Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My FireFox's Homepage has been hijacked


  • This topic is locked This topic is locked
15 replies to this topic

#1 Paul61112002

Paul61112002

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 06:40 AM

As the title mentioned, what should I do right now??

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:30 AM

Posted 16 December 2012 - 09:39 AM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 09:00 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Paul at 9:58:05 on 2012-12-17
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
.
============== Running Processes ================
.
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6R8Oj4QEVQ&i=26
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://acer.msn.com
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = <local>
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: ForceActiveDesktopOn = dword:0
mPolicies-Explorer: NoRun = dword:0
mPolicies-Explorer: NoControlPanel = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: DisableTaskMgr = dword:0
mPolicies-System: DisableRegistryTools = dword:0
mPolicies-Windows\System: DisableCMD = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: 使用 IDM 下载 - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: 使用 IDM 下载全部链接 - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: 傳送至 OneNote(&N) - C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\mswsock.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{717A1955-84E1-4CF9-8BC6-9BB525A669BC} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{717A1955-84E1-4CF9-8BC6-9BB525A669BC}\02053434750264275656 : DHCPNameServer = 219.76.81.2
TCP: Interfaces\{717A1955-84E1-4CF9-8BC6-9BB525A669BC}\55E6966756273796479656370275966496 : DHCPNameServer = 143.89.14.7 143.89.14.8
TCP: Interfaces\{717A1955-84E1-4CF9-8BC6-9BB525A669BC}\6627565676F66777966696 : DHCPNameServer = 10.11.0.201 10.12.0.201
TCP: Interfaces\{717A1955-84E1-4CF9-8BC6-9BB525A669BC}\84B4945446745756374737F26505E4 : DHCPNameServer = 192.168.166.93
TCP: Interfaces\{E8909754-C89D-42D5-A70E-C3A69B82CEB7} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages = msv1_0
LSA: Notification Packages = scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
IFEO: acervcm.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: Acrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: acrodist.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: formscentralforacrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-mStart Page = hxxp://acer.msn.com
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://acer.msn.com
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mWinlogon: Shell = explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
x64-mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-IFEO: acervcm.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: Acrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: acrodist.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: formscentralforacrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6R8Oj4QEVQ&&i=26&search=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2011-12-01 21:28; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - ExtSQL: 2012-10-26 23:32; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-12-10 16:36; mozilla_cc@internetdownloadmanager.com; C:\Users\Paul\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-12-14 23:24; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2012-12-14 23:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-15 19:23; ffxtlbr@incredibar.com; C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\extensions\ffxtlbr@incredibar.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8Oj4QEVQ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e829a1760000000000009439e5185c84
FF - user.js: extensions.incredibar_i.instlDay - 15689
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:23:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8Oj4QEVQ
FF - user.js: extensions.incredibar_i.upn2n - 92825575280389218
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R? 1394ohci;1394 OHCI Compliant Host Controller
R? AcpiPmi;ACPI Power Meter Driver
R? AdobeARMservice;Adobe Acrobat Update Service
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? adp94xx;adp94xx
R? adpahci;adpahci
R? adpu320;adpu320
R? agp440;Intel AGP Bus Filter
R? ALG;Application Layer Gateway Service
R? aliide;aliide
R? amdide;amdide
R? AmdK8;AMD K8 Processor Driver
R? AmdPPM;AMD Processor Driver
R? amdsata;amdsata
R? amdsbs;amdsbs
R? AppID;AppID 驅動程式
R? AppIDSvc;Application Identity
R? arc;arc
R? arcsas;arcsas
R? aspnet_state;ASP.NET State Service
R? AsyncMac;RAS Asynchronous Media Driver
R? AxInstSV;ActiveX Installer (AxInstSV)
R? b06bdrv;Broadcom NetXtreme II VBD
R? b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? BCM43XX;Broadcom 802.11 Network Adapter Driver
R? BDESVC;BitLocker Drive Encryption Service
R? BrFiltLo;Brother USB Mass-Storage Lower Filter Driver
R? BrFiltUp;Brother USB Mass-Storage Upper Filter Driver
R? Brserid;Brother MFC Serial Port Interface Driver (WDM)
R? BrSerWdm;Brother WDM Serial driver
R? BrUsbMdm;Brother MFC USB Fax Only Modem
R? BrUsbSer;Brother MFC USB Serial WDM Driver
R? BthEnum;Bluetooth Request Block Driver
R? BTHMODEM;Bluetooth Serial Communications Driver
R? BthPan;Bluetooth 裝置 (個人區域網路)
R? BTHPORT;Bluetooth Port Driver
R? bthserv;Bluetooth Support Service
R? BTHUSB;Bluetooth Radio USB Driver
R? BTWAMPFL;BTWAMPFL
R? btwaudio;Bluetooth Audio Device Service
R? btwavdt;Bluetooth AVDT
R? btwdins;Bluetooth Service
R? btwl2cap;Bluetooth L2CAP Service
R? btwrchid;btwrchid
R? cdfs;CD/DVD File System Reader
R? CertPropSvc;Certificate Propagation
R? circlass;Consumer IR Devices
R? clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? cmdide;cmdide
R? COMSysApp;COM+ System Application
R? crcdisk;Crcdisk Filter Driver
R? defragsvc;Disk Defragmenter
R? dot3svc;Wired AutoConfig
R? drmkaud;Microsoft Trusted Audio Drivers
R? dump_wmimmc;dump_wmimmc
R? ebdrv;Broadcom NetXtreme II 10 GigE VBD
R? EFS;Encrypting File System (EFS)
R? ehRecvr;Windows Media Center Receiver Service
R? ehSched;Windows Media Center Scheduler Service
R? elxstor;elxstor
R? ErrDev;Microsoft Hardware Error Device Driver
R? exfat;exFAT File System Driver
R? fastfat;FAT12/16/32 File System Driver
R? Fax;Fax
R? fdc;Floppy Disk Controller Driver
R? Filetrace;Filetrace
R? FLEXnet Licensing Service;FLEXnet Licensing Service
R? flpydisk;Floppy Disk Driver
R? FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0
R? FsDepends;File System Dependency Minifilter
R? gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
R? GREGService;GREGService
R? gupdate;Google更新 服務 (gupdate)
R? gupdatem;Google更新 服務 (gupdatem)
R? hcw85cir;Hauppauge Consumer Infrared Receiver
R? HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service
R? HidBatt;HID UPS Battery Driver
R? HidBth;Microsoft Bluetooth HID Miniport
R? HidIr;Microsoft Infrared HID Driver
R? hidserv;Human Interface Device Access
R? hkmsvc;Health Key and Certificate Management
R? HpSAMD;HpSAMD
R? iaStorV;Intel RAID Controller Windows 7
R? IconMan_R;IconMan_R
R? idsvc;Windows CardSpace
R? iirsp;iirsp
R? intelide;intelide
R? IPBusEnum;PnP-X IP Bus Enumerator
R? IpFilterDriver;IP 流量篩選器驅動程式
R? IPMIDRV;IPMIDRV
R? IPNAT;IP Network Address Translator
R? IRENUM;IR Bus Enumerator
R? isapnp;isapnp
R? iScsiPrt;iScsiPort Driver
R? kbdhid;Keyboard HID Driver
R? KtmRm;KtmRm for Distributed Transaction Coordinator
R? lltdsvc;Link-Layer Topology Discovery Mapper
R? LSI_FC;LSI_FC
R? LSI_SAS;LSI_SAS
R? LSI_SAS2;LSI_SAS2
R? LSI_SCSI;LSI_SCSI
R? Mcx2Svc;Media Center Extender Service
R? megasas;megasas
R? MegaSR;MegaSR
R? Modem;Modem
R? MozillaMaintenance;Mozilla Maintenance Service
R? mpio;mpio
R? MRxDAV;WebDav 用戶端重新導向器驅動程式
R? msahci;msahci
R? msdsm;msdsm
R? MSDTC;Distributed Transaction Coordinator
R? mshidkmdf;Pass-through HID to KMDF Filter Driver
R? MSiSCSI;Microsoft iSCSI Initiator Service
R? msiserver;Windows Installer
R? MSKSSRV;Microsoft Streaming Service Proxy
R? MSPCLOCK;Microsoft Streaming Clock Proxy
R? MSPQM;Microsoft Streaming Quality Manager Proxy
R? MsRPC;MsRPC
R? MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter
R? MTConfig;Microsoft Input Configuration Driver
R? napagent;Network Access Protection Agent
R? NdisCap;NDIS Capture LightWeight Filter
R? Netlogon;Netlogon
R? NetMsmqActivator;Net.Msmq Listener Adapter
R? NetPipeActivator;Net.Pipe Listener Adapter
R? NetTcpActivator;Net.Tcp Listener Adapter
R? NetTcpPortSharing;Net.Tcp Port Sharing Service
R? nfrd960;nfrd960
R? NOBU;Norton Online Backup
R? npggsvc;nProtect GameGuard Service
R? NPPTNT2;NPPTNT2
R? nv_agp;NVIDIA nForce AGP Bus Filter
R? nvraid;nvraid
R? nvstor;nvstor
R? ohci1394;1394 OHCI Compliant Host Controller (Legacy)
R? ose64;Office 64 Source Engine
R? osppsvc;Office Software Protection Platform
R? Parport;Parallel port driver
R? pciide;pciide
R? pcmcia;pcmcia
R? PerfHost;Performance Counter DLL Host
R? pla;Performance Logs & Alerts
R? PNRPAutoReg;PNRP Machine Name Publication Service
R? Processor;Processor Driver
R? ProtectedStorage;Protected Storage
R? ql2300;ql2300
R? ql40xx;ql40xx
R? QWAVE;Quality Windows Audio Video Experience
R? QWAVEdrv;QWAVE driver
R? RasAcd;Remote Access Auto Connection Driver
R? RasAuto;Remote Access Auto Connection Manager
R? RasMan;Remote Access Connection Manager
R? rdpbus;Remote Desktop Device Redirector Bus Driver
R? RDPWD;RDP Winstation Driver
R? RemoteAccess;Routing and Remote Access
R? RemoteRegistry;Remote Registry
R? Revoflt;Revoflt
R? RFCOMM;Bluetooth 裝置 (RFCOMM 通訊協定 TDI)
R? RpcLocator;Remote Procedure Call (RPC) Locator
R? RS_Service;Raw Socket Service
R? sbp2port;sbp2port
R? SCardSvr;Smart Card
R? scfilter;智慧卡 PnP 類別篩選器驅動程式
R? SCPolicySvc;Smart Card Removal Policy
R? SDRSVC;Windows Backup
R? seclogon;Secondary Logon
R? SensrSvc;Adaptive Brightness
R? Serenum;Serenum Filter Driver
R? Serial;Serial
R? sermouse;Serial Mouse Driver
R? SessionEnv;Remote Desktop Configuration
R? sffdisk;SFF Storage Class Driver
R? sffp_mmc;SFF Storage Protocol Driver for MMC
R? sffp_sd;SFF Storage Protocol Driver for SDBus
R? sfloppy;High-Capacity Floppy Disk Drive
R? SharedAccess;Internet Connection Sharing (ICS)
R? SiSRaid2;SiSRaid2
R? SiSRaid4;SiSRaid4
R? Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
R? SNMPTRAP;SNMP Trap
R? sppuinotify;SPP Notification Service
R? SstpSvc;Secure Socket Tunneling Protocol Service
R? stexstor;stexstor
R? SwitchBoard;SwitchBoard
R? swprv;Microsoft Software Shadow Copy Provider
R? TabletInputService;Tablet PC Input Service
R? TapiSrv;Telephony
R? TBS;TPM Base Services
R? TCPIP6;Microsoft IPv6 Protocol Driver
R? TDPIPE;TDPIPE
R? TDTCP;TDTCP
R? TermService;Remote Desktop Services
R? THREADORDER;Thread Ordering Server
R? tssecsrv;Remote Desktop Services Security Filter Driver
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? TurboBoost;Intel® Turbo Boost Technology Monitor 2.0
R? uagp35;Microsoft AGPv3.5 Filter
R? udfs;udfs
R? UI0Detect;Interactive Services Detection
R? uliagpkx;Uli AGP Bus Filter
R? UmPass;Microsoft UMPass Driver
R? usb_rndisx;USB RNDIS 介面卡
R? usbaudio;USB Audio Driver (WDM)
R? usbcir;eHome Infrared Receiver (USBCIR)
R? usbohci;Microsoft USB Open Host Controller Miniport Driver
R? usbprint;Microsoft USB PRINTER Class
R? USBSTOR;USB Mass Storage Driver
R? usbuhci;Microsoft USB Universal Host Controller Miniport Driver
R? VaultSvc;Credential Manager
R? vds;Virtual Disk
R? vga;vga
R? vhdmp;vhdmp
R? viaide;viaide
R? vmusb;VMware USB Client Driver
R? vsmraid;vsmraid
R? VSS;Volume Shadow Copy
R? W32Time;Windows Time
R? WacomPen;Wacom Serial Pen HID Driver
R? WANARP;遠端存取 IP ARP 驅動程式
R? WatAdminSvc;Windows 啟用技術服務
R? wbengine;Block Level Backup Engine Service
R? WbioSrvc;Windows Biometric Service
R? WcsPlugInService;Windows Color System
R? Wd;Wd
R? WebClient;WebClient
R? Wecsvc;Windows Event Collector
R? wercplsupport;Problem Reports and Solutions Control Panel Support
R? WerSvc;Windows Error Reporting Service
R? WIMMount;WIMMount
R? WinRM;Windows Remote Management (WS-Management)
R? WinUsb;WinUsb
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPCSvc;家長監護
R? WPDBusEnum;Portable Device Enumerator Service
R? WUDFRd;WUDFRd
R? WwanSvc;WWAN AutoConfig
S? ACPI;Microsoft ACPI Driver
S? AeLookupSvc;Application Experience
S? AFD;Ancillary Function Driver for Winsock
S? amdxata;amdxata
S? Appinfo;Application Information
S? atapi;IDE Channel
S? athr;Atheros Extensible Wireless LAN device driver
S? AudioEndpointBuilder;Windows Audio Endpoint Builder
S? AudioSrv;Windows Audio
S? Beep;Beep
S? BFE;Base Filtering Engine
S? BITS;Background Intelligent Transfer Service
S? blbdrive;blbdrive
S? bowser;瀏覽支援驅動程式
S? Browser;Computer Browser
S? cdrom;CD-ROM Driver
S? CLFS;Common Log (CLFS)
S? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
S? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
S? CmBatt;Microsoft ACPI Control Method Battery Driver
S? CNG;CNG
S? CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service
S? Compbatt;Microsoft Composite Battery Driver
S? CompositeBus;Composite Bus Enumerator Driver
S? CryptSvc;Cryptographic Services
S? CxAudMsg;Conexant Audio Message Service
S? DcomLaunch;DCOM Server Process Launcher
S? DfsC;DFS Namespace Client Driver
S? Dhcp;DHCP Client
S? discache;System Attribute Cache
S? Disk;磁碟驅動程式
S? Dnscache;DNS Client
S? DPS;Diagnostic Policy Service
S? DsiWMIService;Dritek WMI Service
S? DXGKrnl;LDDM Graphics Subsystem
S? eamonm;eamonm
S? EapHost;Extensible Authentication Protocol
S? ehdrv;ehdrv
S? ekrn;ESET Service
S? epfwwfpr;epfwwfpr
S? ePowerSvc;Acer ePower Service
S? ETD;ELAN PS/2 Port Input Device
S? eventlog;Windows Event Log
S? EventSystem;COM+ Event System
S? fdPHost;Function Discovery Provider Host
S? FDResPub;Function Discovery Resource Publication
S? FileInfo;File Information FS MiniFilter
S? FltMgr;FltMgr
S? FontCache;Windows Font Cache Service
S? fvevol;Bitlocker 磁碟機加密篩選器驅動程式
S? gpsvc;Group Policy Client
S? hcmon;VMware hcmon
S? HDAudBus;Microsoft UAA Bus Driver for High Definition Audio
S? HidUsb;Microsoft HID 類別驅動程式
S? HomeGroupListener;HomeGroup Listener
S? HomeGroupProvider;HomeGroup Provider
S? HTTP;HTTP
S? hwpolicy;Hardware Policy Driver
S? i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver
S? iaStor;Intel AHCI Controller
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? IDMWFP;IDMWFP
S? igfx;igfx
S? IKEEXT;IKE and AuthIP IPsec Keying Modules
S? ImeDictUpdateService;Microsoft IME Dictionary Update
S? IntcDAud;Intel® Display Audio
S? intelppm;Intel Processor Driver
S? iphlpsvc;IP Helper
S? kbdclass;Keyboard Class Driver
S? KeyIso;CNG Key Isolation
S? KSecDD;KSecDD
S? KSecPkg;KSecPkg
S? ksthunk;Kernel Streaming Thunks
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller
S? LanmanServer;Server
S? LanmanWorkstation;Workstation
S? Live Updater Service;Live Updater Service
S? lltdio;Link-Layer Topology Discovery Mapper I/O Driver
S? lmhosts;TCP/IP NetBIOS Helper
S? LMS;Intel® Management and Security Application Local Management Service
S? luafv;UAC 檔案模擬
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? MEIx64;Intel® Management Engine Interface
S? MMCSS;Multimedia Class Scheduler
S? Mobile Broadband HL Service;Mobile Broadband HL Service
S? monitor;Microsoft Monitor Class Function Driver Service
S? mouclass;滑鼠類別驅動程式
S? mouhid;滑鼠 HID 驅動程式
S? mountmgr;掛接點管理員
S? mpsdrv;Windows Firewall Authorization Driver
S? MpsSvc;Windows Firewall
S? mrxsmb;SMB MiniRedirector 包裝函式與引擎
S? mrxsmb10;SMB 1.x MiniRedirector
S? mrxsmb20;SMB 2.0 MiniRedirector
S? Msfs;Msfs
S? msisadrv;msisadrv
S? mssmbios;Microsoft System Management BIOS Driver
S? Mup;Mup
S? NativeWifiP;NativeWiFi Filter
S? NDIS;NDIS System Driver
S? NdisTapi;遠端存取 NDIS TAPI 驅動程式
S? Ndisuio;NDIS Usermode I/O Protocol
S? NdisWan;遠端存取 NDIS WAN 驅動程式
S? NDProxy;NDIS Proxy
S? NetBIOS;NetBIOS Interface
S? NetBT;NetBT
S? Netman;Network Connections
S? netprofm;Network List Service
S? NlaSvc;Network Location Awareness
S? Npfs;Npfs
S? nsi;Network Store Interface Service
S? nsiproxy;NSI proxy service driver.
S? Ntfs;Ntfs
S? NTI IScheduleSvc;NTI IScheduleSvc
S? NTIDrvr;NTIDrvr
S? Null;Null
S? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
S? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
S? nvlddmkm;nvlddmkm
S? nvpciflt;nvpciflt
S? NVSvc;NVIDIA Driver Helper Service
S? OODefragAgent;O&O Defrag
S? p2pimsvc;Peer Networking Identity Manager
S? p2psvc;Peer Networking Grouping
S? partmgr;磁碟分割管理員
S? PcaSvc;Program Compatibility Assistant Service
S? pci;PCI Bus Driver
S? pcw;Performance Counters for Windows Driver
S? PEAUTH;PEAUTH
S? PlugPlay;Plug and Play
S? PNRPsvc;Peer Name Resolution Protocol
S? PolicyAgent;IPsec Policy Agent
S? Power;Power
S? PptpMiniport;WAN Miniport (PPTP)
S? ProfSvc;User Profile Service
S? Psched;QoS 封包排程器
S? PSI_SVC_2;Protexis Licensing V2
S? PxHlpa64;PxHlpa64
S? RasAgileVpn;WAN Miniport (IKEv2)
S? Rasl2tp;WAN Miniport (L2TP)
S? RasPppoe;遠端存取 PPPOE 驅動程式
S? RasSstp;WAN Miniport (SSTP)
S? rdbss;重新導向緩衝子系統
S? RDPCDD;RDPCDD
S? RDPENCDD;RDP Encoder Mirror Driver
S? RDPREFMP;Reflector Display Driver used to gain access to graphics data
S? rdyboost;ReadyBoost
S? RpcEptMapper;RPC Endpoint Mapper
S? RpcSs;Remote Procedure Call (RPC)
S? RSPCIESTOR;Realtek PCIE CardReader Driver
S? rspndr;Link-Layer Topology Discovery Responder
S? SamSs;Security Accounts Manager
S? Schedule;Task Scheduler
S? sdbus;sdbus
S? secdrv;Security Driver
S? SENS;System Event Notification Service
S? ShellHWDetection;Shell Hardware Detection
S? spldr;Security Processor Loader Driver
S? Spooler;Print Spooler
S? sppsvc;Software Protection
S? srv;Server SMB 1.xxx 驅動程式
S? srv2;Server SMB 2.xxx 驅動程式
S? srvnet;srvnet
S? SSDPSRV;SSDP Discovery
S? stisvc;Windows Image Acquisition (WIA)
S? swenum;Software Bus Driver
S? SysMain;Superfetch
S? Tcpip;TCP/IP Protocol Driver
S? tcpipreg;TCP/IP Registry Compatibility
S? tdx;NetIO 傳統 TDI 支援驅動程式
S? TermDD;Terminal Device Driver
S? Themes;Themes
S? TrkWks;Distributed Link Tracking Client
S? TrustedInstaller;Windows Modules Installer
S? TuneUp.UtilitiesSvc;TuneUp Utilities Service
S? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv
S? tunnel;Microsoft Tunnel Miniport Adapter Driver
S? TurboB;Turbo Boost UI Monitor driver
S? UBHelper;UBHelper
S? umbus;UMBus Enumerator Driver
S? UNS;Intel® Management and Security Application User Notification Service
S? upnphost;UPnP Device Host
S? usbccgp;Microsoft USB 一般上層驅動程式
S? usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
S? usbhub;Microsoft USB 標準集線器驅動程式
S? usbvideo;USB Video Device (WDM)
S? UxSms;Desktop Window Manager Session Manager
S? UxTuneUp;TuneUp Theme Extension
S? vdrvroot;Microsoft Virtual Drive Enumerator Driver
S? VgaSave;VgaSave
S? VMAuthdService;VMware Authorization Service
S? vmci;VMware VMCI Bus Driver
S? VMnetAdapter;VMware Virtual Ethernet Adapter Driver
S? VMnetBridge;VMware Bridge Protocol
S? VMnetDHCP;VMware DHCP Service
S? VMnetuserif;VMware Network Application Interface
S? VMUSBArbService;VMware USB Arbitration Service
S? VMware NAT Service;VMware NAT Service
S? VMwareHostd;VMware Workstation Server
S? vmx86;VMware vmx86
S? volmgr;Volume Manager Driver
S? volmgrx;動態磁碟區管理員
S? volsnap;存放磁碟區
S? vsock;vSockets Driver
S? vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared)
S? vwifibus;Virtual WiFi Bus Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? Wanarpv6;遠端存取 IPv6 ARP 驅動程式
S? wcncsvc;Windows Connect Now - Config Registrar
S? Wdf01000;Kernel Mode Driver Frameworks service
S? WdiServiceHost;Diagnostic Service Host
S? WdiSystemHost;Diagnostic System Host
S? WfpLwf;WFP Lightweight Filter
S? WinDefend;Windows Defender
S? WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service
S? Winmgmt;Windows Management Instrumentation
S? Wlansvc;WLAN AutoConfig
S? wlidsvc;Windows Live ID Sign-in Assistant
S? WmiAcpi;Microsoft Windows Management Interface for ACPI
S? wmiApSrv;WMI Performance Adapter
S? WMPNetworkSvc;Windows Media Player Network Sharing Service
S? ws2ifsl;Windows 通訊端 2.0 非 IFS 服務提供者支援環境
S? wscsvc;Security Center
S? WSearch;Windows Search
S? wuauserv;Windows Update
S? WudfPf;User Mode Driver Frameworks Platform Driver
S? wudfsvc;Windows Driver Foundation - User-mode Driver Framework
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .vbe: VBEFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
FileExt: .jse: JSEFile=C:\Windows\System32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
ShellExec: Acrobat.exe: Open="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe" "%1"
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "%1"
ShellExec: Adobe Audition CS6.exe: open="C:\Program Files (x86)\Adobe\Adobe Audition CS6\Adobe Audition CS6.exe" "%1"
ShellExec: Adobe Flash Catalyst.exe: Open="C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5.5\Adobe Flash Catalyst.exe" "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: EXCEL.EXE: open="C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" "%1"
ShellExec: FlashBuilder.exe: Open="C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
ShellExec: Illustrator.exe: open="C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe" "%1"
ShellExec: KMPlayer.exe: open="C:\Program Files (x86)\The KMPlayer\KMPlayer.exe" "%1"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: newsXpresso.exe: open="C:\Program Files (x86)\newsXpresso\newsXpresso.exe" /e "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: OIS.EXE: Edit=C:\PROGRA~1\MICROS~4\Office14\OIS.EXE /shellEdit "%1"
ShellExec: OIS.EXE: Open=C:\PROGRA~1\MICROS~4\Office14\OIS.EXE /shellOpen "%1"
ShellExec: OIS.EXE: Preview=C:\PROGRA~1\MICROS~4\Office14\OIS.EXE /shellPreview "%1"
ShellExec: Photoshop.exe: edit="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
ShellExec: Photoshop.exe: open="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: vmplayer.exe: open="C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe" "%1"
ShellExec: vmware.exe: open="C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe" -t "%1"
ShellExec: VSLauncher.exe: Open="C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
ShellExec: vsta.exe: edit="C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\vsta.exe" /dde
ShellExec: vsta.exe: open="C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\vsta.exe" "%1"
ShellExec: Winword.exe: edit="C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
ShellExec: XLICONS.EXE: open="C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE" "%1"
.
=============== Created Last 60 ================
.
2012-12-16 11:34:48 -------- d-----w- C:\Program Files\Common Files\DESIGNER
2012-12-16 11:33:22 -------- d-----w- C:\Windows\PCHEALTH
2012-12-16 11:28:52 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2012-12-16 11:27:30 -------- d--h--r- C:\MSOCache
2012-12-15 13:43:37 -------- d-----w- C:\Program Files\Microsoft Office
2012-12-15 13:40:51 -------- d-----w- C:\Program Files (x86)\Office Key Remover
2012-12-15 12:12:51 -------- d-----w- C:\Users\Paul\AppData\Local\ElevatedDiagnostics
2012-12-15 11:23:02 -------- d-----w- C:\Windows\SysWow64\WNLT
2012-12-14 15:32:06 -------- d-----w- C:\Program Files (x86)\Google
2012-12-14 15:25:42 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-14 15:25:42 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-12-14 15:25:42 890048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-12-14 15:25:42 270816 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2012-12-14 15:25:42 21472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plc4.dll
2012-12-14 15:25:42 20960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll
2012-12-14 15:25:42 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2012-12-14 15:25:42 16864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2012-12-14 15:25:42 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-14 15:25:42 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2012-12-14 15:25:42 15112160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2012-12-14 15:25:42 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2012-12-14 15:25:41 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2012-12-14 15:25:41 92640 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
2012-12-14 15:25:41 916960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-12-14 15:25:41 810976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-12-14 15:25:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-12-14 15:25:41 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-12-14 15:25:41 638432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nss3.dll
2012-12-14 15:25:41 58848 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2012-12-14 15:25:41 472544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2012-12-14 15:25:41 4220896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-12-14 15:25:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-12-14 15:25:41 370656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
2012-12-14 15:25:41 262112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-12-14 15:25:41 258528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2012-12-14 15:25:41 2397152 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-12-14 15:25:41 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-12-14 15:25:41 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-12-14 15:25:41 192728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-12-14 15:25:41 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-12-14 15:25:41 172000 ----a-w- C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
2012-12-14 15:25:41 15840 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2012-12-14 15:25:41 124896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-12-14 15:25:41 116192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2012-12-14 15:25:41 115168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-12-14 15:25:41 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox
2012-12-14 15:25:01 -------- d-----w- C:\Users\Paul\AppData\Roaming\Mozilla
2012-12-14 15:24:54 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-14 12:13:27 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1639D957-1E5D-4945-819D-FC21D0FC0795}\mpengine.dll
2012-12-14 07:52:18 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2012-12-12 11:09:22 -------- d-----w- C:\Users\Paul\AppData\Local\MicrosoftStore
2012-12-12 10:40:22 -------- d-----w- C:\Users\Paul\AppData\Roaming\Design Science
2012-12-12 07:54:17 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-12-12 07:54:17 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-12-12 07:54:17 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-12-12 07:54:17 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-12-12 07:54:17 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-12 07:54:17 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-12 07:54:17 182816 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-12-12 07:54:17 149552 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-12-12 07:54:16 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-12-12 07:54:16 237056 ----a-w- C:\Windows\System32\url.dll
2012-12-12 07:54:16 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-12-12 07:54:16 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-12-12 07:54:16 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-12-12 07:54:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-12-12 07:54:16 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-12-12 07:54:15 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-12-12 07:54:15 757296 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2012-12-12 07:54:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-12-12 07:54:15 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-12-12 07:54:15 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-12-12 07:54:14 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-12-12 07:54:14 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-12-12 07:54:14 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-12-12 07:54:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-12-12 07:54:13 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-12-12 07:54:13 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2012-12-12 07:54:13 194560 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-12-12 07:54:13 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-12-12 07:54:13 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-12-12 07:54:12 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-12-12 07:54:12 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-12-12 07:54:12 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-12-12 07:54:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-12-12 07:54:11 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-12-12 07:54:11 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-12-12 07:54:11 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-12-12 07:54:11 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-12-12 07:54:11 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-12-12 07:54:11 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-12-12 07:54:10 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-12-12 07:54:08 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-12-12 07:54:06 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-12-12 07:54:05 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-12-12 07:54:03 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-12-12 06:33:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 06:33:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 06:32:55 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 06:32:54 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-12 06:32:54 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-12 06:32:54 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 06:32:53 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-12 06:32:42 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-12 06:32:42 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-12-12 06:32:42 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-12-12 06:32:42 1161216 ----a-w- C:\Windows\System32\kernel32.dll
2012-12-12 06:32:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-12-12 06:32:41 1114112 ----a-w- C:\Windows\SysWow64\kernel32.dll
2012-12-12 06:32:39 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-12-12 06:32:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-12-12 06:32:38 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 06:32:38 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 06:32:38 5120 ---ha-w- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 06:32:38 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-12-12 06:32:38 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 06:32:38 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 06:32:38 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 06:32:38 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 06:32:38 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 06:32:38 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 06:32:38 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-12-12 06:32:38 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 06:32:38 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 06:32:38 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 06:32:38 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 06:32:38 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 06:32:38 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 06:32:38 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 06:32:38 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-12-12 06:32:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-12-12 06:32:38 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-12-12 06:32:38 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-12-12 06:32:37 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 06:32:37 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 06:32:37 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 06:32:37 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 06:32:37 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 06:32:37 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 06:32:37 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 06:32:37 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 06:32:37 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 06:32:37 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 06:32:36 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 06:32:36 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 06:32:36 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 06:32:36 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 06:32:36 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 06:32:36 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 06:32:36 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 06:32:36 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 06:32:35 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-12-12 06:32:13 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 06:32:12 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-10 05:01:17 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-12-10 05:01:07 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-12-10 05:01:02 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-10 05:01:02 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-12-10 05:01:02 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-12-10 05:00:42 -------- d-----w- C:\Program Files (x86)\Java
2012-12-10 02:15:47 -------- d-----w- C:\Users\Paul\AppData\Local\ESET
2012-12-07 12:13:12 -------- d-----w- C:\Users\Paul\AppData\Roaming\Mathematica
2012-12-07 12:13:12 -------- d-----w- C:\Users\Paul\AppData\Local\Mathematica
2012-12-07 12:12:20 -------- d-----w- C:\Program Files\Common Files\Wolfram Research
2012-12-07 12:12:19 -------- d-----w- C:\ProgramData\Mathematica
2012-12-07 12:12:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wolfram Research
2012-12-07 12:12:19 -------- d-----w- C:\Program Files (x86)\Common Files\ResearchSoft
2012-12-07 12:08:31 99344 ----a-w- C:\Windows\System32\mlshm64.mlp
2012-12-07 12:08:31 93712 ----a-w- C:\Windows\SysWow64\mltcp32.mlp
2012-12-07 12:08:31 88080 ----a-w- C:\Windows\SysWow64\mlshm32.mlp
2012-12-07 12:08:31 79376 ----a-w- C:\Windows\SysWow64\mlmap32.mlp
2012-12-07 12:08:31 462864 ----a-w- C:\Windows\System32\mltcpip64.mlp
2012-12-07 12:08:31 436240 ----a-w- C:\Windows\System32\ml64i3.dll
2012-12-07 12:08:31 369680 ----a-w- C:\Windows\SysWow64\ml32i3.dll
2012-12-07 12:08:31 333840 ----a-w- C:\Windows\SysWow64\mltcpip32.mlp
2012-12-07 12:08:31 302608 ----a-w- C:\Windows\System32\ml64i2.dll
2012-12-07 12:08:31 260112 ----a-w- C:\Windows\SysWow64\ml32i2.dll
2012-12-07 12:08:31 253968 ----a-w- C:\Windows\SysWow64\ml32i1.dll
2012-12-07 12:08:31 203792 ----a-w- C:\Windows\System32\mlmodule64.dll
2012-12-07 12:08:31 167952 ----a-w- C:\Windows\SysWow64\mlmodule32.dll
2012-12-07 12:08:31 103440 ----a-w- C:\Windows\System32\mltcp64.mlp
2012-12-07 12:07:19 -------- d-----w- C:\Program Files\Wolfram Research
2012-11-30 13:28:24 -------- d-----w- C:\Users\Paul\.Virtualbox.sav
2012-11-30 11:44:13 -------- d-----w- C:\Program Files (x86)\Android
2012-11-30 11:34:25 -------- d-----w- C:\Users\Paul\.android
2012-11-30 10:42:39 -------- d-----w- C:\Users\Paul\AppData\Roaming\baidu
2012-11-30 10:39:21 -------- d-----w- C:\Program Files (x86)\Baidu
2012-11-28 13:10:31 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-28 08:57:20 -------- d-----w- C:\ProgramData\ESET
2012-11-28 08:57:20 -------- d-----w- C:\Program Files\ESET
2012-11-17 03:14:25 2560 ----a-w- C:\Windows\System32\drivers\zh-TW\wdf01000.sys.mui
2012-11-17 03:14:23 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 03:14:23 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 03:14:23 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 03:05:40 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 03:05:40 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 03:05:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 03:05:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 03:05:39 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 03:05:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 03:05:39 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-15 16:56:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-15 16:56:13 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-15 16:56:12 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-15 16:56:12 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-15 16:56:04 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-15 16:56:04 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-15 16:56:04 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-15 16:56:04 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-15 16:56:04 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-15 16:56:04 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-15 16:56:03 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-15 16:56:03 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-15 16:56:03 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-15 16:56:03 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-15 16:56:03 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-15 16:56:03 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-15 16:55:41 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-15 16:55:40 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-10 16:06:45 -------- d-----w- C:\Users\Paul\AppData\Roaming\MusicMP3Downloader
2012-11-10 16:06:45 -------- d-----w- C:\ProgramData\MusicMP3Downloader
2012-11-10 15:58:51 -------- d-----w- C:\Program Files (x86)\FreeTime
2012-11-10 13:19:09 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-11-08 20:47:52 -------- d-----w- C:\Users\Paul\AppData\Local\VMware
2012-11-08 20:47:49 -------- d-----w- C:\Users\Paul\AppData\Roaming\VMware
2012-11-08 20:36:00 70296 ----a-w- C:\Windows\System32\drivers\vsock.sys
2012-11-08 20:36:00 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2012-11-08 20:36:00 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2012-11-08 20:35:55 67224 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-11-08 20:35:31 357016 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-11-08 20:35:28 435864 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-11-08 20:35:28 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-11-08 20:35:26 933528 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-11-08 20:35:12 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-11-08 20:34:16 -------- d-----w- C:\Program Files\Common Files\VMware
2012-11-08 20:33:42 -------- d-----w- C:\ProgramData\VMware
2012-11-08 20:33:42 -------- d-----w- C:\Program Files (x86)\VMware
2012-11-08 20:33:42 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-11-08 18:50:41 -------- d-----w- C:\Users\Paul\AppData\Roaming\Publish Providers
2012-11-08 18:42:02 -------- d-----w- C:\ProgramData\Sony
2012-11-08 18:42:02 -------- d-----w- C:\Program Files (x86)\Sony
2012-11-08 17:59:57 -------- d-----w- C:\Users\Paul\AppData\Local\Sony
2012-11-08 17:59:57 -------- d-----w- C:\Program Files\Sony
2012-11-08 17:56:55 -------- d-----w- C:\Users\Paul\AppData\Roaming\Sony
2012-11-08 17:37:38 -------- d--h--w- C:\Windows\Icons
2012-11-08 17:18:59 37216 ----a-w- C:\Windows\System32\uxtuneup.dll
2012-11-08 17:18:59 29536 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2012-11-08 17:18:16 34656 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-11-08 17:18:16 25952 ----a-w- C:\Windows\System32\authuitu.dll
2012-11-08 17:18:16 21344 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-11-08 17:18:06 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2013
2012-11-08 17:17:06 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-01 03:46:00 4880240 ----a-w- C:\Windows\System32\ooscrsav.scr
2012-11-01 03:45:40 256368 ----a-w- C:\Windows\System32\oodbs.exe
2012-11-01 03:45:14 537456 ----a-w- C:\Windows\System32\oodssrs.dll
2012-11-01 03:45:08 10096 ----a-w- C:\Windows\System32\oodbsrs.dll
2012-10-31 18:34:10 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-10-31 18:34:10 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-10-31 18:34:08 48792 ----a-w- C:\Windows\System32\vnetinst.dll
2012-10-31 18:34:08 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-10-31 18:34:08 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-10-31 17:02:08 353280 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-10-27 03:03:10 -------- d-----w- C:\Users\Paul\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2012-10-27 02:58:49 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-10-27 02:45:30 -------- d-----w- C:\Users\Paul\AppData\Roaming\QuizResultsAnalyzer.C0CA58D26EB27EF0DDD094CE3C4337F3360F5EE2.1
2012-10-26 16:45:50 -------- d-----w- C:\Users\Paul\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-10-26 15:08:54 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-10-24 06:17:10 85104 ----a-w- C:\Windows\System32\drivers\vmci.sys
.
==================== Find6M ====================
.
2012-12-13 10:59:15 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 10:59:15 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-12 07:55:49 67413224 ----a-w- C:\Windows\System32\MRT.exe
2012-12-10 05:00:43 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-10 05:00:43 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 09:15:06 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys
2012-10-04 16:40:23 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-09-29 11:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-23 12:43:48 55432 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-09-23 12:43:42 26768 ----a-w- C:\Windows\System32\AdobePDFUI.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:16:43 73216 ----a-w- C:\Windows\System32\netapi32.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:16:56 57344 ----a-w- C:\Windows\SysWow64\netapi32.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-04 20:26:07 41472 ----a-w- C:\Windows\System32\drivers\rndismpx.sys
2012-07-04 20:26:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
.
============= FINISH: 9:59:10.69 ===============

.
==== Image File Execution Options =============
.
IFEO: acervcm.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: Acrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: acrodist.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: formscentralforacrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: greg.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO: nobuclient.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: acervcm.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: Acrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: acrodist.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: bttray.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: formscentralforacrobat.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: greg.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
x64-IFEO: nobuclient.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer eRecovery Management
Acer PowerSmart Manager
Acer Registration
Acer ScreenSaver
Acer Updater
Acer USB Charge Manager
Acer VCM
Adobe Acrobat XI Pro
Adobe AIR
Adobe Creative Suite 5.5 Master Collection
Adobe Creative Suite 6 Master Collection
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader 9.5.2 MUI
Adobe Story
Adobe Widget Browser
Adobe? Content Viewer
Apple Application Support
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Backup Manager V3
bl
clear.fi
clear.fi Client
Conexant HD Audio
Contents
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
Corel VideoStudio Pro X5
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - EN
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
ESET NOD32 Antivirus
ETDWare PS/2-X64 8.0.6.0_WHQL
Google Chrome
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
ICA
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor 2.0
Internet Download Manager
IPM_VS_Pro
ISCOM
Java 7 Update 9
Java Auto Updater
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware セ 1.65.1.1000
Mathematica Extras 8.0 (1802959)
MediaEspresso
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CHT Language Pack
Microsoft .NET Framework 4 Client Profile 繁體中文語言套件
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended CHT Language Pack
Microsoft .NET Framework 4 Extended 繁體中文語言套件
Microsoft Application Error Reporting
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Groove MUI (Chinese (Traditional)) 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2010
Microsoft Office Language Pack 2010 - Chinese (Traditional)/中文(繁體)
Microsoft Office O MUI (Chinese (Traditional)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 32-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office SharePoint Designer MUI (Chinese (Traditional)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Office X MUI (Chinese (Traditional)) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mobile Broadband HL Service
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
newsXpresso
Norton Online Backup
NTI Media Maker 9
NVIDIA Control Panel 267.21
NVIDIA Graphics Driver 267.21
NVIDIA Install Application
NVIDIA PhysX
O&O Defrag Professional
Office Key Remover
PDF Settings CS5
PDF Settings CS6
ph
PxMergeModule
QuickTime
Realtek PCIE Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller Pro 2.5.9
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile 繁體中文語言套件 (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile 繁體中文語言套件 (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2345000)
Setup
Share
Share64
Shared C Run-time for x64
SmartSound Common Data
SmartSound Quicktracks 5
The Best Keylogger
The KMPlayer (remove only)
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Vegas Pro 12.0 (64-bit)
VMware Workstation
VSClassic
VSHelp
VSPro
Welcome Center
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片库
Windows Live 影像中心
Windows Live 软件包
Windows Media Encoder 9 Series
WinRAR 4.01 (64-bit)
Wolfram Mathematica 8 (M-WIN-L 8.0.0 1803527)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== End Of File ===========================

#4 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 09:07 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-17 10:00:59
-----------------------------
10:00:59.303 OS Version: Windows x64 6.1.7601 Service Pack 1
10:00:59.304 Number of processors: 4 586 0x2A07
10:00:59.304 ComputerName: PAUL-PC UserName: Paul
10:01:00.754 Initialize success
10:02:35.655 AVAST engine defs: 12121601
10:02:52.743 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:02:52.749 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
10:02:52.809 Disk 0 MBR read successfully
10:02:52.815 Disk 0 MBR scan
10:02:52.823 Disk 0 Windows 7 default MBR code
10:02:52.844 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
10:02:52.874 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
10:02:52.912 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 297422 MB offset 31664128
10:02:52.991 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 297596 MB offset 640784384
10:02:53.040 Disk 0 scanning C:\Windows\system32\drivers
10:03:03.053 Service scanning
10:03:27.729 Modules scanning
10:03:27.748 Disk 0 trace - called modules:
10:03:28.156 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:03:28.164 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009cbe060]
10:03:28.171 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007eb8050]
10:03:29.951 AVAST engine scan C:\Windows
10:03:31.928 AVAST engine scan C:\Windows\system32
10:06:37.448 AVAST engine scan C:\Windows\system32\drivers
10:06:48.748 AVAST engine scan C:\Users\Paul
10:07:11.977 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
10:07:11.983 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"

#5 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 09:08 PM

Attached file

Attached Files

  • Attached File  MBR.zip   574bytes   1 downloads


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:30 AM

Posted 16 December 2012 - 09:08 PM

Please run the following

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 09:48 PM

ComboFix 12-12-17.01 - Paul 12/2012 週一 10:32:52.1.4 - x64
执行位置: c:\users\Paul\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul\AppData\Local\.#
c:\users\Paul\AppData\Local\.#\MBX@1274@2F19A8.###
c:\users\Paul\AppData\Local\.#\MBX@1528@7ED19A8.###
c:\users\Paul\AppData\Local\.#\MBX@15F4@64419C8.###
c:\users\Paul\AppData\Local\.#\MBX@1744@2519C8.###
c:\users\Paul\AppData\Local\.#\MBX@181C@2151A40.###
c:\users\Paul\AppData\Local\.#\MBX@181C@2151A60.###
c:\users\Paul\AppData\Local\.#\MBX@1B04@3D1A40.###
c:\users\Paul\AppData\Local\.#\MBX@1B04@3D1A60.###
c:\users\Paul\AppData\Local\.#\MBX@3118@AA1A40.###
c:\users\Paul\AppData\Local\.#\MBX@3118@AA1A60.###
c:\users\Paul\AppData\Local\.#\MBX@340@1F11A40.###
c:\users\Paul\AppData\Local\.#\MBX@340@1F11A60.###
c:\users\Paul\AppData\Local\.#\MBX@37DC@671A40.###
c:\users\Paul\AppData\Local\.#\MBX@37DC@671A60.###
c:\users\Paul\AppData\Local\.#\MBX@3A4@241A40.###
c:\users\Paul\AppData\Local\.#\MBX@3A4@241A60.###
c:\users\Paul\AppData\Local\.#\MBX@4180@251A40.###
c:\users\Paul\AppData\Local\.#\MBX@4180@251A60.###
c:\users\Paul\AppData\Local\.#\MBX@45AC@2419C8.###
c:\users\Paul\AppData\Local\.#\MBX@A14@2519A8.###
c:\windows\SysWow64\DEBUG.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((( 2012-11-17 至 2012-12-17 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-12-17 02:37 . 2012-12-17 02:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 11:34 . 2012-12-16 11:34 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-12-16 11:33 . 2012-12-16 11:33 -------- d-----w- c:\windows\PCHEALTH
2012-12-16 11:28 . 2012-12-16 11:28 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-12-16 11:27 . 2012-12-16 11:27 -------- d-----r- C:\MSOCache
2012-12-15 13:43 . 2012-12-16 11:33 -------- d-----w- c:\program files\Microsoft Office
2012-12-15 13:40 . 2012-12-15 13:40 -------- d-----w- c:\program files (x86)\Office Key Remover
2012-12-15 12:12 . 2012-12-15 12:12 -------- d-----w- c:\users\Paul\AppData\Local\ElevatedDiagnostics
2012-12-15 11:23 . 2012-12-15 11:23 447 ----a-w- C:\user.js
2012-12-15 11:23 . 2012-12-15 11:25 -------- d-----w- c:\windows\SysWow64\WNLT
2012-12-14 15:32 . 2012-12-14 15:32 -------- d-----w- c:\program files (x86)\Google
2012-12-14 15:24 . 2012-12-15 09:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-12-14 12:13 . 2012-11-18 17:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1639D957-1E5D-4945-819D-FC21D0FC0795}\mpengine.dll
2012-12-14 07:52 . 2012-11-22 00:43 165112 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-12-12 11:09 . 2012-12-12 11:09 -------- d-----w- c:\users\Paul\AppData\Local\MicrosoftStore
2012-12-12 10:40 . 2012-12-12 10:40 -------- d-----w- c:\users\Paul\AppData\Roaming\Design Science
2012-12-12 06:33 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 06:33 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-10 05:01 . 2012-12-10 05:01 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-10 05:01 . 2012-12-10 05:00 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-10 05:00 . 2012-12-10 05:00 -------- d-----w- c:\program files (x86)\Java
2012-12-10 02:15 . 2012-12-10 02:15 -------- d-----w- c:\users\Paul\AppData\Local\ESET
2012-12-07 12:13 . 2012-12-07 12:31 -------- d-----w- c:\users\Paul\AppData\Roaming\Mathematica
2012-12-07 12:13 . 2012-12-07 12:25 -------- d-----w- c:\users\Paul\AppData\Local\Mathematica
2012-12-07 12:12 . 2012-12-07 12:12 -------- d-----w- c:\program files\Common Files\Wolfram Research
2012-12-07 12:12 . 2012-12-07 12:31 -------- d-----w- c:\programdata\Mathematica
2012-12-07 12:12 . 2012-12-07 12:12 -------- d-----w- c:\program files (x86)\Common Files\Wolfram Research
2012-12-07 12:12 . 2012-12-07 12:12 -------- d-----w- c:\program files (x86)\Common Files\ResearchSoft
2012-12-07 12:07 . 2012-12-07 12:07 -------- d-----w- c:\program files\Wolfram Research
2012-11-30 13:28 . 2012-11-30 13:28 -------- d-----w- c:\users\Paul\.Virtualbox.sav
2012-11-30 11:44 . 2012-12-02 15:03 -------- d-----w- c:\program files (x86)\Android
2012-11-30 11:34 . 2012-11-30 12:59 -------- d-----w- c:\users\Paul\.android
2012-11-30 10:42 . 2012-11-30 10:47 -------- d-----w- c:\users\Paul\AppData\Roaming\baidu
2012-11-30 10:39 . 2012-11-30 10:49 -------- d-----w- c:\program files (x86)\Baidu
2012-11-28 08:57 . 2012-11-28 08:57 -------- d-----w- c:\program files\ESET
2012-11-17 03:14 . 2012-07-26 05:18 2560 ----a-w- c:\windows\system32\drivers\zh-TW\wdf01000.sys.mui
2012-11-17 03:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 03:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 03:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 03:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 03:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 03:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 03:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 03:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 03:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 03:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 10:59 . 2012-03-29 18:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 10:59 . 2012-02-14 15:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 07:55 . 2011-11-30 12:28 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-10 05:00 . 2012-05-28 11:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-10 05:00 . 2011-12-04 00:56 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-29 15:31 . 2012-11-08 17:18 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-29 15:31 . 2012-11-08 17:18 37216 ----a-w- c:\windows\system32\uxtuneup.dll
2012-11-29 15:31 . 2012-11-08 17:18 29536 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-11-29 15:31 . 2012-11-08 17:18 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-11-29 15:31 . 2012-11-08 17:18 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-11-01 03:46 . 2012-11-01 03:46 4880240 ----a-w- c:\windows\system32\ooscrsav.scr
2012-11-01 03:45 . 2012-11-01 03:45 256368 ----a-w- c:\windows\system32\oodbs.exe
2012-11-01 03:45 . 2012-11-01 03:45 537456 ----a-w- c:\windows\system32\oodssrs.dll
2012-11-01 03:45 . 2012-11-01 03:45 10096 ----a-w- c:\windows\system32\oodbsrs.dll
2012-10-31 18:35 . 2012-11-08 20:35 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-10-31 18:35 . 2012-11-08 20:35 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-10-31 18:34 . 2012-11-08 20:35 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-10-31 18:34 . 2012-11-08 20:35 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-10-31 18:34 . 2012-11-08 20:35 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-10-31 18:34 . 2012-10-31 18:34 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-10-31 18:34 . 2012-10-31 18:34 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-10-31 18:34 . 2012-10-31 18:34 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-10-31 18:34 . 2012-10-31 18:34 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-10-31 18:34 . 2012-10-31 18:34 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-10-31 17:02 . 2012-10-31 17:02 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-10-24 06:17 . 2012-11-08 20:36 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-10-24 06:17 . 2012-11-08 20:36 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-10-24 06:17 . 2012-11-08 20:36 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-10-24 06:17 . 2012-10-24 06:17 85104 ----a-w- c:\windows\system32\drivers\vmci.sys
2012-10-16 08:38 . 2012-11-28 13:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 09:15 . 2012-11-08 20:35 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-10-11 09:15 . 2012-10-11 09:15 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-10-09 18:17 . 2012-11-15 16:56 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-15 16:56 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 16:56 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:56 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-04 16:40 . 2012-12-12 06:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 16:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 16:56 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 16:56 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 16:56 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 16:56 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 16:56 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 16:56 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 16:56 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 16:56 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 16:56 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 16:56 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 11:54 . 2012-10-05 10:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 16:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 16:55 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-23 12:43 . 2012-09-23 12:43 55432 ----a-w- c:\windows\system32\AdobePDF.dll
2012-09-23 12:43 . 2012-09-23 12:43 26768 ----a-w- c:\windows\system32\AdobePDFUI.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-12-15 3541008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"IME14 CHT Setup"=c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe"
.
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-11 349224]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-11 39464]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Fly-Yong_Full Client\GameGuard\dump_wmimmc.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-01 1255736]
R4 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-21 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-02 56208]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-03-28 799848]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-20 83312]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-07-22 230240]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2012-11-01 2555760]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-29 2401632]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-10-31 13234176]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
.
.
计划任务 文件夹 里的内容
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:59]
.
2012-11-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2512160827-2672908221-1855002600-1000Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-03 14:28]
.
2012-11-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2512160827-2672908221-1855002600-1000UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-03 14:28]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 15:32]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-14 15:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]
"Power Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2011-03-28 499304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-11-01 7061360]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-19 444904]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 110896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- 而外的扫描 -------
.
uStart Page = hxxp://mystart.incredibar.com/mb201?a=6R8Oj4QEVQ&i=26
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: 使用 IDM 下载 - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: 使用 IDM 下载全部链接 - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: 傳送至 OneNote(&N) - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6R8Oj4QEVQ&&i=26&search=
FF - ExtSQL: 2012-10-26 23:32; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-12-10 16:36; mozilla_cc@internetdownloadmanager.com; c:\users\Paul\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-12-14 23:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-15 19:23; ffxtlbr@incredibar.com; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\extensions\ffxtlbr@incredibar.com
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8Oj4QEVQ&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - e829a1760000000000009439e5185c84
FF - user.js: extensions.incredibar_i.instlDay - 15689
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:23
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8Oj4QEVQ
FF - user.js: extensions.incredibar_i.upn2n - 92825575280389218
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd -
.
.
------- 文件类型 -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Office14.OMUI.zh-tw - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe
AddRemove-{90140000-0015-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0016-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0017-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{D57FE800-0DDA-4DD9-99F5-5DEEBAEAD41E} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0018-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0019-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001A-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{1C0C204E-9D82-45B7-83A5-D592B147E1E4} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001A-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{6BD54348-5821-4621-B76A-E7721BF8265D} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001A-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001B-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001F-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001F-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{E5A402ED-9038-4AD7-9FA5-971D3C752DC7} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{99ACCA38-6DD3-48A8-96AE-A283C9759279} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{C4F26A9B-B121-4135-8084-A0D9C780C7C8} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0028-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{0710D7A9-F962-4926-91C9-FD84D6939114} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0028-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{3ECE53A5-4BA5-49EA-828F-FD071F2652F0} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0028-0404-1000-0000000FF1CE}_Office14.OMUI.zh-tw_{0710D7A9-F962-4926-91C9-FD84D6939114} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0028-0404-1000-0000000FF1CE}_Office14.OMUI.zh-tw_{51739025-3F28-46D2-9BB2-4E2A130C8C4C} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-002A-0404-1000-0000000FF1CE}_Office14.OMUI.zh-tw_{B8238131-3761-4A88-98B5-2356DF5B0A71} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-002C-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{C82D6AFC-1F97-4F03-8A8A-564D647E483E} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0044-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-006E-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{A7F0BFAF-D706-40CD-9C1C-4B1809614797} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-006E-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{F86C89EA-B2DC-44D8-8D86-F3F6EE39E906} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-00A1-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-00A1-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{89356580-A6BA-4331-86CC-6F5B81077A45} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-00BA-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
AddRemove-{90140000-0101-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{257A4FD1-228B-4E6E-9F9E-FDBB899A8FD6} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGControlBarVersion]
"Major"=dword:00000009
"Minor"=dword:00000038
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPBaseControlBar--1]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPBaseControlBar-32806]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPBaseControlBar-59392]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPBaseControlBar-59396]
"IsVisible"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPControlBar--1]
"ID"=dword:ffffffff
"RectRecentFloat"=hex:3a,00,00,00,50,00,00,00,14,01,00,00,18,01,00,00
"RectRecentDocked"=hex:2c,02,00,00,56,00,00,00,06,03,00,00,12,02,00,00
"RecentFrameAlignment"=dword:00004000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPControlBar-32806]
"ID"=dword:00008026
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:2f,02,00,00,85,00,00,00,03,03,00,00,0f,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPControlBar-59392]
"ID"=dword:0000e800
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:2f,02,00,00,85,00,00,00,03,03,00,00,0f,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPControlBar-59396]
"ID"=dword:00000000
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,12,02,00,00,06,03,00,00,32,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGPDockManager-128]
"DockingCBAndSliders"=hex:01,00,00,00,ff,ff,ff,ff,02,00,00,00,08,bd,c5,b1,be,
ca,f4,d0,d4,01,00,00,00,26,80,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,08,\
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGRebar-59396]
"RBI"=hex:50,00,00,00,61,0b,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,26,00,00,00,1f,00,00,00,10,27,00,00,\
"IDs"=hex:00,e8,00,00,27,80,00,00
"Locked"=dword:00000000
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGToolBar-59392]
"Name"=""
"Buttons"=hex:00,20,00,00,01,00,00,00
"OriginalItems"=hex:02,00,ff,ff,01,00,12,00,43,42,43,47,50,54,6f,6f,6c,62,61,
72,42,75,74,74,6f,6e,3b,80,00,00,00,00,00,00,ff,ff,ff,ff,00,01,00,00,00,00,\
"OrigResetItems"=hex:02,00,ff,ff,01,00,12,00,43,42,43,47,50,54,6f,6f,6c,62,61,
72,42,75,74,74,6f,6e,3b,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000000
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:0d,00,00,00,08,00,86,ee,00,00,02,00,00,00,2c,80,00,00,01,
00,00,00,29,80,00,00,03,00,00,00,3f,80,00,00,02,00,00,00,34,80,00,00,01,00,\
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\ControlBars-Summary]
"Bars"=dword:00000000
"ScreenCX"=dword:00000556
"ScreenCY"=dword:00000300
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000\Software\MacroMgr\ c.暰|up7*\Settings\WindowPlacement]
"MainWindowRect"=hex:de,00,00,00,3e,00,00,00,f4,03,00,00,96,02,00,00
"Flags"=dword:00000000
"ShowCmd"=dword:00000001
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\962\*g葉{^骮1*0*]
"firstRunTime"=hex:36,1a,e7,69,51,0c,e4,40
"AutoLinks"=dword:00000001
"UpdateNow"=hex:bd,c0,84,6a,51,0c,e4,40
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000_Classes\Wow6432Node\CLSID\{0221558b-a67d-4fe2-a9fc-589181f4d1d8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000110
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2512160827-2672908221-1855002600-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a7,da,85,99,f2,1f,cd,e0,b5,74,a8,58,c0,d1,b9,f5,a4,48,bc,15,66,
5a,5b,b9,7d,81,f7,ed,49,df,5c,5d,27,4a,83,94,75,b4,7e,4c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="CC2BC3A85FFDBB3F9EBAA0C3094D207A32B3F3EC0C1AC1E1E30400B80B6003576FC497E5B3C74EF779A1E07B721549F6EA4EFAF06CA55C15968DE3E9D8018324B2CA39FE18757894A03BC29BA9C7A09B8899CEE4EEEE55E5BB675F34B36579D6F2C8A4271589D75F55664FB0B107E0DD4FE525CC27D6A68EBCF1F237E4513795DFCFC732CAC8BC87AB8200681D397614DB84A452BE86F732DA9194B0CA4C45E9FD74031BEBBB2B9E8C7544969187837819CD69BFF1E7AA5326AB2D885523DD4024CFAD01BC2FDC1CB5AA00B14BE15C2D4A1A84850F2BCEDA072E19C58A65F2EA7D7D12A318B63D58B58E89D41AF98CB305C97937FCC12B15B787FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A2D97226D213B5558EDD5E5BE2F6E667299547A18EB233986539B97EE3CB62B7AFD42E33E566D43E812C3F2B2C88738DDF3591F307F37DD678B360B7769C2F998E01444E06A6C04536CC57DA70FD25D4E37EA8F991F52A8C4519F780ADF95EBD72BC47CA83574A9E63AABC97B2067630C36554FEEF1146B009D65C65880AA2AAE58C491337066A058083D54F4BB6C5290280EF0F1786B53EF17B7FB33A52016C659A71593424EC3376B91BB2C78AC34F168B69FE307AAB35A5BB638029405692E131768FBA86F16925521CB6E7DFF3336CE346639AF1B395BA6F22A26FA5D0B1404328EF44676CEDDB78FA15207931E9E18C1C9666DA2B68BD13E634DB35F2DE5AE56575FA632589E2F86EC9197D260ECA2E96B65882C3362E45F19471889438FB512460407CB607F2C5BE173076553CED9274A56C1E028F814A19E7E59B5EDCE661EEB5259712383AF54C8274D2929786A78A8A4E44C2869E0B4294A34D51EF501961BCF27EF8715C410AD3AB6487C3C202BE4E5F6FB03161916BC6CAE4BE19E01CAE02A55E060C6D08FB18CD632F6CC5D78D203601CEA91B10A4EA2B884E05B5321AD4EB4A2363774ABC230867DB3F280405721CBA72110F5892B74EC5F861604B7ECAA8B490D97AAFFB863AF0B2EB748448F90E45C60774E36B226C8C90E3E3F5473AF37962D2E67F7A9E7862ABA8A7FD10323DAA4835F84E7DE475B1B5C23CE7F74199D38037A2AA11850C811231B6B626D7905BC9C33BD629020BEC5FBA547924BF1967267388C1A61F71F70A40081AEB6EA02AEFE1CFE0E0B804DA590B0E28F5582538E279657ABA0F59D5859AF635523BBBCFB4433E75AE926BFCC1F63E16AA73A52F9BBB7DAEE03E288C4E03523C61C8E1E5651E83C0AE5BFEB58BC62D05933F379B073504DCBE5A757102445D0634E54AEB26AC0F121021B2CE7CC599DF9529A8AD30E0A5268DD58F41102CCF0E7BA3DD47E92DC5DC18B62AF431C33333A9687DFA"
"OODEFRAG16.00.00.01PROFESSIONAL"="7EB8595B5FCE9347A9BCF8B959D393661CEF531E6060BA598BDAC585CEFB3CBB728A399985E5AB604A619A3ACEF5DF988F03B09E8BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3D8EDD5E5BE2F6E667BA7FD869164D679412F30EE6F67895FDE85021E1E3ABDC159CFC92A0FCC3C992ABC5B9EE5A83F38B361C4A1ED37DD4075DFE208FE6605DAC322DA506B19426C1B4ABC758F02827FEDE18F2E01D0B80AF4A4F2C4D119B5A9C575E2EAE3D81C8566F4D9FEBEEDDCA3E53AE52F2A945D3E777829843878CE54E7671A64838E53BCC0AC9857D7F4C03F79F5A14EBCFC02A38F2149A7073D7B6BA3CFA6E523A132FB4F1F2A231C9119A7314CCC9B6EE0808B98CAECC23021227F29BC549A564CB7733DA4F8184813D7D09C4E76A146519121A59B2AE81E549B7994BCE5DEAD8C88C7FBB999545D7D43C260AC2CD1818E5901E35362184D4790AE4C548B71F3DB68A6750BF329505538CCB002BB2A9F0D37419BA016C780797E5A2C717C694BDB4B0C917E50EECC4234690879EB8855CBE4E774B0FB9FE3C0AB5AFD454DD710856E11BD26047165727671C43D0E6B94A7153360D91168A34AC0980B1CD352FCEA4A8648CBB5DAFFE33102C1CAAA62BAF325EE7E7ECF6E5364C119CE985E69BC81BAF408C35B4AC041086913FC644920533ECB30B39B0AD0B2EA59D4B31F458B02A46E0653F97D2B37C31331AF3F17A472121D2E4C27E52800942B5E639BFDB45B6E08AE781AF3EDA289E096437434377984093AC8BFD98E686062593BC906E499698942BD58F5DCF3980A11446B49F19ABB4595BC63219174732C4EC0C11AF0317A66A0B4A2AF26846A99CE40EA21935618C99AD5E81C0675EAF804EAC530F3DF76C8EA7A2D89580DE15AE582F4D0AD8337ADDA36D3650B7D08756DC59C755C6EDED94E1D4D6AFF782DD2432FADA23158F524684C47E5DE79BE95A7BFD4899F29FD323E28A4681B32846D87A7954667D5610835868ECCFDFADA932D73D0F4B172AE7F794A32A1C99B6333C7DE5272E2C60CF5CEC92F8E487683D1BDD6CBB2B8E1E1CE327B1EBE6160CACD54A31A6A4BCF6D4ABD1AEFA2C4C24BEE33F14D150B77E82C80C7BD61C98F95FBEB6FD05CA4F5683DDDCDCB30CA0ABEE6F73F338A374C255A27C7B1C4C15449D22D9A35EF20933E77829F2C23CFA3FAFB435FABA62ADD8EEF9F2E0CF5883A3DAC490AEADC413B1AE8E127831CA538F08400150881FCC1F4F712E8DEAF75E46B078795DD6BD1AEC2ACB38A96716A845A230994D35BF3FE99ABCB198C8B5A54DDB29FBA31E2C4E724EEE81F73556FBF9CF3886FE387D79819724C3CA2AF05DCCBD523CA9AB3564C3B7C81708CC11D2BE009F8EA7ECE6F1A2340470A435"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\砅愺?*O*n*e*N*o*t*e* *2*0*1*0*\DsDriver]
"printBinNames"=multi:"\00\00"
"printCollate"=hex:00
"printColor"=hex:01
"printDuplexSupported"=hex:00
"printStaplingSupported"=hex:00
"printMaxXExtent"=dword:00000b9a
"printMaxYExtent"=dword:000010de
"printMinXExtent"=dword:000003d8
"printMinYExtent"=dword:00000771
"printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00\00"
"printMediaReady"=multi:"A4\00\00"
"printNumberUp"=dword:00000000
"printMemory"=dword:00008000
"printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
"printMaxResolutionSupported"=dword:000004b0
"printLanguage"=multi:"\00\00"
"printRateUnit"=""
"driverVersion"=dword:00000401
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\砅愺?*O*n*e*N*o*t*e* *2*0*1*0*\DsSpooler]
"driverName"="Send To Microsoft OneNote 2010 Driver"
"portName"=multi:"nul:\00\00"
"printStartTime"=dword:00000000
"printEndTime"=dword:00000000
"printerName"="傳送至 OneNote 2010"
"printKeepPrintedJobs"=hex:00
"printSpooling"="PrintAfterSpooled"
"priority"=dword:00000001
"uNCName"="\\\\Paul-PC\\傳送至 OneNote 2010"
"serverName"="Paul-PC"
"shortServerName"="PAUL-PC"
"versionNumber"=dword:00000004
"flags"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Print\Printers\砅愺?*O*n*e*N*o*t*e* *2*0*1*0*\PrinterDriverData]
"InitDriverVersion"=dword:00000600
"Model"="Send To OneNote Driver"
"FreeMem"=hex:00,80,00,00
"PrinterDataSize"=dword:00000230
"PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,c2,ac,90,51,01,\
"FeatureKeywordSize"=dword:00000012
"FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
"Forms?"=dword:5190acc2
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
完成时间: 2012-12-17 10:46:16 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-12-17 02:46
.
Pre-Run: 200,998,068,224 bytes free
Post-Run: 203,098,402,816 bytes free
.
- - End Of File - - A5FAA566F7555E57CA1226A45BD1E85C

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:30 AM

Posted 16 December 2012 - 11:14 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message


NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 11:33 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.7 (12.16.2012:1)
OS: Windows 7 Home Premium x64
Ran by Paul on 17/12/2012 秅 at 12:24:26.01
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2512160827-2672908221-1855002600-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2512160827-2672908221-1855002600-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\baidu
Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\software"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\garmrjae.default\user.js
Successfully deleted: [File] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\garmrjae.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\garmrjae.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\garmrjae.default\prefs.js

user_pref("browser.newtab.url", "http://mystart.incredibar.com/mb201?a=6R8Oj4QEVQ&i=26");
user_pref("browser.search.defaultenginename", "MyStart Search");
user_pref("extensions.incredibar.actvtyRptTime", "1355570594146");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "HK");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.dfltlng", "en");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.did", "10643");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "8530EA0270A2524F5281AEECDA44F43D");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "e829a1760000000000009439e5185c84");
user_pref("extensions.incredibar.id", "e829a1760000000000009439e5185c84");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15689");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlday", "15689");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isDcmntCmplt", true);
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1419:23:05");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8Oj4QEVQ&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.tlbrsrchurl", "http://mystart.Incredibar.com/?a=6R8Oj4QEVQ&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6R8Oj4QEVQ");
user_pref("extensions.incredibar.upn2n", "92825575280389218");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1419:23:05");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnts", "1.5.11.1419:23:05");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "e829a1760000000000009439e5185c84");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15689");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8Oj4QEVQ&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6R8Oj4QEVQ");
user_pref("extensions.incredibar_i.upn2n", "92825575280389218");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1419:23:05");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("keyword.URL", "http://mystart.incredibar.com/mb201/?loc=IB_DS&a=6R8Oj4QEVQ&&i=26&search=");



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/12/2012 秅 at 12:32:31.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 11:37 PM

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 12:34:00
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paul - PAUL-PC
# Boot Mode : Normal
# Running from : C:\Users\Paul\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Windows\SysWOW64\WNLT

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\garmrjae.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1046 octets] - [17/12/2012 12:34:00]

########## EOF - C:\AdwCleaner[S1].txt - [1106 octets] ##########

#11 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 December 2012 - 11:44 PM

Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paul :: PAUL-PC [administrator]

Protection: Enabled

17/12/2012 12:39:35
mbam-log-2012-12-17 (12-39-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211982
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 December 2012 - 02:43 AM

C:\Program Files (x86)\Internet Download Manager\Patch.exe a variant of Win32/HackTool.Patcher.AD application
C:\Users\Paul\Downloads\IDM 612.rar a variant of Win32/HackTool.Patcher.AD application
C:\Users\Paul\Downloads\Office-Key-Remover-1.0.0.6-Setup.exe Win32/OpenCandy application
C:\Users\Paul\Downloads\OO.Defrag.Professional.16.0.Build.183.Full.Version.zip a variant of Win32/BitCoinMiner.K application
C:\Users\Paul\Downloads\TuneUp Utilities 2013.rar a variant of Win32/HackTool.Patcher.AD application
C:\Users\Paul\Downloads\Compressed\dcpe.rar a variant of Win32/HackTool.Patcher.N application
C:\Users\Paul\Downloads\Compressed\MathType.6.8.keygen.rar a variant of Win32/Keygen.BH application
C:\Users\Paul\Downloads\Compressed\TuneUp Utilities 2013.rar a variant of Win32/HackTool.Patcher.AD application
C:\Users\Paul\Downloads\Compressed\wb7.zip Win32/CloseApp.A application

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:30 AM

Posted 17 December 2012 - 09:27 AM

none of those files found by ESET are trojans, eset is alerting to the "type" of file that they are, usually associated with cracks and keygens, this is a certain way of becoming infected, I recommend you remove those files


Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Paul61112002

Paul61112002
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 December 2012 - 09:03 PM

Thanks for your help~~~

The problem is resolved.

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:30 AM

Posted 17 December 2012 - 09:09 PM

That's great to hear, we just have some housekeeping to do now,

Please do the following:


You can delete the DDS, JRT and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users