Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef.y sirefef.w sirefef.b present. Laptop keeps rebooting every 1 minute. Firewall cannot turn on


  • This topic is locked This topic is locked
20 replies to this topic

#1 hslee5

hslee5

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 26 July 2012 - 10:16 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lee Han Siang at 10:43:13 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.8103.5929 [GMT 8:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Trend Micro Firewall Booster *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\P1\P1 4G\GPCommonService.exe
C:\Program Files\P1\P1 4G\GPCommonServicex64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com.my/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [P1 4G] "C:\Program Files\P1\P1 4G\P1 4G.exe" minimized
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE00F5F5-0FBA-4099-927D-00250EFFD793} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE00F5F5-0FBA-4099-927D-00250EFFD793}\3557D6D6562735471627 : DhcpNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{AE00F5F5-0FBA-4099-927D-00250EFFD793}\3756279756568323 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE00F5F5-0FBA-4099-927D-00250EFFD793}\759666965545D423 : DhcpNameServer = 161.139.16.2 161.139.250.2
TCP: Interfaces\{D5ADAFFC-F6C2-4DBE-A89C-84E0BD8B61CA} : DhcpNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{DCADCEC2-9D6E-42B0-950F-63724D09F00D} : DhcpNameServer = 122.255.99.228 122.255.99.236
TCP: Interfaces\{F9BAFBC7-A03D-4A9C-9AED-4A93973F6DA6} : DhcpNameServer = 122.255.99.228 122.255.99.236
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
IFEO: asusvibelauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: asuswspanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: backache.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: backbone.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: facemgr.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [ASUSWebStorage REG_SZ C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S ]
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [UpdateP2GoShortCut REG_SZ "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" ]
mRun-x64: [Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" ]
mRun-x64: [(Default)]
mRun-x64: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
IFEO-X64: asusvibelauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: asuswspanel.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: backache.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: backbone.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: facemgr.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lee Han Siang\AppData\Roaming\Mozilla\Firefox\Profiles\on6v59lq.default\
FF - prefs.js: browser.startup.homepage - hxxp://malaysia.msn.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1340173246&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Fid%3D64855&lc=2057&id=64855&mkt=en-gb&cbcxt=mai|http://www.google.com.my/search?q=clown+badut+johor+bahru&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a#hl=en&client=firefox-a&hs=spu&rls=org.mozilla:en-GB%3Aofficial&sclient=psy-ab&q=clown+johor+bahru&oq=clown+johor+bahru&aq=f&aqi=&aql=&gs_l=serp.3...45561.45561.0.45899.1.1.0.0.0.0.0.0..0.0...0.0.pT7qCgEPvKk&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=e3a118168db984e&biw=1366&bih=644|http://www.mudah.my/Clown+Badut+in+Johor+Bahru+and+Face+painting-7137115.htm|http://johorbahru.olx.com.my/clown-badut-johor-bahru-iid-133835631|http://www.adpost.com/my/business_products_services/12173/|http://habaq.my/ads/clown-badut-johor-bahru-and-face-painting/|http://my.wowcity.com/johorbaharu/locbus2/7065436628942451836/lee-clown-badut-service-johor-.htm|http://my.wowcity.com/pontian/locbus2/7065436628942451836/lee-clown-badut-service-johor-.htm|http://www.poba.my/ad09276829368.html|http://www.lelong.com.my/lee-clown-badut-service-johor-bahru-85560038-2011-08-Sale-P.htm|http://www.facebook.com/lee.clown.service|http://www.hotfrog.com.my/Companies/Clown-badut-Johor-Bahru|http://maxi24.com.my/681949-clown-badut-johor-bahru/details.html|http://jbcool.com/clown-badut-services-in-johor-bahru/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lee Han Siang\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-13 256336]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 GPCommonService(64);GPCommonService(64);C:\Program Files\P1\P1 4G\GPCommonServicex64.exe [2011-12-14 111104]
R2 GPCommonService;GPCommonService;C:\Program Files\P1\P1 4G\GPCommonService.exe [2011-12-14 90112]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-26 655944]
R2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;C:\Windows\system32\DRIVERS\mtkwmptv_x64.sys --> C:\Windows\system32\DRIVERS\mtkwmptv_x64.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-15 2348352]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-2-9 2143552]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-2-9 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GuardService;GuardService;C:\Program Files (x86)\Google\Common\Guard\guardServiceCh.exe --> C:\Program Files (x86)\Google\Common\Guard\guardServiceCh.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-13 135664]
S2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-13 135664]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 113120]
S3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;C:\Windows\system32\DRIVERS\mt7118vu_x64.sys --> C:\Windows\system32\DRIVERS\mt7118vu_x64.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-27 02:02:07 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-07-27 02:02:03 328704 ----a-w- C:\Windows\System32\services.exe.842AB16B59043F17
2012-07-26 15:22:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-26 14:52:49 328704 ----a-w- C:\Windows\System32\services.exe.2E1D1132A8795449
2012-07-26 14:30:05 -------- d-----w- C:\Users\Lee Han Siang\AppData\Roaming\Malwarebytes
2012-07-26 14:30:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-26 14:30:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-24 16:26:38 -------- d-----w- C:\Program Files\CCleaner
2012-07-23 09:40:41 -------- d-----w- C:\Users\Lee Han Siang\AppData\Roaming\Wise Registry Cleaner
2012-07-23 09:37:01 -------- d-----w- C:\Program Files (x86)\Wise
2012-07-23 09:05:58 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-07-22 14:14:54 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-22 14:14:54 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-16 07:57:02 -------- d-----w- C:\Users\Lee Han Siang\AppData\Local\{83C26883-AB9F-4983-A972-2A3C639695CF}
2012-07-14 10:10:08 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-14 03:31:54 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-14 03:31:54 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-14 03:31:54 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-14 03:31:53 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-14 03:31:53 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-14 03:31:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-14 03:28:46 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-14 03:28:46 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-14 03:28:46 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-14 03:28:45 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-14 03:28:45 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-14 03:28:45 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-14 03:28:45 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-14 03:28:45 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-14 03:28:45 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-13 08:05:39 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-07-13 08:05:38 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-12 16:38:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-07-10 07:33:36 -------- d-----w- C:\Users\Lee Han Siang\AppData\Local\fontconfig
2012-07-10 07:33:33 -------- d-----w- C:\Users\Lee Han Siang\AppData\Local\gegl-0.2
2012-07-10 07:33:33 -------- d-----w- C:\Users\Lee Han Siang\.gimp-2.8
2012-07-10 07:29:55 -------- d-----w- C:\Program Files\GIMP 2
2012-07-02 14:28:54 -------- d-----w- C:\Users\Lee Han Siang\AppData\Local\SKIDROW
2012-07-02 14:13:22 -------- d-----w- C:\Program Files (x86)\Remedy Entertainment
2012-06-30 15:57:56 -------- d-----w- C:\Users\Lee Han Siang\AppData\Roaming\Garena
2012-06-30 15:57:56 -------- d-----w- C:\ProgramData\Garena
.
==================== Find3M ====================
.
2012-07-17 05:23:51 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 05:23:51 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 15:08:40 657227 ----a-w- C:\Windows\Condition Zero Uninstaller.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-05-31 01:38:40 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 10:44:09.23 ===============

Please help me. Thanks.
Symptoms:
The firewall cannot be turn on.
The windows will restart in one minute after a pop-up "You are about to be logged off."
Microsoft Security Essentials stopped.

What i have done:
i just done a System Restore to an ealier time and Scan with Anti-Malwarebytes and a lot off removal tools, some tools seem detect the virus but not completely, I still get the pop-up message at last.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 28 July 2012 - 01:36 PM

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 July 2012 - 10:34 PM

Hi,

Thanks for the reply.

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:19:09
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Lee Han Siang\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
IMEO\asusvibelauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\asuswspanel.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\backache.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\backbone.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\facemgr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\fancystart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\fastboot.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\labelprint.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\logonmgr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\p4gxui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\pdfreader.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\power2go.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\power2goexpress.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\sonicfocus.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\uninst.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\win7ui.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 GPCommonService; C:\Program Files\P1\P1 4G\GPCommonService.exe [90112 2010-10-07] (Green Packet Inc.)
2 GPCommonService(64); C:\Program Files\P1\P1 4G\GPCommonServicex64.exe [111104 2010-10-07] (Green Packet Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2012-02-28] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-08] (TuneUp Software)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
2 GuardService; C:\Program Files (x86)\Google\Common\Guard\guardServiceCh.exe [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-13] (Atheros)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-13] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-13] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-13] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-13] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-13] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-13] (Atheros)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2012-01-05] (DT Soft Ltd)
2 IDMWFP; C:\Windows\System32\Drivers\IDMWFP.sys [145008 2011-07-06] (Tonec Inc.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MT7118VU; C:\Windows\System32\DRIVERS\mt7118vu_x64.sys [154112 2010-07-04] (MediaTek Inc.)
2 MTKWMPROT; C:\Windows\System32\DRIVERS\mtkwmptv_x64.sys [18432 2010-04-25] (MediaTek Inc.)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
2 tmcomm; C:\Windows\SysWow64\Drivers\tmcomm.sys [256904 2012-06-04] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
1 tmlwf; C:\Windows\System32\Drivers\tmlwf.sys [194640 2010-09-17] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
2 tmwfp; C:\Windows\System32\Drivers\tmwfp.sys [339536 2010-09-17] (Trend Micro Inc.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-08] (TuneUp Software)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-28 19:09 - 2012-07-28 19:10 - 01438391 ____A (Farbar) C:\Users\Lee Han Siang\Downloads\FRST64.exe
2012-07-28 10:43 - 2012-07-28 10:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-28 10:43 - 2012-07-28 10:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-28 10:39 - 2012-07-28 10:39 - 00012095 ____A C:\Users\Lee Han Siang\Downloads\hijackthis.log
2012-07-28 10:35 - 2012-07-28 10:35 - 00000000 ____D C:\Archive
2012-07-28 10:34 - 2010-05-11 11:22 - 00000000 ____D C:\Users\Lee Han Siang\Downloads\64bit
2012-07-28 10:33 - 2012-07-28 10:33 - 00171362 ____A C:\Users\Lee Han Siang\AppData\Local\census.cache
2012-07-28 10:33 - 2012-07-28 10:33 - 00137392 ____A C:\Users\Lee Han Siang\AppData\Local\ars.cache
2012-07-28 10:25 - 2012-07-28 10:30 - 04265230 ____A C:\Users\Lee Han Siang\Downloads\64bit.exe
2012-07-28 10:22 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-07-28 10:19 - 2012-07-28 10:19 - 00388608 ____A (Trend Micro Inc.) C:\Users\Lee Han Siang\Downloads\HijackThis.exe
2012-07-28 10:18 - 2012-07-28 10:19 - 02002944 ____A (Trend Micro Inc.) C:\Users\Lee Han Siang\Downloads\HousecallLauncher.exe
2012-07-28 09:50 - 2012-07-28 09:50 - 00001150 ____A C:\Users\Lee Han Siang\Downloads\w7-wscsvc.zip
2012-07-28 09:15 - 2012-07-28 09:18 - 05219237 ____A (Trend Micro) C:\Users\Lee Han Siang\Downloads\rescue_disk_builder855.exe
2012-07-28 09:02 - 2012-07-28 09:02 - 00000954 ____A C:\Users\Lee Han Siang\Downloads\regfix.reg
2012-07-27 09:09 - 2012-07-27 09:09 - 00176940 ____A C:\Users\Lee Han Siang\Downloads\BFE.reg
2012-07-27 09:09 - 2012-07-27 09:09 - 00006396 ____A C:\Users\Lee Han Siang\Downloads\MpsSvc.reg
2012-07-26 19:49 - 2012-07-26 19:49 - 00000000 ____D C:\Users\Lee Han Siang\Downloads\TMRBLog
2012-07-26 19:45 - 2012-07-26 19:45 - 08656400 ____A (Trend Micro Inc.) C:\Users\Lee Han Siang\Downloads\RootkitBuster_v5_1061.exe
2012-07-26 19:41 - 2012-07-26 19:41 - 05475548 ____A C:\Users\Lee Han Siang\Downloads\sysclean.com
2012-07-26 19:30 - 2012-07-26 19:32 - 02117108 ____A C:\Users\Lee Han Siang\Downloads\tdsskiller.zip
2012-07-26 18:46 - 2012-07-26 18:46 - 00019849 ____A C:\Users\Lee Han Siang\Desktop\Attach.txt
2012-07-26 18:46 - 2012-07-26 18:46 - 00005184 ____A C:\Users\Lee Han Siang\Desktop\Attach.zip
2012-07-26 18:45 - 2012-07-26 18:45 - 00030473 ____A C:\Users\Lee Han Siang\Desktop\DDS.txt
2012-07-26 18:40 - 2012-07-26 18:43 - 00607260 ____R (Swearware) C:\Users\Lee Han Siang\Downloads\dds.scr
2012-07-26 18:37 - 2012-07-26 18:37 - 00000558 ____A C:\Users\Lee Han Siang\Desktop\defogger_disable.log
2012-07-26 18:37 - 2012-07-26 18:37 - 00000168 ____A C:\Users\Lee Han Siang\defogger_reenable
2012-07-26 18:36 - 2012-07-26 18:36 - 00050477 ____A C:\Users\Lee Han Siang\Downloads\Defogger.exe
2012-07-26 18:24 - 2012-07-26 18:24 - 00000361 ____A C:\rkill.log
2012-07-26 18:22 - 2012-07-26 18:23 - 01012656 ____A C:\Users\Lee Han Siang\Downloads\rkill.exe
2012-07-26 18:16 - 2012-07-26 18:16 - 00472537 ____A C:\Users\Lee Han Siang\Desktop\Infected TrojanWin64-Sirefef_B Virus How to Remove TrojanWin64-Sirefef_B Completely - Tee Support Blog.mht
2012-07-26 18:02 - 2012-07-26 18:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.842AB16B59043F17
2012-07-26 08:21 - 2012-07-26 09:46 - 00000000 ____D C:\Users\Lee Han Siang\Downloads\Trojaan remove
2012-07-26 07:12 - 2012-07-28 10:23 - 00000036 ____A C:\Users\Lee Han Siang\AppData\Local\housecall.guid.cache
2012-07-26 06:52 - 2012-07-26 06:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E1D1132A8795449
2012-07-26 06:30 - 2012-07-26 19:55 - 00000000 ____D C:\Users\Lee Han Siang\Downloads\FakeAVRemover_1.0.0.1019
2012-07-25 19:43 - 2012-07-25 19:43 - 00000219 ____A C:\Users\Lee Han Siang\Desktop\Dota 2.url
2012-07-24 21:26 - 2012-07-28 18:50 - 00000784 ____A C:\Windows\setupact.log
2012-07-24 21:26 - 2012-07-28 10:48 - 00340944 ____A C:\Windows\PFRO.log
2012-07-24 21:26 - 2012-07-24 21:26 - 00000000 ____A C:\Windows\setuperr.log
2012-07-24 08:26 - 2012-07-24 08:26 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-24 08:26 - 2012-07-24 08:26 - 00000000 ____D C:\Program Files\CCleaner
2012-07-24 06:22 - 2012-07-24 06:22 - 00000000 ____D C:\Users\Lee Han Siang\Desktop\2012_07_24
2012-07-23 01:40 - 2012-07-23 01:42 - 00000000 ____D C:\Users\Lee Han Siang\AppData\Roaming\Wise Registry Cleaner
2012-07-23 01:37 - 2012-07-23 01:37 - 00001233 ____A C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2012-07-23 01:37 - 2012-07-23 01:37 - 00000000 ____D C:\Program Files (x86)\Wise
2012-07-23 01:05 - 2012-01-31 04:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-07-23 01:02 - 2012-07-28 10:43 - 00751310 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-23 01:02 - 2012-07-28 10:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-17 00:02 - 2012-07-17 00:02 - 00004710 ____A C:\Users\Lee Han Siang\.recently-used.xbel
2012-07-15 23:57 - 2012-07-15 23:57 - 00000000 ____D C:\Users\Lee Han Siang\AppData\Local\{83C26883-AB9F-4983-A972-2A3C639695CF}
2012-07-15 23:51 - 2012-07-24 23:43 - 00000000 ____D C:\Users\Lee Han Siang\Desktop\Oliven Tuition
2012-07-14 02:10 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-14 02:04 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-14 02:04 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-14 02:04 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-14 02:04 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-14 02:04 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-14 02:04 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-14 02:04 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-14 02:04 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-14 02:04 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-14 02:04 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-14 02:04 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-14 02:04 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-14 02:04 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-14 02:04 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-14 02:04 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-14 02:04 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-14 02:04 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-14 02:04 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-14 02:04 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-14 02:04 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-14 02:04 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-14 02:04 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-14 02:04 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-14 02:04 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-14 02:04 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-14 02:04 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-14 02:04 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-14 02:04 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-14 01:10 - 2012-07-15 02:13 - 00057335 ____H C:\Users\Lee Han Siang\Desktop\~WRL0005.tmp
2012-07-13 19:31 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-13 19:31 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-13 19:31 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-13 19:31 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-13 19:31 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-13 19:31 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-13 19:29 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-13 19:29 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-13 19:28 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-13 19:28 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-13 19:28 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-13 19:28 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-13 19:28 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-13 19:28 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-13 19:28 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-13 19:28 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-13 19:28 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-13 18:51 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-13 18:51 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-13 00:05 - 2012-07-26 23:06 - 00000000 ____D C:\Program Files (x86)\Steam
2012-07-13 00:05 - 2012-07-13 00:05 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-12 08:38 - 2012-07-19 18:27 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-07-12 08:37 - 2012-07-12 08:38 - 00000000 ____D C:\Program Files\Adobe
2012-07-12 08:31 - 2012-07-12 08:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-07-09 23:33 - 2012-07-10 00:12 - 00000000 ____D C:\Users\Lee Han Siang\.gimp-2.8
2012-07-09 23:33 - 2012-07-09 23:33 - 00000000 ____D C:\Users\Lee Han Siang\AppData\Local\gegl-0.2
2012-07-09 23:29 - 2012-07-09 23:31 - 00000000 ____D C:\Program Files\GIMP 2
2012-07-09 23:12 - 2012-07-09 23:12 - 00000218 ____A C:\Users\Lee Han Siang\AppData\Local\recently-used.xbel
2012-07-02 06:28 - 2012-07-02 06:28 - 00000000 ____D C:\Users\Lee Han Siang\Documents\Remedy
2012-07-02 06:28 - 2012-07-02 06:28 - 00000000 ____D C:\Users\Lee Han Siang\AppData\Local\SKIDROW
2012-07-02 06:19 - 2012-07-02 06:19 - 00002157 ____A C:\Users\Public\Desktop\Alan Wake.lnk
2012-07-02 06:13 - 2012-07-02 06:13 - 00000000 ____D C:\Program Files (x86)\Remedy Entertainment
2012-06-30 07:57 - 2012-06-30 07:57 - 00000000 ____D C:\Users\Lee Han Siang\AppData\Roaming\Garena
2012-06-30 07:57 - 2012-06-30 07:57 - 00000000 ____D C:\Users\All Users\Garena


============ 3 Months Modified Files ========================

2012-07-28 19:15 - 2011-08-12 23:26 - 02001298 ____A C:\Windows\WindowsUpdate.log
2012-07-28 19:10 - 2012-07-28 19:09 - 01438391 ____A (Farbar) C:\Users\Lee Han Siang\Downloads\FRST64.exe
2012-07-28 19:04 - 2011-04-13 04:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-28 19:04 - 2011-04-13 04:35 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-28 18:58 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-28 18:58 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-28 18:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 18:50 - 2012-07-24 21:26 - 00000784 ____A C:\Windows\setupact.log
2012-07-28 10:48 - 2012-07-24 21:26 - 00340944 ____A C:\Windows\PFRO.log
2012-07-28 10:43 - 2012-07-23 01:02 - 00751310 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-28 10:43 - 2012-07-23 01:02 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-28 10:39 - 2012-07-28 10:39 - 00012095 ____A C:\Users\Lee Han Siang\Downloads\hijackthis.log
2012-07-28 10:33 - 2012-07-28 10:33 - 00171362 ____A C:\Users\Lee Han Siang\AppData\Local\census.cache
2012-07-28 10:33 - 2012-07-28 10:33 - 00137392 ____A C:\Users\Lee Han Siang\AppData\Local\ars.cache
2012-07-28 10:30 - 2012-07-28 10:25 - 04265230 ____A C:\Users\Lee Han Siang\Downloads\64bit.exe
2012-07-28 10:23 - 2012-07-26 07:12 - 00000036 ____A C:\Users\Lee Han Siang\AppData\Local\housecall.guid.cache
2012-07-28 10:19 - 2012-07-28 10:19 - 00388608 ____A (Trend Micro Inc.) C:\Users\Lee Han Siang\Downloads\HijackThis.exe
2012-07-28 10:19 - 2012-07-28 10:18 - 02002944 ____A (Trend Micro Inc.) C:\Users\Lee Han Siang\Downloads\HousecallLauncher.exe
2012-07-28 09:50 - 2012-07-28 09:50 - 00001150 ____A C:\Users\Lee Han Siang\Downloads\w7-wscsvc.zip
2012-07-28 09:18 - 2012-07-28 09:15 - 05219237 ____A (Trend Micro) C:\Users\Lee Han Siang\Downloads\rescue_disk_builder855.exe
2012-07-28 09:02 - 2012-07-28 09:02 - 00000954 ____A C:\Users\Lee Han Siang\Downloads\regfix.reg
2012-07-27 09:09 - 2012-07-27 09:09 - 00176940 ____A C:\Users\Lee Han Siang\Downloads\BFE.reg
2012-07-27 09:09 - 2012-07-27 09:09 - 00006396 ____A C:\Users\Lee Han Siang\Downloads\MpsSvc.reg
2012-07-27 01:49 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-26 19:45 - 2012-07-26 19:45 - 08656400 ____A (Trend Micro Inc.) C:\Users\Lee Han Siang\Downloads\RootkitBuster_v5_1061.exe
2012-07-26 19:41 - 2012-07-26 19:41 - 05475548 ____A C:\Users\Lee Han Siang\Downloads\sysclean.com
2012-07-26 19:34 - 2009-07-13 21:13 - 00742028 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 19:32 - 2012-07-26 19:30 - 02117108 ____A C:\Users\Lee Han Siang\Downloads\tdsskiller.zip
2012-07-26 18:46 - 2012-07-26 18:46 - 00019849 ____A C:\Users\Lee Han Siang\Desktop\Attach.txt
2012-07-26 18:46 - 2012-07-26 18:46 - 00005184 ____A C:\Users\Lee Han Siang\Desktop\Attach.zip
2012-07-26 18:45 - 2012-07-26 18:45 - 00030473 ____A C:\Users\Lee Han Siang\Desktop\DDS.txt
2012-07-26 18:43 - 2012-07-26 18:40 - 00607260 ____R (Swearware) C:\Users\Lee Han Siang\Downloads\dds.scr
2012-07-26 18:37 - 2012-07-26 18:37 - 00000558 ____A C:\Users\Lee Han Siang\Desktop\defogger_disable.log
2012-07-26 18:37 - 2012-07-26 18:37 - 00000168 ____A C:\Users\Lee Han Siang\defogger_reenable
2012-07-26 18:36 - 2012-07-26 18:36 - 00050477 ____A C:\Users\Lee Han Siang\Downloads\Defogger.exe
2012-07-26 18:24 - 2012-07-26 18:24 - 00000361 ____A C:\rkill.log
2012-07-26 18:23 - 2012-07-26 18:22 - 01012656 ____A C:\Users\Lee Han Siang\Downloads\rkill.exe
2012-07-26 18:16 - 2012-07-26 18:16 - 00472537 ____A C:\Users\Lee Han Siang\Desktop\Infected TrojanWin64-Sirefef_B Virus How to Remove TrojanWin64-Sirefef_B Completely - Tee Support Blog.mht
2012-07-26 18:02 - 2012-07-26 18:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.842AB16B59043F17
2012-07-26 07:13 - 2011-12-13 21:15 - 03899172 ____A C:\Windows\SysWOW64\wmm_cur.log
2012-07-26 06:52 - 2012-07-26 06:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E1D1132A8795449
2012-07-25 19:43 - 2012-07-25 19:43 - 00000219 ____A C:\Users\Lee Han Siang\Desktop\Dota 2.url
2012-07-25 06:37 - 2009-07-13 21:08 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-24 21:26 - 2012-07-24 21:26 - 00000000 ____A C:\Windows\setuperr.log
2012-07-24 08:26 - 2012-07-24 08:26 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-23 01:45 - 2012-01-04 07:53 - 00007598 ____A C:\Users\Lee Han Siang\AppData\Local\Resmon.ResmonCfg
2012-07-23 01:37 - 2012-07-23 01:37 - 00001233 ____A C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2012-07-21 06:42 - 2012-06-05 07:23 - 00045270 ____A C:\Users\Lee Han Siang\AppData\Roaming\room_v3.dat
2012-07-19 17:15 - 2011-12-23 02:42 - 00016074 ____A C:\Users\Lee Han Siang\Documents\My EndNote Library.enl
2012-07-17 00:02 - 2012-07-17 00:02 - 00004710 ____A C:\Users\Lee Han Siang\.recently-used.xbel
2012-07-16 21:23 - 2012-03-29 19:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-16 21:23 - 2012-03-15 19:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-15 02:13 - 2012-07-14 01:10 - 00057335 ____H C:\Users\Lee Han Siang\Desktop\~WRL0005.tmp
2012-07-14 20:46 - 2009-07-13 20:45 - 05039440 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 02:08 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-07-14 02:05 - 2011-12-19 05:27 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-13 06:51 - 2011-08-12 23:49 - 00002606 ____A C:\Windows\System32\AutoRunFilter.ini
2012-07-13 06:51 - 2011-08-12 23:49 - 00001493 ____A C:\Windows\System32\ServiceFilter.ini
2012-07-13 00:05 - 2012-07-13 00:05 - 00000919 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-12 08:43 - 2011-12-04 19:48 - 00110296 ____A C:\Users\Lee Han Siang\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-09 23:12 - 2012-07-09 23:12 - 00000218 ____A C:\Users\Lee Han Siang\AppData\Local\recently-used.xbel
2012-07-02 06:19 - 2012-07-02 06:19 - 00002157 ____A C:\Users\Public\Desktop\Alan Wake.lnk
2012-06-25 01:05 - 2011-12-13 21:15 - 06291468 ____A C:\Windows\SysWOW64\wmm_old.log
2012-06-17 10:32 - 2012-06-17 10:33 - 00017631 ____A C:\Users\Lee Han Siang\Downloads\MonitorBright.zip
2012-06-11 19:08 - 2012-07-14 02:10 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-13 19:29 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-13 19:29 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-13 19:31 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-13 19:31 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-13 18:51 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-13 19:31 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-13 19:31 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-13 18:51 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 23:37 - 2012-07-28 10:22 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-06-04 07:05 - 2012-06-04 07:05 - 00000998 ____A C:\Users\Lee Han Siang\Desktop\WarKey - Shortcut.lnk
2012-06-02 14:19 - 2012-06-21 20:16 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 20:16 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 20:16 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 20:16 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 20:16 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 20:16 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 20:16 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 07:08 - 2012-06-02 07:08 - 00657227 ____A C:\Windows\Condition Zero Uninstaller.exe
2012-06-02 07:08 - 2012-06-02 07:08 - 00001624 ____A C:\Users\UpdatusUser\Desktop\Counter-Strike.lnk
2012-06-02 07:08 - 2012-06-02 07:08 - 00001612 ____A C:\Users\UpdatusUser\Desktop\Condition Zero.lnk
2012-06-02 07:08 - 2012-06-02 07:08 - 00001612 ____A C:\Users\Lee Han Siang\Desktop\Condition Zero.lnk
2012-06-02 04:49 - 2012-07-14 02:04 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-14 02:04 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-14 02:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-14 02:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-14 02:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-14 02:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-14 02:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-14 02:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-14 02:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-14 02:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-14 02:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-14 02:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-14 02:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-14 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-14 02:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-14 02:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-14 02:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-14 02:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-14 02:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-14 02:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-14 02:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-14 02:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-14 02:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-14 02:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-14 02:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-14 02:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-14 02:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-14 02:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 23:19 - 2012-06-21 20:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-01 23:15 - 2012-06-21 20:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-13 19:28 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-13 19:28 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-13 19:28 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-13 19:28 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-13 19:28 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-13 19:28 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-13 19:28 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-13 19:28 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-13 19:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 09:03 - 2012-06-01 09:03 - 00001352 ____A C:\Users\Lee Han Siang\Documents\AutoHotkey.ahk
2012-06-01 01:52 - 2012-05-31 03:21 - 00000545 ____A C:\Users\Public\Desktop\Start The Witcher 2.lnk
2012-05-31 00:39 - 2011-12-16 19:52 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4128312917-1197844542-2244436814-1001UA.job
2012-05-31 00:39 - 2011-12-16 19:52 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4128312917-1197844542-2244436814-1001Core.job
2012-05-30 17:38 - 2011-08-12 23:49 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-05-28 18:18 - 2012-05-28 18:18 - 00002215 ____A C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
2012-05-23 07:05 - 2012-05-23 07:05 - 00001069 ____A C:\Users\Lee Han Siang\Desktop\Garena Plus.lnk
2012-05-12 19:09 - 2012-05-12 19:09 - 00001096 ____A C:\Users\Lee Han Siang\Desktop\???? 2012.lnk
2012-05-12 19:09 - 2012-05-12 19:09 - 00000017 ____A C:\Windows\SysWOW64\mylk.dat
2012-05-04 18:03 - 2012-05-04 00:12 - 00015081 ____H C:\Users\Lee Han Siang\Desktop\~WRL3752.tmp
2012-05-04 18:03 - 2012-05-04 00:12 - 00015039 ____H C:\Users\Lee Han Siang\Desktop\~WRL2674.tmp
2012-05-04 03:06 - 2012-06-14 02:59 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 02:59 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 02:59 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


ZeroAccess:
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

ZeroAccess:
C:\Users\Lee Han Siang\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Users\Lee Han Siang\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\L
C:\Users\Lee Han Siang\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8102.7 MB
Available physical RAM: 7336.9 MB
Total Pagefile: 8100.84 MB
Available Pagefile: 7329.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:102.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:247.31 GB) NTFS
4 Drive f: (MR LEE) (Removable) (Total:3.71 GB) (Free:3.66 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 3816 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 238 GB 25 GB
Partition 0 Extended 332 GB 263 GB
Partition 3 Logical 332 GB 263 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 238 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 332 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3812 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F MR LEE FAT32 Removable 3812 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 09:14

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 11:22:41
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-27 01:49] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 28 July 2012 - 10:42 PM

Please run the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54}
C:\Users\Lee Han Siang\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54}
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 28 July 2012 - 11:34 PM

Hi, thanks for the quick response.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 11:57:19 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{80aa28bd-953b-0d79-ac52-59b01480de54} moved successfully.
C:\Users\Lee Han Siang\AppData\Local\{80aa28bd-953b-0d79-ac52-59b01480de54} moved successfully.

==== End of Fixlog ====

ComboFix 12-07-27.03 - Lee Han Siang 7/2012 Sun 12:03:08.1.4 - x64
执行位置: c:\users\Lee Han Siang\Desktop\ComboFix.exe
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\kuwo
c:\program files (x86)\kuwo\install.log
c:\program files (x86)\kuwo\KWMUSIC\bin\20120613181555144_IESandBox.exe.dmp
c:\program files (x86)\kuwo\KWMUSIC\bin\AdbWinApi.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\bin\localmusiclist.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\bin\下载列表2.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\bin\播放列表.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\ccenter.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\CKuwoPlayer.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\Conf\default\config.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\CoreAVC0.ax
c:\program files (x86)\kuwo\KWMUSIC\bin\CWmpPlayer.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\data\2012-7-10.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\data\2012-7-11.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\data\2012-7-13.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\data\2012-7-16.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\data\2012-7-18.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\dbghelp.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\DshowPlayer.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\DuiLib.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\DumpReport.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\Encode.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\hanzi_pinyin.dict
c:\program files (x86)\kuwo\KWMUSIC\bin\html\gameBoxLoading.htm
c:\program files (x86)\kuwo\KWMUSIC\bin\html\loading.gif
c:\program files (x86)\kuwo\KWMUSIC\bin\html\minierror.htm
c:\program files (x86)\kuwo\KWMUSIC\bin\html\mvloading.html
c:\program files (x86)\kuwo\KWMUSIC\bin\html\mvloading.swf
c:\program files (x86)\kuwo\KWMUSIC\bin\IEProxy.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\IESandBox.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\KuwoDaemon.apk
c:\program files (x86)\kuwo\KWMUSIC\bin\KuwoSyncMobile.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\kwAdb.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\KwConfig.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\KwDataDef.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwHttpRequestMgr.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwInfos.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\KwLib.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwLog.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModAppStore.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModConfig.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModDownload.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModGameEntry.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModLocalMusic.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModLyric.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModLyricShow.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModNetSong.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModPlaylist.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModSayHello.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModSkinManage.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModSynList.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModUpdateWeb.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwModUser.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwMusic.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\KwMusicCore.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwMV.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwRecoSong.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwService.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\KwServiceProxy.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwSongCache.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwTagLib.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\KwUpdate.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\lidx.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\Log\act.log
c:\program files (x86)\kuwo\KWMUSIC\bin\Log\act.log.out
c:\program files (x86)\kuwo\KWMUSIC\bin\MatroskaSplitter.ax
c:\program files (x86)\kuwo\KWMUSIC\bin\MediaInfo.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\Microsoft.VC90.CRT.manifest
c:\program files (x86)\kuwo\KWMUSIC\bin\Module.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\MpaDecFilter.ax
c:\program files (x86)\kuwo\KWMUSIC\bin\msvcp90.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\msvcr90.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\mylkx.dat
c:\program files (x86)\kuwo\KWMUSIC\bin\pd.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\PlayerCore.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\Eq_Kweq.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\in_APE.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\in_mpg123.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\in_mpg123.dll.manifest
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\In_Wma.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\Microsoft.VC90.CRT.manifest
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\msvcp90.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\msvcr90.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\plugin\out_kw_ds.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\res\baidu.pl
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\ac3.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\ape.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\cda.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\cue.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\dks.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\flac.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\GameIcon.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\KwDownloadLnk.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\lrcx.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\m4a.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\mid.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\mp3.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\ogg.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\tta.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\wav.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\icons\wma.ico
c:\program files (x86)\kuwo\KWMUSIC\bin\res\skindownload\skin_serverlist.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\AlreadDownloadDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\changeskinwnd.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\cursor\hand-close.cur
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\cursor\hand-open.cur
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\DeskLyric.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\DownloadFinishTipDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\DownloadSettingDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\EqDlgAttribute.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\ExitTipDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\fullplaycontrol.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\functionwnd.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwConfig.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwCopyToPhone.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwCopyToUSB.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwEqDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\Kwinstallkwttdlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwKickDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwLimitMvDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwLimitSongDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwMinisiteDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwMusic.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwTaskbarNotifierDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\KwVipWebDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\Kwwebpopup.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\logindlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\minidlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\miniplaylist.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\ModifyLyricRelationWnd.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\msgbox.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\MusicTool.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\MusicToolDown.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\mvmodbar.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\RecoTipDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\searchtip.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\ShutDownSettingDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\ShutDownTipDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\skin.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\skin.zip
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\UpdateTipDialog.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\UpLyricDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\UserfaceWnd.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\base\WebPopupDlg.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\1\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\1\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\1\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10680\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10680\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10680\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10680\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10801\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10801\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10801\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10801\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10812\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10812\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10812\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\10812\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\112\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\112\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\112\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\112\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\11296\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\11296\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\11296\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\11296\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\117\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\117\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\117\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\117\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\121\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\121\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\121\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\121\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12129\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12129\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12129\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12129\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12584\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12584\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12584\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12584\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12585\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12585\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12585\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12585\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12769\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12769\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12769\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12769\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12930\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12930\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12930\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\12930\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13091\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13091\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13091\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13091\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13098\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13098\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13098\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\13098\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\151\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\151\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\151\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\151\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\2\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\2\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\2\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\3\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\3\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\3\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\4531\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\4531\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\4531\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\4531\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\462\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\462\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\462\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\462\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\48\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\48\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\48\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\48\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\5\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\5\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\5\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\674\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\674\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\674\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\674\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8362\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8362\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8362\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8362\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8663\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8663\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8663\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\8663\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\928\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\928\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\928\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\928\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\951\bk.png
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\951\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\951\small.png
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\951\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\963\bk.jpgc:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\963\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\963\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\localskin\963\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\1\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\1\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\1\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10496\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10496\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10496\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10496\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10516\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10516\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10516\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10516\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10571\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10571\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10571\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10571\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10680\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10680\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10680\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10680\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10801\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10801\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10801\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10801\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10805\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10805\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10805\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10805\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10815\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10815\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10815\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\10815\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11088\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11088\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11088\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11088\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\112\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\112\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\112\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\112\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11274\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11274\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11274\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11274\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11296\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11296\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11296\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\11296\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\117\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\117\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\117\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\117\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12129\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12129\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12129\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12129\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12584\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12584\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12584\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12584\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12585\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12585\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12585\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12585\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12840\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12840\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12840\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12840\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12930\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12930\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12930\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\12930\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\130\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\130\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\130\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\130\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13221\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13221\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13221\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13221\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13266\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13266\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13266\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13266\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13279\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13279\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13279\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13279\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13430\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13430\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13430\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13430\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13668\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13668\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13668\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13668\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13968\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13968\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13968\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\13968\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14157\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14157\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14157\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14157\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14409\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14409\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14409\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14409\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14418\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14418\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14418\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\14418\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\147\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\147\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\147\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\147\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15048\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15048\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15048\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15048\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\151\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\151\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\151\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\151\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15167\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15167\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15167\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15167\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15225\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15225\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15225\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15225\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15282\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15282\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15282\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15282\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15639\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15639\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15639\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15639\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15646\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15646\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15646\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15646\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15712\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15712\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15712\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\15712\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\2\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\2\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\2\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\3\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\3\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\3\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\43\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\43\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\43\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\43\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\4531\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\4531\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\4531\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\4531\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\462\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\462\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\462\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\462\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\497\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\497\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\497\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\497\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\5\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\5\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\5\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\55\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\55\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\55\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\55\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\56\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\56\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\56\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\56\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\674\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\674\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\674\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\674\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7628\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7628\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7628\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7628\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7866\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7866\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7866\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\7866\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8163\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8163\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8163\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8163\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8362\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8362\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8362\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8362\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8663\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8663\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8663\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\8663\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\928\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\928\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\928\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\928\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\963\bk.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\963\conf.ini
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\963\small.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\963\webView.jpg
c:\program files (x86)\kuwo\KWMUSIC\bin\skin\serverskin\server.xml
c:\program files (x86)\kuwo\KWMUSIC\bin\temp\KMusic\29.wma
c:\program files (x86)\kuwo\KWMUSIC\bin\UIAvMgr.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIDeskLyric.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIDownload.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIMiniPanel.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UINetSong.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UINowPlaying.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIPlayControl.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIPlaylist.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIPopupWnd.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\UIVIPMan.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\Win7Trait.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\WriteMbox.exe
c:\program files (x86)\kuwo\KWMUSIC\bin\Zlib.dll
c:\program files (x86)\kuwo\KWMUSIC\bin\酷我音乐 2012.lnk
c:\program files (x86)\kuwo\KWMUSIC\install.log
c:\program files (x86)\kuwo\KWMUSIC\KwMusic.exe
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Conf\user\config.ini
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\lyricshow\LyricTheme.xml
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModMusicTool\conf.txt
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModResource\NetSong-artists.pl
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModWebUpdate\zip\netsong.zip
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModWebUpdate\zip\sharesong.zip
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModWebUpdate\zip\songcomment.zip
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModWebUpdate\zip\userinfo2012.zip
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\ModuleData\ModWebUpdate\zip\vipMbox_new.zip
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\cache\KW_SEARCH_SONG\jay.dat
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_COLOR_highlight.jpg
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_COLOR_nomal.jpg
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_PIC_highlight.jpg
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_PIC_nomal.jpg
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_1a.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_1b.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_2a.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_2b.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_3a.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_3b.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_4a.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_4b.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_5a.png
c:\program files (x86)\kuwo\KWMUSIC\KWMUSIC\Res\DeskLyric\DL_Themes_5b.png
c:\program files (x86)\kuwo\KWMUSIC\KwMusicSetup.exe
c:\program files (x86)\kuwo\KWMUSIC\Microsoft.VC90.CRT.manifest
c:\program files (x86)\kuwo\KWMUSIC\msvcp90.dll
c:\program files (x86)\kuwo\KWMUSIC\msvcr90.dll
c:\program files (x86)\kuwo\KWMUSIC\readme.txt
c:\program files (x86)\kuwo\KWMUSIC\Uninstall.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\wmm_cur.log
.
.
((((((((((((((((((((((((( 2012-06-28 至 2012-07-29 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-07-29 19:18 . 2012-07-29 19:19 -------- d-----w- C:\FRST
2012-07-29 04:12 . 2012-07-29 04:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-29 04:12 . 2012-07-29 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 02:54 . 2012-06-28 19:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13882C2F-8C51-499A-A1B8-5D3128E9CB29}\mpengine.dll
2012-07-28 18:44 . 2012-07-28 18:44 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DBD6867C-C789-4EA7-B1A6-E58250D2F98D}\gapaengine.dll
2012-07-28 18:44 . 2012-06-28 19:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-28 18:43 . 2012-07-28 18:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-28 18:43 . 2012-07-28 18:43 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-28 18:35 . 2012-07-28 18:35 -------- d-----w- C:\Archive
2012-07-28 18:22 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-27 02:02 . 2012-07-27 02:02 328704 ----a-w- c:\windows\system32\services.exe.842AB16B59043F17
2012-07-26 14:52 . 2012-07-26 14:52 328704 ----a-w- c:\windows\system32\services.exe.2E1D1132A8795449
2012-07-24 16:26 . 2012-07-24 16:26 -------- d-----w- c:\program files\CCleaner
2012-07-23 09:40 . 2012-07-23 09:42 -------- d-----w- c:\users\Lee Han Siang\AppData\Roaming\Wise Registry Cleaner
2012-07-23 09:37 . 2012-07-23 09:37 -------- d-----w- c:\program files (x86)\Wise
2012-07-23 09:05 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-22 14:14 . 2012-07-22 14:14 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-22 14:14 . 2012-07-22 14:14 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-14 10:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 03:31 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-14 03:31 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-14 03:31 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-14 03:31 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-14 03:31 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-14 03:31 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-14 03:29 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-14 03:28 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-14 03:28 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-14 03:28 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-14 03:28 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-14 03:28 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-14 03:28 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-14 03:28 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-14 03:28 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-14 03:28 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-13 08:05 . 2012-07-13 08:25 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-13 08:05 . 2012-07-27 07:06 -------- d-----w- c:\program files (x86)\Steam
2012-07-12 16:38 . 2012-07-20 02:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-12 16:37 . 2012-07-12 16:38 -------- d-----w- c:\program files\Adobe
2012-07-12 16:31 . 2012-07-12 16:38 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-10 07:33 . 2012-07-10 07:33 -------- d-----w- c:\users\Lee Han Siang\AppData\Local\fontconfig
2012-07-10 07:33 . 2012-07-10 08:12 -------- d-----w- c:\users\Lee Han Siang\.gimp-2.8
2012-07-10 07:33 . 2012-07-10 07:33 -------- d-----w- c:\users\Lee Han Siang\AppData\Local\gegl-0.2
2012-07-10 07:29 . 2012-07-10 07:31 -------- d-----w- c:\program files\GIMP 2
2012-07-02 14:28 . 2012-07-02 14:28 -------- d-----w- c:\users\Lee Han Siang\AppData\Local\SKIDROW
2012-07-02 14:13 . 2012-07-02 14:13 -------- d-----w- c:\program files (x86)\Remedy Entertainment
2012-06-30 15:57 . 2012-06-30 15:57 -------- d-----w- c:\users\Lee Han Siang\AppData\Roaming\Garena
2012-06-30 15:57 . 2012-06-30 15:57 -------- d-----w- c:\programdata\Garena
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 Modified ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:49 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-17 05:23 . 2012-03-30 03:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-17 05:23 . 2012-03-16 03:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 10:05 . 2011-12-19 13:27 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 04:16 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 04:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 04:16 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 04:16 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 04:16 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 04:16 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 04:16 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 15:08 . 2012-06-02 15:08 657227 ----a-w- c:\windows\Condition Zero Uninstaller.exe
2012-06-02 07:19 . 2012-06-22 04:16 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 07:15 . 2012-06-22 04:16 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 01:38 . 2011-08-13 07:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-05-04 11:06 . 2012-06-14 10:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 10:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 10:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 10:59 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-8-13 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE"
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
"Wireless Console 3"=c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 GuardService;GuardService;c:\program files (x86)\Google\Common\Guard\guardServiceCh.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-22 113120]
R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [2010-07-05 154112]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-14 1255736]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-05 279616]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2010-09-17 194640]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104]
S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [2010-04-26 18432]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2010-09-17 339536]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-04-12 142632]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-22 317440]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
‘计划任务’ 文件夹 里的内容
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4128312917-1197844542-2244436814-1001Core.job
- c:\users\Lee Han Siang\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-17 03:52]
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4128312917-1197844542-2244436814-1001UA.job
- c:\users\Lee Han Siang\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-17 03:52]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 12:35]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 12:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 14:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com.my/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lee Han Siang\AppData\Roaming\Mozilla\Firefox\Profiles\on6v59lq.default\
FF - prefs.js: browser.startup.homepage - hxxp://malaysia.msn.com/|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1340173246&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fmail.live.com%2Fdefault.aspx%3Fid%3D64855&lc=2057&id=64855&mkt=en-gb&cbcxt=mai|http://www.google.com.my/search?q=clown+badut+johor+bahru&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a#hl=en&client=firefox-a&hs=spu&rls=org.mozilla:en-GB%3Aofficial&sclient=psy-ab&q=clown+johor+bahru&oq=clown+johor+bahru&aq=f&aqi=&aql=&gs_l=serp.3...45561.45561.0.45899.1.1.0.0.0.0.0.0..0.0...0.0.pT7qCgEPvKk&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&fp=e3a118168db984e&biw=1366&bih=644|http://www.mudah.my/Clown+Badut+in+Johor+Bahru+and+Face+painting-7137115.htm|http://johorbahru.olx.com.my/clown-badut-johor-bahru-iid-133835631|http://www.adpost.com/my/business_products_services/12173/|http://habaq.my/ads/clown-badut-johor-bahru-and-face-painting/|http://my.wowcity.com/johorbaharu/locbus2/7065436628942451836/lee-clown-badut-service-johor-.htm|http://my.wowcity.com/pontian/locbus2/7065436628942451836/lee-clown-badut-service-johor-.htm|http://www.poba.my/ad09276829368.html|http://www.lelong.com.my/lee-clown-badut-service-johor-bahru-85560038-2011-08-Sale-P.htm|http://www.facebook.com/lee.clown.service|http://www.hotfrog.com.my/Companies/Clown-badut-Johor-Bahru|http://maxi24.com.my/681949-clown-badut-johor-bahru/details.html|http://jbcool.com/clown-badut-services-in-johor-bahru/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-KwMusic6 - c:\program files (x86)\kuwo\KWMUSIC\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\d:\Games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T16:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T16:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T16:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\d:\Games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"2011-10-10T16:42\00GB18030\00GBK\00GB2312\00CP936\00MS936\00windows-936\00MIB: 114\00MIB: 113\00MIB: 2025\00\00"
"qkrcodecs4.dll"=multi:"2011-10-10T16:42\00EUC-KR\00cp949\00MIB: 38\00MIB: -949\00\00"
"qtwcodecs4.dll"=multi:"2011-10-10T16:42\00Big5\00Big5-HKSCS\00Big5-ETen\00CP950\00MIB: 2026\00MIB: 2101\00\00"
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\codecs]
"qcncodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpcodecs4.dll"=multi:"40602\000\00Windows msvc release full-config\002011-10-10T16:42\00\00"
"qjpcodecsd4.dll"=multi:"40703\001\00Windows msvc debug full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qkrcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qtwcodecs4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\d:\games\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T16:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T16:42\00\00"
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001_Classes\Wow6432Node\CLSID\{6476b714-efff-4fdc-9e85-2d6884946ce5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006e
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4128312917-1197844542-2244436814-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,29,4b,6d,89,8f,54,b2,14,37,a3,0b,48,ca,71,d8,39,7d,be,7a,bb,
f2,05,99,76,36,1d,66,b0,8f,7a,8c,b8,57,cc,0a,a1,43,07,68,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
.
**************************************************************************
.
完成时间: 2012-07-29 12:19:36 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-07-29 04:19
.
Pre-Run: 109,956,390,912 bytes free
Post-Run: 109,864,779,776 bytes free
.
- - End Of File - - F1F53F6467F8809866F24F2DE539879C

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 29 July 2012 - 12:47 AM

please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 29 July 2012 - 11:32 AM

Hi, thanks for the response again.

===============================================
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lee Han Siang :: LEEHANSIANG-PC [administrator]

Protection: Enabled

29/7/2012 6:25:45 PM
mbam-log-2012-07-29 (18-25-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216083
Time elapsed: 1 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Lee Han Siang\AppData\Local\Temp\sdhttt.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Lee Han Siang\AppData\Local\Temp\~!#1DDD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Lee Han Siang\AppData\Local\Temp\~!#4EF.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.

(end)
=================================
From ESET

C:\Users\Lee Han Siang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\19ded392-5435eec1 a variant of Win32/Injector.UMR trojan
C:\Users\Lee Han Siang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\f604794-343a625c a variant of Win32/Injector.UMR trojan
C:\Users\Lee Han Siang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\20501203-1e0feb43 Java/TrojanDownloader.Agent.NEJ trojan
D:\Games\The Witcher 2 Assassins of Kings\DVD2\sr-tw2b.iso a variant of Win32/Packed.VMProtect.AAA trojan
=================================

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 29 July 2012 - 12:52 PM

please do the following:


Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp
Clear Java cache


NEXT


Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
NEXT

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 July 2012 - 12:21 AM

Hi, thanks for the reply.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Lee Han Siang (administrator) on 30-07-2012 at 13:13:54
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
???? ??? Windows Live (Version: 15.4.3502.0922)
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (Version: 15.4.5722.2)
???? Windows Live (Version: 15.4.3502.0922)
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) (Version: 15.4.5722.2)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat 8 Professional (Version: 8.1.0)
Adobe Acrobat 8.1.0 Professional (Version: 8.1.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Alan Wake
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.12.5.0)
Astroburn Lite (Version: 1.5.0.0139)
ASUS AI Recovery (Version: 1.0.13)
ASUS FancyStart (Version: 1.0.8)
ASUS K3 Series ScreenSaver (Version: 1.0.0002)
ASUS LifeFrame3 (Version: 3.0.20)
ASUS Live Update (Version: 3.0.6)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0030)
ASUS Virtual Camera (Version: 1.0.21)
ASUS WebStorage (Version: 3.0.84.161)
AsusVibe2.0 (Version: 2.0.10.168)
Atheros Client Installation Program (Version: 7.0)
ATK Package (Version: 1.0.0010)
Auslogics Task Manager (Version: version 2.2)
Bing Bar (Version: 7.0.610.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon RAW Codec (Version: 1.5.0.47)
Canon Utilities Digital Photo Professional 1.0 (Version: 1.0)
Canon Utilities Digital Photo Professional 3.8 (Version: 3.8.1.0)
Canon Utilities Picture Style Editor (Version: 1.8.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CCleaner (Version: 3.20)
Condition Zero (Version: 1.2)
Contr?le ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controle ActiveX do Windows Live Mesh para Conex?es Remotas (Version: 15.4.5722.2)
Cooking Dash
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Dota 2
EndNote X3 (Version: 13.0.0.4094)
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.5.3_WHQL (Version: 8.0.5.3)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fast Boot (Version: 1.0.10)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Game Park Console (Version: 6.2.1.1)
Garena Plus (Version: 2011)
GeoGebra (Version: 4.0.24.0)
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 20.0.1132.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
Governor of Poker
Hotel Dash Suite Success
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2622)
Intel® Turbo Boost Technology Monitor (Version: 1.0.400.4)
Internet Download Manager
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Jewel Quest 3
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Mega Codec Pack 8.0.0 (Version: 8.0.0)
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect 2 (Version: 1.00)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mountain Crime: Requital
Mozilla Firefox 14.0.1 (x86 en-GB) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Optimus 1.7.11 (Version: 1.7.11)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
P1 4G Connection Manager (Version: 3.3.7.6)
PDF Settings CS6 (Version: 11.0)
Plants vs Zombies
PunkBuster Services (Version: 0.986)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6373)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10001)
ResearchSoft Direct Export Helper
Skype? 5.6 (Version: 5.6.110)
Sonic Focus (Version: 1.0.0.4)
SPSS 16.0 for Windows (Version: 16.0.1)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
syncables desktop SE (Version: 5.5.746.11492)
System Requirements Lab
TeraCopy 2.27
The Witcher 2 (Version: 1.00.0000)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1.1109)
TuneUp Utilities 2012 (Version: 12.0.3010.5)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3010.5)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uzak Ba?lant?lar ??in Windows Live Mesh ActiveX Denetimi (Version: 15.4.5722.2)
WebM Media Foundation Components (Version: 1.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Foto?raf Galerisi (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Par?alar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Live 影像中心 (Version: 15.4.3502.0922)
Windows Live 照片库 (Version: 15.4.3502.0922)
Windows Live 程式集 (Version: 15.4.3502.0922)
Windows Live 软件包 (Version: 15.4.3502.0922)
WinFlash (Version: 2.31.0)
Wireless Console 3 (Version: 3.0.19)
Wise Registry Cleaner 7.36
World of Goo
千千静听 5.7正式版 (Version: 5.7正式版)
快播 5.0.77 (Version: 5.0.77)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (Version: 15.4.5722.2)
酷我音乐 2012 (Version: 6.0.5.4)
金山词霸 (Version: 2012.01.13.006)

**** End of log ****

Farbar SS Result

Farbar Service Scanner Version: 26-07-2012
Ran by Lee Han Siang (administrator) on 30-07-2012 at 13:15:55
Running from "C:\Users\Lee Han Siang\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Now my computer run very smooth, but yesterday the MSE still detected a trojan while i'm playing an online games.

Thanks for your help, did you still found any problems of my computer from the above logs?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 30 July 2012 - 08:00 AM

the MSE still detected a trojan while i'm playing an online games


can you please advise where the infection was found? as there is no sign of anything more on your logs, perhaps it found something already in quarantine.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 July 2012 - 08:43 AM

Hi,

I think i could not show u the threat appears yesterday.

I also found that in my Security status always show a message.

"Windows Defender and Microsoft Security Essentials both report that they are turned off."

I'm running Trend Micro Titanium Internet Security, MSE, and Malwarebytes Anti-Malware.
All security programs are already turned on.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 30 July 2012 - 11:13 AM

please do the following:

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 July 2012 - 02:55 PM

Hi,

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Wise Registry Cleaner 7.36
JavaFX 2.1.1
Java™ 7 Update 5
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


During the check, a window was pop up.
The message Inside look like this:
"
AutoIt Error
Line-1:
Error:Variablr must be of type "object"
"

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:25 PM

Posted 30 July 2012 - 04:08 PM

open your Microsoft security essentials user interface > press the history tab > quarantined items

that should list the MSE detections, please advise the location of the detection you are referring to.

Is MSE working correctly?



Check to confirm if “Security Center” service is running.


Follow these steps:


Click “Start”.

Type “services.msc” in the Start search box and hit “Enter”.

Locate “Security Center” and double-click the same.

In the “Startup type” list, select “Automatic”.

Click “Start” to start the service.

Click “Apply” and click “OK”.


Restart the computer



If you get any error messages following the above procedure, please do the following:

  • Press the Start button > in the search box on the Start menu type in Cmd > when cmd.exe appears in the window above > right click the program and click Run as Administrator
  • Wait for the command window to open > type net stop winmgmt at the command prompt > press enter. Say yes to the prompts This will stop the WMI so we can fix it. (minimize the command window for the moment, we will re-use it later)
  • Now navigate to C:\Windows\System32\wbem > locate, then right click on the folder Repository > rename it to Repository_bad
  • go back to the elevated command window you used earlier and type net start winmgmt at the command prompt > press enter.
  • Now re-register the WMI by typing the following command at the command prompt, winmgmt /salvagerepository > press enter
  • This command will make Vista access the WMI folder and when it can't find it, (due to your renaming it earlier) it should automatically fix all the errors caused by the old WMI files by creating new WMI components, this should only take a moment.
  • type exit at the command prompt and reboot your computer.


Now please re-run the Security Check

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 hslee5

hslee5
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 July 2012 - 11:15 PM

Hi,

The Security Center go back to normal already. Thanks for the help. Do i need to run any scan again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users