (x86)\Tencent\QQDownload\geturl.htm ()
O8 - Extra context menu item: &使用QQ旋风下载全部链接 - C:\Program Files (x86)\Tencent\QQDownload\getAllurl.htm ()
O8 - Extra context menu item: &使用QQ旋风离线下载 - C:\Program Files (x86)\Tencent\QQDownload\xfofflinedown.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1181517193-3524019295-1311160477-1000\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/zh-Hant/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C4C76BD-ADF8-4605-883D-FBB144CF0A22}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou7\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou7\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 23:34:42 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/03/07 23:04:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{83772836-4E76-4C47-9034-195E0E772D8B}
[2012/03/07 23:04:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C439230D-1E38-4808-9713-F79606BCC806}
[2012/03/07 13:18:18 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/03/07 13:17:48 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/03/07 02:46:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Wonder Miriam
[2012/03/07 01:13:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B2554A04-6912-4A4B-8970-D460C73E98F9}
[2012/03/07 01:12:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{61AAB605-BA66-414C-923E-62E61F4AF58B}
[2012/03/06 23:31:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 23:25:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/06 23:25:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/03/06 23:02:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 23:02:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 23:02:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/06 23:02:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 22:54:01 | 004,428,059 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/06 11:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\07_03_2012_Kaspersky_Fresh_Keys
[2012/03/06 03:07:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/03/06 03:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/06 03:03:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/06 03:03:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/06 03:03:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/06 03:02:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/06 01:23:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AF15DEBB-AA91-4C5A-9187-62D331D2E8DA}
[2012/03/06 01:23:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2AFCF996-A1E7-495C-9507-F974C72C7393}
[2012/03/04 22:28:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AF4DFE90-6104-4124-AAC1-2EF57DADD254}
[2012/03/04 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FEB706BF-060E-4A0E-B508-6DA1FCBC1B91}
[2012/03/03 22:42:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C39C69F3-1607-4E7E-8C7B-47C16C8EEBC1}
[2012/03/03 22:42:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BFF5D03F-E6AC-4907-A8EF-A2506527BB35}
[2012/03/02 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9AB4C948-42B9-4257-B6AA-5D36B17DE18F}
[2012/03/02 20:30:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{86F18F38-0D8C-4D8B-8212-FE22D1D674D1}
[2012/03/01 22:13:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8E11A4F4-FF16-41FE-869C-5763A1466D65}
[2012/03/01 22:13:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E3B8F3EF-1937-42C4-A249-28E78394E926}
[2012/02/29 20:27:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{562C7638-9ACA-4AAA-81C1-DCBA8CDFD356}
[2012/02/29 20:27:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{77965B21-7F7B-4C8B-964E-D1E6E10E50C3}
[2012/02/29 19:32:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New Folder
[2012/02/28 21:03:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A180D8C2-F971-4869-9B55-1F1581293C83}
[2012/02/28 21:03:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DCBC0890-8CA0-4198-927C-464B805F4D4B}
[2012/02/27 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{84BBC536-0FE9-464A-9B61-E969AF43CE47}
[2012/02/27 22:07:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{63180006-DF9C-49AC-979C-8CC853EB9B59}
[2012/02/26 22:19:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0E6CCD76-3644-4F3E-97C2-A79D169FAAFE}
[2012/02/26 22:19:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5AB03B33-A214-4E15-8E5D-F5FD5D771467}
[2012/02/24 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C32A18BE-21D6-4CDD-9D5D-D31787EDB4A0}
[2012/02/24 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C7C48770-566D-44D8-9617-AD4461F12614}
[2012/02/23 20:59:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{79EE9C4B-8F2F-4AFD-AFF0-BE0A21A8F11E}
[2012/02/23 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E9B98E26-110D-4FED-9B0C-13FE77EB54FA}
[2012/02/22 10:39:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{90208527-D418-4507-8F28-11705255EFC9}
[2012/02/22 10:39:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{222CE4B0-E4E4-441B-84B2-EA495218981D}
[2012/02/21 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FCD3E3D0-223E-4A96-9A94-129E3D6DB83B}
[2012/02/21 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9CC91E26-221C-41B0-92AB-7ABE484FB045}
[2012/02/20 21:10:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D094BB67-EACA-4829-996D-D73EFFD30FB7}
[2012/02/20 21:10:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0087F67D-B54C-4775-AC51-13AB6E9837DF}
[2012/02/19 19:20:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{23DFE3AE-D6E3-408D-9DC6-6FD0E18B7873}
[2012/02/19 19:20:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{70886246-EB01-445D-B0DA-406115D5DE74}
[2012/02/18 21:30:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E731C0D9-9B12-4D45-8AFD-F3A59340F7E4}
[2012/02/18 21:30:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{81B251F8-454E-4EAC-9B1C-8E54690A57D6}
[2012/02/18 21:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
[2012/02/18 21:27:58 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012/02/18 21:27:58 | 000,185,944 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/02/18 21:27:58 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/02/18 21:27:58 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/02/18 21:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Alternative
[2012/02/18 21:27:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Real
[2012/02/18 21:27:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Real
[2012/02/18 21:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/02/17 03:05:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/17 03:05:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/17 03:05:46 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/17 03:05:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/17 03:05:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/17 03:05:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/17 03:05:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/17 03:05:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/17 03:05:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/17 03:05:40 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/17 03:05:39 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/16 20:13:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4AD685B9-BB3B-49B4-8961-894F6682FF52}
[2012/02/16 20:13:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{952B8B3C-A6D3-4A66-84A0-E85EF91DE52D}
[2012/02/16 12:57:06 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 22:20:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8594886F-4CFF-4784-93F0-632ABEFA9EA1}
[2012/02/15 22:19:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{08657474-DCB6-4341-B2A2-0EAD16017F3A}
[2012/02/14 20:55:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{28BE68AD-978F-4A54-B98F-4AE286F82F3E}
[2012/02/14 20:55:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{45791161-9A7A-4C9D-88D1-808C6DE545A9}
[2012/02/12 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E811FB42-EBFB-4577-B1B1-22AF3BEA012B}
[2012/02/12 20:07:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DB53B6E7-087C-4E8B-9766-38241E82B985}
[2012/02/11 17:47:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5BD85603-5E7F-47F5-83C7-EC206D72E202}
[2012/02/11 17:47:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B62AC994-76EB-4AB1-8261-3F845EA5CB86}
[2012/02/10 22:55:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9D2EE848-6273-4940-B391-2286D958D2D0}
[2012/02/10 22:55:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2EEA93BE-A56E-48D6-862B-40CDED9CE212}
[2012/02/08 11:08:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FF54C491-45FC-4AAB-8CF4-769259DD26EE}
[2012/02/08 11:08:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5D96FFE6-1D82-4D7E-906B-C132FE1BA363}
[2012/02/07 22:40:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F1C54D05-D827-462A-8580-94FE0BC7ECF7}
[2012/02/07 22:39:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{10AC2079-CF47-4D90-B9B8-F3FC4A36C08F}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 23:50:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000UA.job
[2012/03/07 23:34:43 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/03/07 23:30:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000UA.job
[2012/03/07 23:30:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000Core.job
[2012/03/07 23:28:59 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/03/07 22:42:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 19:50:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181517193-3524019295-1311160477-1000Core.job
[2012/03/07 19:32:46 | 435,066,281 | ---- | M] () -- C:\Users\Owner\Desktop\TVBOXNOW+Battle+Of+The+Senses+Ch02.rmvb
[2012/03/07 14:55:54 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/03/07 13:18:47 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2012/03/07 13:17:48 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/03/07 13:13:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 13:13:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 02:52:03 | 000,050,639 | ---- | M] () -- C:\Users\Owner\Desktop\162021.jpg
[2012/03/06 23:30:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/06 23:29:28 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/03/06 23:28:50 | 4158,263,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 22:54:15 | 004,428,059 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/03/06 03:07:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2012/03/06 03:06:44 | 000,000,020 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2012/03/06 03:06:19 | 000,050,477 | ---- | M] () -- C:\Users\Owner\Desktop\Defogger.exe
[2012/03/06 03:02:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/06 03:02:48 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/06 03:02:48 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/06 03:02:48 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/04 20:42:35 | 000,773,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/04 20:42:35 | 000,644,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/04 20:42:35 | 000,123,876 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/28 21:43:16 | 001,315,619 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_20120228_214117.jpg
[2012/02/25 20:48:00 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/02/23 16:54:35 | 000,000,153 | ---- | M] () -- C:\Windows\SysWow64\test.aok
[2012/02/17 21:34:09 | 000,000,102 | -H-- | M] () -- C:\Windows\SysWow64\update.jpg
[2012/02/17 04:03:15 | 004,971,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 18:55:59 | 435,066,281 | ---- | C] () -- C:\Users\Owner\Desktop\TVBOXNOW+Battle+Of+The+Senses+Ch02.rmvb
[2012/03/07 14:55:54 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/03/07 02:52:02 | 000,050,639 | ---- | C] () -- C:\Users\Owner\Desktop\162021.jpg
[2012/03/06 23:02:58 | 000,518,144 | ---- | C] () -- C:\Windows\SWREG.exe
[2012/03/06 23:02:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 23:02:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 23:02:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 23:02:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 23:02:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 03:06:43 | 000,000,020 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2012/03/06 03:06:11 | 000,050,477 | ---- | C] () -- C:\Users\Owner\Desktop\Defogger.exe
[2012/02/28 21:42:37 | 001,315,619 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_20120228_214117.jpg
[2012/02/12 20:07:09 | 000,000,102 | -H-- | C] () -- C:\Windows\SysWow64\update.jpg
[2011/09/28 19:32:59 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/06/08 22:15:02 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll
[2011/05/08 00:47:38 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/13 20:22:08 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011/01/31 22:27:37 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011/01/31 22:27:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2010/12/14 01:10:15 | 000,000,093 | ---- | C] () -- C:\Users\Owner\AppData\Local\fusioncache.dat
[2010/08/28 13:35:47 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/08/16 20:15:59 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2010/08/16 20:15:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2010/03/12 22:50:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/03/12 22:50:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/03/12 22:50:05 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/03/12 22:50:05 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/03/12 22:50:05 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/03/12 22:50:04 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 1235 bytes -> C:\ProgramData\Microsoft:OMONsHBmQR4NGAVHHSy3y
@Alternate Data Stream - 1140 bytes -> C:\Users\Owner\AppData\Local\FHSX218i:xFelZzIBhHqTI7xAdGLtGtTDkbLQi
@Alternate Data Stream - 1044 bytes -> C:\ProgramData\Microsoft:ulte64JzlMvBBLv1QqIRDxy

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 08 March 2012 - 02:09 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O2 - BHO: (IE Search Helper) - {45819714-710C-B370-68F2-8DE2F078C7F6} - C:\Program Files (x86)\Tencent\SOSOAddr\ieaddr.dll (??)
    @Alternate Data Stream - 1235 bytes -> C:\ProgramData\Microsoft:OMONsHBmQR4NGAVHHSy3y
    @Alternate Data Stream - 1140 bytes -> C:\Users\Owner\AppData\Local\FHSX218i:xFelZzIBhHqTI7xAdGLtGtTDkbLQi
    @Alternate Data Stream - 1044 bytes -> C:\ProgramData\Microsoft:ulte64JzlMvBBLv1QqIRDxy
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Edited by gringo_pr, 09 March 2012 - 01:36 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 08 March 2012 - 05:54 PM

a window popped up about host file.. and it is now trying to reset HOSTS file for hours now. It told me not to interrupt it but I don't think it's going anywhere. Do i keep waiting?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 08 March 2012 - 10:33 PM

stop it from task manager and come let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 March 2012 - 12:46 AM

I just stopped it from task manager and my laptop has been running smooth, I haven't seen anything unusual happening yet.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 09 March 2012 - 01:37 AM

I have edited the script and took out the hostfile - I want you to try and run it again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 09 March 2012 - 05:27 PM

this time it finished very fast. Here is the log the program produced

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45819714-710C-B370-68F2-8DE2F078C7F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45819714-710C-B370-68F2-8DE2F078C7F6}\ not found.
File C:\Program Files (x86)\Tencent\SOSOAddr\ieaddr.dll not found.
Unable to delete ADS C:\ProgramData\Microsoft:OMONsHBmQR4NGAVHHSy3y .
Unable to delete ADS C:\Users\Owner\AppData\Local\FHSX218i:xFelZzIBhHqTI7xAdGLtGtTDkbLQi .
Unable to delete ADS C:\ProgramData\Microsoft:ulte64JzlMvBBLv1QqIRDxy .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 908930 bytes
->Temporary Internet Files folder emptied: 1804007 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97754538 bytes
->Flash cache emptied: 2343 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 304 bytes

Total Files Cleaned = 96.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03092012_172044

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\klsD65F.tmp not found!

Registry entries deleted on Reboot...

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:40 PM

Posted 09 March 2012 - 09:33 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dotdots

dotdots
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 10 March 2012 - 12:19 AM

At first I didn't know pressing the buttons in desktop so i opened combofix again.. but i quit it when the terminal window popped up...i hope i didn't mess up anything.

here is the report:


Adobe AIR
Adobe Community Help
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Allok 3GP PSP MP4 iPod Video Converter 4.7.1202
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Camera Assistant Software for Toshiba
Canon iP1800 series User Registration
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Combined Community Codec Pack 2009-09-09
D3DX10
DebugMode PluginPac (remove only)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Facebook Video Calling 1.1.1.1
Flickr Uploadr 3.2.1
Folder Lock
Frontline Excel Solvers V11.5
Garmin Communicator Plugin
Garmin USB Drivers
GOM Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IE搜索助手
ImagXpress
Java Auto Updater
Java™ 6 Update 31
Kaspersky Internet Security 2011
LG USB Modem driver
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
neroxml
Octoshape add-in for Adobe Flash Player
ooVoo
Pando Media Booster
PDF Settings CS5
PPLive Video Accelerator
PPTV V3.0.2.0011
QQ旋风3.5
QuickTime
Real Alternative 1.8.0
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skins
TeamViewer 6
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VC_MergeModuleToMSI
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.1.4
WBFS Manager 3.0
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
美图秀秀 3.0.0
酷狗7 版本 7.1.25.13075




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users