Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? What do I do?


  • This topic is locked This topic is locked
17 replies to this topic

#1 cyrusar

cyrusar

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 11 August 2013 - 08:15 PM

Hi team,

 

I am not sure if my PC is infected but recently some strange behaviors are starting to happen.

 

1st - when i vist some pages like Amazon, yahoo sport, and other shopping website, sometimes it will pop-up message saying my Java is outdated and I should update. it will then re-direct me to a page that looks like a Java page but when you look at the address, it doesn't say java. It says http://beneatha.com/

 

2nd - my PC was also prompted to update flash adobe player and my sister did it but I do not know if she got it straight from Adobe. I think it is similiar to Java, it directs her to a page that looks like Adobe download page but my sister didn't realize and click download --> save --> run and updated it.

 

3rd - I went to AMazon.com and once I clicked on one of the product, the webpage looks very funny and I am not sure if it is due to the website not running correctly or is it due to my computer being infected.

 

4th - In the past my PC seemed to be infected with Trojan or spyware but once I uninstalled and reinstalled firefox brower, everything seem to be normal but I am not sure.

 

If somone could get back and help me on my problem, I would be greatly appreciated.

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 11 August 2013 - 08:21 PM

Hi, that is most likely a hijacker on the Java. Lets do these and we will set Java in a bit.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 12 August 2013 - 02:07 AM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Cyrus&Kiki (administrator) on 11-08-2013 at 21:30:38
Running from "C:\Documents and Settings\Cyrus&Kiki\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 67.82.166.63:8085

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : cyrus-kiki

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : home

        Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection

        Physical Address. . . . . . . . . : 00-1A-A0-99-DC-F4

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.2

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Sunday, 11 August, 2013 18:11:12

        Lease Expires . . . . . . . . . . : Monday, 12 August, 2013 18:11:12

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.226.194, 74.125.226.192, 74.125.226.193, 74.125.226.200
      74.125.226.196, 74.125.226.206, 74.125.226.195, 74.125.226.201, 74.125.226.198
      74.125.226.197, 74.125.226.199



Pinging google.com [74.125.226.200] with 32 bytes of data:



Reply from 74.125.226.200: bytes=32 time=8ms TTL=250

Reply from 74.125.226.200: bytes=32 time=7ms TTL=250



Ping statistics for 74.125.226.200:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 7ms, Maximum = 8ms, Average = 7ms

Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=95ms TTL=249

Reply from 98.139.183.24: bytes=32 time=17ms TTL=249



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 17ms, Maximum = 95ms, Average = 56ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 99 dc f4 ...... Intel® 82562V-2 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.2      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0      192.168.1.2     192.168.1.2      20
      192.168.1.0    255.255.255.0      192.168.1.2     192.168.1.2      20
      192.168.1.2  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.2     192.168.1.2      20
        224.0.0.0        240.0.0.0      192.168.1.2     192.168.1.2      20
  255.255.255.255  255.255.255.255      192.168.1.2     192.168.1.2      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/11/2013 06:03:13 PM) (Source: Application Hang) (User: )
Description: Hanging application lesstabs_1007-de145c3c.exe, version 1.7.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/26/2013 07:29:31 PM) (Source: Application Error) (User: )
Description: Faulting application gom.exe, version 2.1.50.5145, faulting module realmediasplitter.ax, version 1.0.1.2, fault address 0x00005b23.
Processing media-specific event for [gom.exe!ws!]

Error: (07/13/2013 00:40:06 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 22.0.0.4917, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/13/2013 00:39:42 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 22.0.0.4917, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/11/2013 11:44:31 PM) (Source: Application Error) (User: )
Description: Faulting application gom.exe, version 2.1.50.5145, faulting module realmediasplitter.ax, version 1.0.1.2, fault address 0x00005b23.
Processing media-specific event for [gom.exe!ws!]

Error: (07/06/2013 11:35:58 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2013 11:35:58 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2013 11:35:39 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2013 11:35:33 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2013 08:57:26 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (08/11/2013 06:12:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/11/2013 06:12:40 PM) (Source: Service Control Manager) (User: )
Description: The FSServicePlatform service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/11/2013 06:05:16 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

AC3Filter (remove only)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Allok RM RMVB to AVI MPEG DVD Converter 1.4.4
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Apple 應用程式支援 (Version: 2.2.2)
AutoUpdate (Version: 1.1)
BitTorrent 6.0 (Version: 6.0)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.4.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.3.0.14)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon Speed Dial Utility
Canon Utilities CameraWindow (Version: 7.2.0.2)
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.6.18)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities Digital Photo Professional 3.6 (Version: 3.6.0.0)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility (Version: 2.6.0.0)
Canon Utilities My Printer
Canon Utilities MyCamera (Version: 7.2.0.4)
Canon Utilities Original Data Security Tools (Version: 1.6.0.1)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.5.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities Solution Menu
Canon Utilities WFT-E1/E2/E3/E4 Utility (Version: 3.3.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.3.1.8)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Chinese Simplified Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Chinese Traditional Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Digital Line Detect (Version: 1.21)
DivX Codec (Version: 6.8.4)
DivX Converter (Version: 6.5.1)
DivX Player (Version: 6.6.0)
DivX Web Player (Version: 1.4.0)
Funshion (Version: 2.8.6.32)
Garmin USB Drivers (Version: 2.3.1.0)
GMATPrep (Version: 2.1.277)
GMATPrep™ (Version: 2.3.601.409)
GOM Player (Version: 2.1.50.5145)
Google Chrome (Version: 27.0.1453.116)
Google Photos Screensaver (Version: 2.0.0)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® PRO Network Connections 12.1.12.0 (Version: )
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
JDownloader
Junk Mail filter update (Version: 14.0.8117.416)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer Administration Kit 5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Resource Kit Tools (Version: 10.0.6403.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Application Compatibility Database
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 23.0 (x86 en-US) (Version: 23.0)
MPEG2 Codec(libmpeg2/mad)
MSN
MSVCRT (Version: 14.0.1468.721)
Nero - Burning Rom (Version: 5.5.9)
Norton 360 (Version: 20.4.0.40)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Picasa 3 (Version: 3.9)
Real Alternative 1.8.0 (Version: 1.8.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
Realtek High Definition Audio Driver (Version: 5.10.0.5408)
RealUpgrade 1.1 (Version: 1.1.0)
Segoe UI (Version: 14.0.4327.805)
SetPoint (Version: 2.50)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon FiOS Activation
Verizon Help and Support Tool
Video Downloader version 2.0 (Version: 2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.0.1.814)
WinAVI VideoConverter
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
μTorrent (Version: 3.2.0)
千千?听 5.7正式版 (Version: 5.7正式版)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2046.1 MB
Available physical RAM: 1299.66 MB
Total Pagefile: 3937.89 MB
Available Pagefile: 3224.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.17 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:78.13 GB) (Free:5.76 GB) NTFS
2 Drive d: () (Fixed) (Total:195.31 GB) (Free:11.18 GB) NTFS
3 Drive e: () (Fixed) (Total:192.31 GB) (Free:36.71 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:126.96 GB) (Free:0.24 GB) NTFS
5 Drive g: (New Volume) (Fixed) (Total:105.93 GB) (Free:10.74 GB) NTFS

========================= Users: ========================================

User accounts for \\CYRUS-KIKI

Administrator            Cyrus&Kiki               Guest                    
HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 



#4 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 12 August 2013 - 02:11 AM

21:44:29.0703 1956  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
21:44:30.0328 1956  ============================================================
21:44:30.0343 1956  Current date / time: 2013/08/11 21:44:30.0328
21:44:30.0343 1956  SystemInfo:
21:44:30.0343 1956  
21:44:30.0343 1956  OS Version: 5.1.2600 ServicePack: 3.0
21:44:30.0343 1956  Product type: Workstation
21:44:30.0343 1956  ComputerName: CYRUS-KIKI
21:44:30.0343 1956  UserName: Cyrus&Kiki
21:44:30.0343 1956  Windows directory: C:\WINDOWS
21:44:30.0343 1956  System windows directory: C:\WINDOWS
21:44:30.0343 1956  Processor architecture: Intel x86
21:44:30.0343 1956  Number of processors: 2
21:44:30.0343 1956  Page size: 0x1000
21:44:30.0343 1956  Boot type: Normal boot
21:44:30.0343 1956  ============================================================
21:44:31.0453 1956  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:44:31.0453 1956  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:44:31.0515 1956  ============================================================
21:44:31.0515 1956  \Device\Harddisk0\DR0:
21:44:31.0531 1956  MBR partitions:
21:44:31.0531 1956  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
21:44:31.0546 1956  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1869E559
21:44:31.0562 1956  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x222E00EE, BlocksNum 0x180A0C92
21:44:31.0562 1956  \Device\Harddisk1\DR1:
21:44:31.0562 1956  MBR partitions:
21:44:31.0562 1956  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFDE943E
21:44:31.0562 1956  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFDE947D, BlocksNum 0xD3DB104
21:44:31.0562 1956  ============================================================
21:44:31.0593 1956  C: <-> \Device\Harddisk0\DR0\Partition1
21:44:31.0625 1956  D: <-> \Device\Harddisk0\DR0\Partition2
21:44:31.0656 1956  E: <-> \Device\Harddisk0\DR0\Partition3
21:44:31.0671 1956  F: <-> \Device\Harddisk1\DR1\Partition1
21:44:31.0703 1956  G: <-> \Device\Harddisk1\DR1\Partition2
21:44:31.0703 1956  ============================================================
21:44:31.0703 1956  Initialize success
21:44:31.0703 1956  ============================================================
21:44:58.0015 0572  ============================================================
21:44:58.0015 0572  Scan started
21:44:58.0015 0572  Mode: Manual; TDLFS;
21:44:58.0015 0572  ============================================================
21:44:58.0265 0572  ================ Scan system memory ========================
21:44:58.0265 0572  System memory - ok
21:44:58.0265 0572  ================ Scan services =============================
21:44:58.0375 0572  Abiosdsk - ok
21:44:58.0375 0572  abp480n5 - ok
21:44:58.0390 0572  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:44:58.0406 0572  ACPI - ok
21:44:58.0421 0572  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:44:58.0421 0572  ACPIEC - ok
21:44:58.0437 0572  adpu160m - ok
21:44:58.0453 0572  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:44:58.0453 0572  aec - ok
21:44:58.0468 0572  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:44:58.0468 0572  AFD - ok
21:44:58.0484 0572  Aha154x - ok
21:44:58.0484 0572  aic78u2 - ok
21:44:58.0484 0572  aic78xx - ok
21:44:58.0515 0572  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:44:58.0515 0572  Alerter - ok
21:44:58.0531 0572  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:44:58.0531 0572  ALG - ok
21:44:58.0531 0572  AliIde - ok
21:44:58.0531 0572  amsint - ok
21:44:58.0625 0572  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:58.0625 0572  Apple Mobile Device - ok
21:44:58.0625 0572  AppMgmt - ok
21:44:58.0625 0572  asc - ok
21:44:58.0625 0572  asc3350p - ok
21:44:58.0640 0572  asc3550 - ok
21:44:58.0703 0572  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:44:58.0750 0572  aspnet_state - ok
21:44:58.0781 0572  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:44:58.0781 0572  AsyncMac - ok
21:44:58.0796 0572  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:44:58.0796 0572  atapi - ok
21:44:58.0812 0572  Atdisk - ok
21:44:58.0828 0572  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:44:58.0828 0572  Atmarpc - ok
21:44:58.0843 0572  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:44:58.0859 0572  AudioSrv - ok
21:44:58.0875 0572  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:44:58.0875 0572  audstub - ok
21:44:58.0906 0572  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:44:58.0906 0572  Beep - ok
21:44:59.0000 0572  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
21:44:59.0031 0572  BHDrvx86 - ok
21:44:59.0062 0572  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:44:59.0062 0572  BITS - ok
21:44:59.0125 0572  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:44:59.0125 0572  Bonjour Service - ok
21:44:59.0156 0572  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:44:59.0156 0572  Browser - ok
21:44:59.0171 0572  [ F358FD03D9E0B079D869588E29B45CBB ] btaudio         C:\WINDOWS\system32\drivers\btaudio.sys
21:44:59.0187 0572  btaudio - ok
21:44:59.0218 0572  [ 9935C7DF07A4F880E25E7900D7F99BFF ] BTDriver        C:\WINDOWS\system32\DRIVERS\btport.sys
21:44:59.0218 0572  BTDriver - ok
21:44:59.0250 0572  [ 62B8BAB8323B3F9B1A1A4CC86AFD48D6 ] BTKRNL          C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:44:59.0265 0572  BTKRNL - ok
21:44:59.0328 0572  [ FF9F3D721DF1BBEC482D2021EA34464D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
21:44:59.0328 0572  btwdins - ok
21:44:59.0359 0572  [ C5E16EDAFABB032B5E722A95F226ED56 ] btwhid          C:\WINDOWS\system32\DRIVERS\btwhid.sys
21:44:59.0359 0572  btwhid - ok
21:44:59.0390 0572  [ E5D0A981FC4CBAAB7ED8CC4BB95E19F5 ] BTWUSB          C:\WINDOWS\system32\Drivers\btwusb.sys
21:44:59.0390 0572  BTWUSB - ok
21:44:59.0437 0572  catchme - ok
21:44:59.0468 0572  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:44:59.0468 0572  cbidf2k - ok
21:44:59.0515 0572  [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8         C:\Program Files\Canon\CAL\CALMAIN.exe
21:44:59.0515 0572  CCALib8 - ok
21:44:59.0546 0572  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:44:59.0546 0572  CCDECODE - ok
21:44:59.0593 0572  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1404000.028\ccSetx86.sys
21:44:59.0593 0572  ccSet_N360 - ok
21:44:59.0593 0572  cd20xrnt - ok
21:44:59.0609 0572  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:44:59.0609 0572  Cdaudio - ok
21:44:59.0609 0572  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:44:59.0609 0572  Cdfs - ok
21:44:59.0625 0572  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:44:59.0625 0572  Cdrom - ok
21:44:59.0656 0572  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
21:44:59.0656 0572  cercsr6 - ok
21:44:59.0656 0572  Changer - ok
21:44:59.0671 0572  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:44:59.0687 0572  CiSvc - ok
21:44:59.0687 0572  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:44:59.0703 0572  ClipSrv - ok
21:44:59.0718 0572  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:59.0812 0572  clr_optimization_v2.0.50727_32 - ok
21:44:59.0859 0572  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:59.0859 0572  clr_optimization_v4.0.30319_32 - ok
21:44:59.0859 0572  CmdIde - ok
21:44:59.0875 0572  COMSysApp - ok
21:44:59.0875 0572  Cpqarray - ok
21:44:59.0906 0572  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:44:59.0906 0572  CryptSvc - ok
21:44:59.0906 0572  dac2w2k - ok
21:44:59.0921 0572  dac960nt - ok
21:44:59.0937 0572  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:44:59.0953 0572  DcomLaunch - ok
21:44:59.0968 0572  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:44:59.0968 0572  Dhcp - ok
21:44:59.0984 0572  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:44:59.0984 0572  Disk - ok
21:44:59.0984 0572  dmadmin - ok
21:45:00.0015 0572  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:45:00.0031 0572  dmboot - ok
21:45:00.0062 0572  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:45:00.0062 0572  dmio - ok
21:45:00.0093 0572  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:45:00.0093 0572  dmload - ok
21:45:00.0109 0572  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:45:00.0109 0572  dmserver - ok
21:45:00.0125 0572  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:45:00.0125 0572  DMusic - ok
21:45:00.0156 0572  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:45:00.0156 0572  Dnscache - ok
21:45:00.0187 0572  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:45:00.0187 0572  Dot3svc - ok
21:45:00.0187 0572  dpti2o - ok
21:45:00.0218 0572  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:45:00.0218 0572  drmkaud - ok
21:45:00.0234 0572  [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express       C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:45:00.0250 0572  e1express - ok
21:45:00.0265 0572  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:45:00.0265 0572  EapHost - ok
21:45:00.0312 0572  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:45:00.0328 0572  eeCtrl - ok
21:45:00.0343 0572  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:45:00.0343 0572  EraserUtilRebootDrv - ok
21:45:00.0375 0572  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:45:00.0375 0572  ERSvc - ok
21:45:00.0390 0572  esgiguard - ok
21:45:00.0421 0572  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:45:00.0421 0572  Eventlog - ok
21:45:00.0453 0572  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
21:45:00.0468 0572  EventSystem - ok
21:45:00.0468 0572  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:45:00.0468 0572  Fastfat - ok
21:45:00.0500 0572  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:45:00.0500 0572  FastUserSwitchingCompatibility - ok
21:45:00.0531 0572  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:45:00.0531 0572  Fdc - ok
21:45:00.0546 0572  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:45:00.0546 0572  Fips - ok
21:45:00.0546 0572  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:45:00.0562 0572  Flpydisk - ok
21:45:00.0578 0572  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:45:00.0578 0572  FltMgr - ok
21:45:00.0640 0572  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:45:00.0640 0572  FontCache3.0.0.0 - ok
21:45:00.0656 0572  [ 455F778EE14368468560BD7CB8C854D0 ] FsVga           C:\WINDOWS\system32\DRIVERS\fsvga.sys
21:45:00.0656 0572  FsVga - ok
21:45:00.0671 0572  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:45:00.0671 0572  Fs_Rec - ok
21:45:00.0671 0572  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:45:00.0671 0572  Ftdisk - ok
21:45:00.0703 0572  FunshionSvr - ok
21:45:00.0734 0572  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:45:00.0734 0572  GEARAspiWDM - ok
21:45:00.0765 0572  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:45:00.0765 0572  Gpc - ok
21:45:00.0812 0572  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:45:00.0812 0572  gupdate - ok
21:45:00.0828 0572  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:45:00.0828 0572  gupdatem - ok
21:45:00.0859 0572  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:45:00.0859 0572  gusvc - ok
21:45:00.0890 0572  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:45:00.0906 0572  HDAudBus - ok
21:45:00.0968 0572  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:45:00.0968 0572  helpsvc - ok
21:45:00.0984 0572  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:45:00.0984 0572  HidServ - ok
21:45:01.0000 0572  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:45:01.0000 0572  hidusb - ok
21:45:01.0031 0572  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:45:01.0031 0572  hkmsvc - ok
21:45:01.0031 0572  hpn - ok
21:45:01.0078 0572  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:45:01.0078 0572  HSFHWBS2 - ok
21:45:01.0109 0572  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:45:01.0156 0572  HSF_DP - ok
21:45:01.0187 0572  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:45:01.0187 0572  HTTP - ok
21:45:01.0218 0572  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:45:01.0218 0572  HTTPFilter - ok
21:45:01.0234 0572  i2omgmt - ok
21:45:01.0234 0572  i2omp - ok
21:45:01.0250 0572  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
21:45:01.0250 0572  i8042prt - ok
21:45:01.0312 0572  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:45:01.0343 0572  idsvc - ok
21:45:01.0406 0572  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130809.001\IDSxpx86.sys
21:45:01.0406 0572  IDSxpx86 - ok
21:45:01.0453 0572  [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC        C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
21:45:01.0453 0572  IJPLMSVC - ok
21:45:01.0468 0572  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:45:01.0468 0572  Imapi - ok
21:45:01.0484 0572  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:45:01.0500 0572  ImapiService - ok
21:45:01.0500 0572  ini910u - ok
21:45:01.0609 0572  [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:45:01.0687 0572  IntcAzAudAddService - ok
21:45:01.0703 0572  IntelIde - ok
21:45:01.0734 0572  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:45:01.0734 0572  intelppm - ok
21:45:01.0750 0572  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:45:01.0750 0572  Ip6Fw - ok
21:45:01.0765 0572  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:45:01.0765 0572  IpFilterDriver - ok
21:45:01.0781 0572  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:45:01.0781 0572  IpInIp - ok
21:45:01.0796 0572  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:45:01.0796 0572  IpNat - ok
21:45:01.0843 0572  [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:45:01.0859 0572  iPod Service - ok
21:45:01.0875 0572  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:45:01.0875 0572  IPSec - ok
21:45:01.0890 0572  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:45:01.0890 0572  IRENUM - ok
21:45:01.0906 0572  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:45:01.0906 0572  isapnp - ok
21:45:01.0968 0572  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:45:01.0968 0572  JavaQuickStarterService - ok
21:45:02.0000 0572  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:45:02.0000 0572  Kbdclass - ok
21:45:02.0031 0572  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:45:02.0031 0572  kbdhid - ok
21:45:02.0046 0572  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:45:02.0046 0572  kmixer - ok
21:45:02.0062 0572  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:45:02.0062 0572  KSecDD - ok
21:45:02.0093 0572  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:45:02.0093 0572  lanmanserver - ok
21:45:02.0125 0572  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:45:02.0125 0572  lanmanworkstation - ok
21:45:02.0125 0572  lbrtfdc - ok
21:45:02.0187 0572  [ D0EBB6D765DADC24AC85FF00A80FE760 ] LBTServ         C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
21:45:02.0187 0572  LBTServ - ok
21:45:02.0203 0572  [ 952C825C2A3014D4D1648309C42D8718 ] LHidKe          C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
21:45:02.0203 0572  LHidKe - ok
21:45:02.0250 0572  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:45:02.0250 0572  LmHosts - ok
21:45:02.0265 0572  [ BB9CC32385C3320074009FE4B9B3B3B6 ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
21:45:02.0265 0572  LMouKE - ok
21:45:02.0312 0572  [ A4225BA7B4EE5B8CDF8A808858DBA437 ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
21:45:02.0312 0572  McciCMService - ok
21:45:02.0359 0572  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:45:02.0359 0572  MDM - ok
21:45:02.0390 0572  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:45:02.0390 0572  mdmxsdk - ok
21:45:02.0406 0572  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:45:02.0406 0572  Messenger - ok
21:45:02.0468 0572  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:45:02.0468 0572  Microsoft Office Groove Audit Service - ok
21:45:02.0500 0572  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:45:02.0500 0572  mnmdd - ok
21:45:02.0515 0572  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:45:02.0515 0572  mnmsrvc - ok
21:45:02.0546 0572  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:45:02.0546 0572  Modem - ok
21:45:02.0562 0572  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:45:02.0562 0572  MODEMCSA - ok
21:45:02.0593 0572  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:45:02.0593 0572  Mouclass - ok
21:45:02.0593 0572  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:45:02.0593 0572  mouhid - ok
21:45:02.0625 0572  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:45:02.0625 0572  MountMgr - ok
21:45:02.0625 0572  mraid35x - ok
21:45:02.0640 0572  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:45:02.0640 0572  MRxDAV - ok
21:45:02.0671 0572  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:45:02.0687 0572  MRxSmb - ok
21:45:02.0703 0572  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:45:02.0703 0572  MSDTC - ok
21:45:02.0718 0572  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:45:02.0718 0572  Msfs - ok
21:45:02.0718 0572  MSIServer - ok
21:45:02.0750 0572  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:45:02.0750 0572  MSKSSRV - ok
21:45:02.0750 0572  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:45:02.0750 0572  MSPCLOCK - ok
21:45:02.0781 0572  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:45:02.0781 0572  MSPQM - ok
21:45:02.0781 0572  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:45:02.0796 0572  mssmbios - ok
21:45:02.0812 0572  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:45:02.0812 0572  MSTEE - ok
21:45:02.0828 0572  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:45:02.0828 0572  Mup - ok
21:45:02.0890 0572  [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360            C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
21:45:02.0890 0572  N360 - ok
21:45:02.0906 0572  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:45:02.0906 0572  NABTSFEC - ok
21:45:02.0937 0572  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:45:02.0937 0572  napagent - ok
21:45:03.0015 0572  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130811.006\NAVENG.SYS
21:45:03.0015 0572  NAVENG - ok
21:45:03.0062 0572  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130811.006\NAVEX15.SYS
21:45:03.0093 0572  NAVEX15 - ok
21:45:03.0125 0572  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:45:03.0125 0572  NDIS - ok
21:45:03.0156 0572  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:45:03.0156 0572  NdisIP - ok
21:45:03.0171 0572  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:45:03.0171 0572  NdisTapi - ok
21:45:03.0187 0572  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:45:03.0187 0572  Ndisuio - ok
21:45:03.0218 0572  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:45:03.0218 0572  NdisWan - ok
21:45:03.0250 0572  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:45:03.0250 0572  NDProxy - ok
21:45:03.0250 0572  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:45:03.0250 0572  NetBIOS - ok
21:45:03.0281 0572  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:45:03.0281 0572  NetBT - ok
21:45:03.0312 0572  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:45:03.0312 0572  NetDDE - ok
21:45:03.0312 0572  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:45:03.0312 0572  NetDDEdsdm - ok
21:45:03.0359 0572  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:45:03.0359 0572  Netlogon - ok
21:45:03.0359 0572  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:45:03.0375 0572  Netman - ok
21:45:03.0390 0572  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:45:03.0390 0572  NetTcpPortSharing - ok
21:45:03.0421 0572  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:45:03.0421 0572  Nla - ok
21:45:03.0453 0572  [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc        C:\WINDOWS\system32\nlssrv32.exe
21:45:03.0453 0572  nlsX86cc - ok
21:45:03.0484 0572  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:45:03.0484 0572  Npfs - ok
21:45:03.0500 0572  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:45:03.0515 0572  Ntfs - ok
21:45:03.0515 0572  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:45:03.0515 0572  NtLmSsp - ok
21:45:03.0546 0572  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:45:03.0562 0572  NtmsSvc - ok
21:45:03.0562 0572  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:45:03.0578 0572  Null - ok
21:45:03.0718 0572  [ B702BE0AA72EA2E1D644BAEF9123A4CE ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:45:03.0843 0572  nv - ok
21:45:03.0859 0572  [ E2FCBF957405AC17668C7DACCE537F1E ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
21:45:03.0859 0572  NVSvc - ok
21:45:03.0875 0572  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:45:03.0875 0572  NwlnkFlt - ok
21:45:03.0906 0572  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:45:03.0906 0572  NwlnkFwd - ok
21:45:03.0953 0572  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:45:03.0968 0572  odserv - ok
21:45:03.0984 0572  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:45:04.0000 0572  ose - ok
21:45:04.0031 0572  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
21:45:04.0031 0572  Parport - ok
21:45:04.0062 0572  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:45:04.0062 0572  PartMgr - ok
21:45:04.0078 0572  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:45:04.0078 0572  ParVdm - ok
21:45:04.0093 0572  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:45:04.0093 0572  PCI - ok
21:45:04.0093 0572  PCIDump - ok
21:45:04.0109 0572  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:45:04.0109 0572  PCIIde - ok
21:45:04.0125 0572  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:45:04.0140 0572  Pcmcia - ok
21:45:04.0140 0572  PDCOMP - ok
21:45:04.0140 0572  PDFRAME - ok
21:45:04.0140 0572  PDRELI - ok
21:45:04.0156 0572  PDRFRAME - ok
21:45:04.0156 0572  perc2 - ok
21:45:04.0156 0572  perc2hib - ok
21:45:04.0203 0572  [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
21:45:04.0203 0572  pfc - ok
21:45:04.0218 0572  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:45:04.0218 0572  PlugPlay - ok
21:45:04.0234 0572  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:45:04.0234 0572  PolicyAgent - ok
21:45:04.0234 0572  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:45:04.0234 0572  PptpMiniport - ok
21:45:04.0250 0572  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:45:04.0250 0572  ProtectedStorage - ok
21:45:04.0281 0572  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:45:04.0281 0572  PSched - ok
21:45:04.0296 0572  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:45:04.0296 0572  Ptilink - ok
21:45:04.0328 0572  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:45:04.0328 0572  PxHelp20 - ok
21:45:04.0343 0572  ql1080 - ok
21:45:04.0343 0572  Ql10wnt - ok
21:45:04.0343 0572  ql12160 - ok
21:45:04.0359 0572  ql1240 - ok
21:45:04.0359 0572  ql1280 - ok
21:45:04.0375 0572  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:45:04.0375 0572  RasAcd - ok
21:45:04.0406 0572  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:45:04.0406 0572  RasAuto - ok
21:45:04.0421 0572  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:45:04.0421 0572  Rasl2tp - ok
21:45:04.0453 0572  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:45:04.0453 0572  RasMan - ok
21:45:04.0468 0572  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:45:04.0468 0572  RasPppoe - ok
21:45:04.0484 0572  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:45:04.0484 0572  Raspti - ok
21:45:04.0484 0572  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:45:04.0484 0572  Rdbss - ok
21:45:04.0500 0572  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:45:04.0500 0572  RDPCDD - ok
21:45:04.0531 0572  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:45:04.0531 0572  RDPWD - ok
21:45:04.0546 0572  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:45:04.0562 0572  RDSessMgr - ok
21:45:04.0578 0572  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:45:04.0578 0572  redbook - ok
21:45:04.0593 0572  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:45:04.0593 0572  RemoteAccess - ok
21:45:04.0609 0572  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:45:04.0609 0572  RpcLocator - ok
21:45:04.0640 0572  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:45:04.0640 0572  RpcSs - ok
21:45:04.0671 0572  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:45:04.0671 0572  RSVP - ok
21:45:04.0687 0572  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:45:04.0687 0572  SamSs - ok
21:45:04.0703 0572  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:45:04.0703 0572  SCardSvr - ok
21:45:04.0718 0572  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:45:04.0718 0572  Schedule - ok
21:45:04.0750 0572  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:45:04.0750 0572  Secdrv - ok
21:45:04.0765 0572  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:45:04.0765 0572  seclogon - ok
21:45:04.0796 0572  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:45:04.0796 0572  SENS - ok
21:45:04.0796 0572  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
21:45:04.0796 0572  Serial - ok
21:45:04.0828 0572  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:45:04.0828 0572  Sfloppy - ok
21:45:04.0828 0572  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:45:04.0843 0572  ShellHWDetection - ok
21:45:04.0843 0572  Simbad - ok
21:45:04.0859 0572  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:45:04.0859 0572  SLIP - ok
21:45:04.0859 0572  Sparrow - ok
21:45:04.0890 0572  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:45:04.0890 0572  splitter - ok
21:45:04.0921 0572  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:45:04.0921 0572  Spooler - ok
21:45:04.0937 0572  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:45:04.0937 0572  sr - ok
21:45:04.0953 0572  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:45:04.0953 0572  srservice - ok
21:45:05.0015 0572  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1404000.028\SRTSP.SYS
21:45:05.0046 0572  SRTSP - ok
21:45:05.0062 0572  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1404000.028\SRTSPX.SYS
21:45:05.0062 0572  SRTSPX - ok
21:45:05.0109 0572  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:45:05.0109 0572  Srv - ok
21:45:05.0125 0572  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:45:05.0125 0572  SSDPSRV - ok
21:45:05.0140 0572  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:45:05.0156 0572  stisvc - ok
21:45:05.0187 0572  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:45:05.0187 0572  streamip - ok
21:45:05.0203 0572  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:45:05.0203 0572  swenum - ok
21:45:05.0218 0572  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:45:05.0218 0572  swmidi - ok
21:45:05.0218 0572  SwPrv - ok
21:45:05.0234 0572  symc810 - ok
21:45:05.0234 0572  symc8xx - ok
21:45:05.0265 0572  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\WINDOWS\system32\drivers\N360\1404000.028\SYMDS.SYS
21:45:05.0265 0572  SymDS - ok
21:45:05.0296 0572  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1404000.028\SYMEFA.SYS
21:45:05.0328 0572  SymEFA - ok
21:45:05.0359 0572  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:45:05.0375 0572  SymEvent - ok
21:45:05.0406 0572  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1404000.028\Ironx86.SYS
21:45:05.0406 0572  SymIRON - ok
21:45:05.0437 0572  [ E9C316262C48BF299E02FC8B1CE2B925 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1404000.028\SYMTDI.SYS
21:45:05.0437 0572  SYMTDI - ok
21:45:05.0453 0572  sym_hi - ok
21:45:05.0453 0572  sym_u3 - ok
21:45:05.0468 0572  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:45:05.0468 0572  sysaudio - ok
21:45:05.0515 0572  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:45:05.0515 0572  SysmonLog - ok
21:45:05.0546 0572  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:45:05.0546 0572  TapiSrv - ok
21:45:05.0578 0572  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:45:05.0593 0572  Tcpip - ok
21:45:05.0609 0572  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:45:05.0609 0572  TDPIPE - ok
21:45:05.0640 0572  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:45:05.0640 0572  TDTCP - ok
21:45:05.0656 0572  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:45:05.0656 0572  TermDD - ok
21:45:05.0687 0572  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:45:05.0703 0572  TermService - ok
21:45:05.0734 0572  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:45:05.0734 0572  Themes - ok
21:45:05.0734 0572  TosIde - ok
21:45:05.0750 0572  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:45:05.0750 0572  TrkWks - ok
21:45:05.0765 0572  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:45:05.0765 0572  Udfs - ok
21:45:05.0765 0572  ultra - ok
21:45:05.0812 0572  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:45:05.0828 0572  Update - ok
21:45:05.0859 0572  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:45:05.0859 0572  upnphost - ok
21:45:05.0875 0572  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:45:05.0875 0572  UPS - ok
21:45:05.0890 0572  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:45:05.0890 0572  USBAAPL - ok
21:45:05.0937 0572  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:45:05.0937 0572  usbaudio - ok
21:45:05.0953 0572  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:45:05.0953 0572  usbccgp - ok
21:45:05.0953 0572  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:45:05.0953 0572  usbehci - ok
21:45:05.0968 0572  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:45:05.0968 0572  usbhub - ok
21:45:05.0984 0572  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:45:05.0984 0572  usbscan - ok
21:45:06.0000 0572  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:45:06.0000 0572  USBSTOR - ok
21:45:06.0015 0572  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:45:06.0015 0572  usbuhci - ok
21:45:06.0015 0572  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:45:06.0031 0572  VgaSave - ok
21:45:06.0031 0572  ViaIde - ok
21:45:06.0046 0572  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:45:06.0046 0572  VolSnap - ok
21:45:06.0078 0572  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:45:06.0078 0572  VSS - ok
21:45:06.0140 0572  [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000          C:\WINDOWS\system32\DRIVERS\VX3000.sys
21:45:06.0187 0572  VX3000 - ok
21:45:06.0218 0572  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:45:06.0218 0572  W32Time - ok
21:45:06.0234 0572  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:45:06.0234 0572  Wanarp - ok
21:45:06.0265 0572  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:45:06.0265 0572  WDC_SAM - ok
21:45:06.0265 0572  WDICA - ok
21:45:06.0281 0572  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:45:06.0281 0572  wdmaud - ok
21:45:06.0296 0572  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:45:06.0296 0572  WebClient - ok
21:45:06.0328 0572  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:45:06.0343 0572  winachsf - ok
21:45:06.0390 0572  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:45:06.0390 0572  winmgmt - ok
21:45:06.0421 0572  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:45:06.0421 0572  WmdmPmSN - ok
21:45:06.0453 0572  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:45:06.0453 0572  WmiApSrv - ok
21:45:06.0500 0572  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:45:06.0531 0572  WMPNetworkSvc - ok
21:45:06.0562 0572  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:45:06.0562 0572  WpdUsb - ok
21:45:06.0640 0572  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:45:06.0656 0572  WPFFontCache_v0400 - ok
21:45:06.0687 0572  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:45:06.0687 0572  WS2IFSL - ok
21:45:06.0703 0572  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:45:06.0703 0572  WSTCODEC - ok
21:45:06.0734 0572  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:45:06.0734 0572  wuauserv - ok
21:45:06.0765 0572  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:45:06.0765 0572  WudfPf - ok
21:45:06.0781 0572  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:45:06.0781 0572  WudfRd - ok
21:45:06.0812 0572  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:45:06.0812 0572  WudfSvc - ok
21:45:06.0843 0572  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:45:06.0843 0572  WZCSVC - ok
21:45:06.0875 0572  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:45:06.0875 0572  xmlprov - ok
21:45:06.0875 0572  ================ Scan global ===============================
21:45:06.0906 0572  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:45:06.0937 0572  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:45:06.0937 0572  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:45:06.0968 0572  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:45:06.0968 0572  [Global] - ok
21:45:06.0968 0572  ================ Scan MBR ==================================
21:45:06.0984 0572  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:45:07.0156 0572  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:45:07.0156 0572  \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:45:07.0171 0572  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:45:07.0234 0572  \Device\Harddisk1\DR1 - ok
21:45:07.0234 0572  ================ Scan VBR ==================================
21:45:07.0234 0572  [ 64E9F3032C53061838794CEF1D25D5E6 ] \Device\Harddisk0\DR0\Partition1
21:45:07.0234 0572  \Device\Harddisk0\DR0\Partition1 - ok
21:45:07.0265 0572  [ 76036CE77ABEB30DBA41231B32CF1756 ] \Device\Harddisk0\DR0\Partition2
21:45:07.0265 0572  \Device\Harddisk0\DR0\Partition2 - ok
21:45:07.0281 0572  [ 8B699F6A7738C76B3E89F4FC91BFE11C ] \Device\Harddisk0\DR0\Partition3
21:45:07.0281 0572  \Device\Harddisk0\DR0\Partition3 - ok
21:45:07.0281 0572  [ F183A161652783696B771FCA3FEFF1BB ] \Device\Harddisk1\DR1\Partition1
21:45:07.0281 0572  \Device\Harddisk1\DR1\Partition1 - ok
21:45:07.0312 0572  [ 5AF1575B26D6FB6500E8F7B8A750474A ] \Device\Harddisk1\DR1\Partition2
21:45:07.0312 0572  \Device\Harddisk1\DR1\Partition2 - ok
21:45:07.0312 0572  ============================================================
21:45:07.0312 0572  Scan finished
21:45:07.0312 0572  ============================================================
21:45:07.0312 2100  Detected object count: 1
21:45:07.0312 2100  Actual detected object count: 1
21:45:21.0828 2100  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:45:21.0828 2100  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:45:23.0890 0936  Deinitialize success
 



# AdwCleaner v2.306 - Logfile created 08/11/2013 at 21:46:10
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Cyrus&Kiki - CYRUS-KIKI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Cyrus&Kiki\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : FunshionSvr

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted on reboot : C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\All Users\Desktop\Funshion.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\system32\roboot.exe
Folder Deleted : C:\Documents and Settings\Cyrus&Kiki\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Cyrus&Kiki\Application Data\vShare
Folder Deleted : C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Cyrus&Kiki\Start Menu\Programs\Video Downloader
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Funshion Online
Folder Deleted : C:\Program Files\OApps

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Documents and Settings\Cyrus&Kiki\Application Data\Mozilla\Firefox\Profiles\kolw32wz.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6q662mz0.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6252 octets] - [11/08/2013 21:46:10]

########## EOF - C:\AdwCleaner[S1].txt - [6312 octets] ##########
 

 

This is from ESET scan
 

C:\Documents and Settings\Cyrus&Kiki\My Documents\Downloads\ttpsetup_5713cht.exe    a variant of Win32/Hao123.A application    deleted - quarantined
C:\Documents and Settings\Cyrus&Kiki\My Documents\Downloads\vshare-toolbar(2).exe    Win32/Toolbar.Zugo application    deleted - quarantined
C:\Documents and Settings\Cyrus&Kiki\My Documents\Downloads\vshare-toolbar.exe    Win32/Toolbar.Zugo application    deleted - quarantined
C:\Program Files\TTPlayer\packs\ttpsetup.exe    a variant of Win32/Hao123.A application    deleted - quarantined
D:\Translate\FreemakeVideoConverter_3.1.1.4.exe    Win32/OpenCandy application    cleaned by deleting - quarantined


Edited by cyrusar, 12 August 2013 - 02:11 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 12 August 2013 - 01:41 PM

Hello, rerun TDSS when you get this in the result change the option to Cure or Delete.

Do you use this player,in the install list?
千千?听 5.7正式版 (Version: 5.7正式版)

You probably infected your self thru an infected torrent download.


Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 12 August 2013 - 03:03 PM

Do you use this player,in the install list?
千千?听 5.7正式版 (Version: 5.7正式版)

Yes, my sister occasionally uses it to listen to song, did u find this insecure? Do I need to remove or uninstall it?

Will follow your instruction once I get home.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 12 August 2013 - 03:43 PM

No,it's OK. Just that it was in Chinese or whatever and wanted to be sure you put it thee.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 12 August 2013 - 06:15 PM

I am getting this below error message when I tried to update Malawarebytes Anti-Malware.

 

An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission).

PROGRAM_ERROR_UPDATING (0,0, I/O error)



#9 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 12 August 2013 - 06:28 PM

I restarted my PC and clicked update Malawarebytes Anti-Malware and it works. I am not sure what happened before my restart. Do I have to uninstall it and repeat from first step from your 2nd reply - Go to Start ... Run and type in cmd?

 

Kindly advise.

 

THanks,



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 12 August 2013 - 07:32 PM

MBAM probably bumped with your Antivirus.

Run RKill
UPdate MBAM,run and post it's log.

Yes, this is to reset your Winsock as it showed damage.

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 12 August 2013 - 11:13 PM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cyrus&Kiki :: CYRUS-KIKI [administrator]

Protection: Enabled

12/8/2013 23:52:43
mbam-log-2013-08-12 (23-52-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244318
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{97DDF214-9B68-4CAF-8F6F-4B4112912349} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{162CC9EB-F1CE-4CED-84CE-F80AA5DD8130} (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 21
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\playhome (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionTools (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\screensave (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\user_Info (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 402
C:\Documents and Settings\Cyrus&Kiki\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\FunshionDoctor.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\bbinfo.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\favorites.fav (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\install.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\platFormGuid.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flash\DC996574_2866_7E4D_83BF_B1977BBD144B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1026578.date1373745612.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1030953.date1373745612.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1035906.date1373745612.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1040250.date1373745612.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1042812.date1373745612.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1059187.date1373745612.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\11366500.date1373858399.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\11369234.date1373858399.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\11372828.date1373858399.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130318145916-18354135.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130320154958-11988375.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130321113036-264001.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130329180210-11673237.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130412102413-19991799.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130422172240-19947271.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130426180310-13410679.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130513150244-19879897.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130517155529-8326231.date1372991917.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130530194617-377136.date1372823547.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130530195722-10047284.date1372823547.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130531164900-9500743.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130607180341-7219937.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130613111207-10530177.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130618104535-11550577.date1372823547.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130618193057-14235438.date1372823547.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130621095641-5607400.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130627143956-10364435.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130627174801-12134737.date1372823547.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628092708-18738750.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628095545-4511513.date1373502748.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628163407-6616425.date1375553345.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628181047-5898326.date1375553345.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628181114-11234871.date1374628189.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628183418-15537322.date1375553345.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130628184538-4532930.date1375553345.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130701145622-16104654.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130701150331-19779751.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130702162305-13673930.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130703144512-9893172.date1374023098.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130703184802-5482045.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705105640-13809432.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705120456-12629491.date1373251256.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705141811-11295227.date1375156337.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705153330-6867862.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705164006-1132370.date1373590115.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2649593.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2652265.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2685406.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2689312.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2693828.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2698125.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2701468.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2704593.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1342609.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16799375.date1372891973.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130312173716-9610743.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130607181115-16361822.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705192745-12813920.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130716183756-19443052.date1374108885.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2716281.date1374108885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42475640.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\691921.date1374274206.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20000265.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20021578.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130201100406-11185805.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130201164259-19201471.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130311162226-15600100.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16802031.date1372891973.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16805515.date1372891973.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16808531.date1374628189.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16819406.date1374628189.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16823718.date1372891973.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16826593.date1372891973.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16829796.date1372891973.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16894468.date1374628189.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\44510937.date1374380975.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\44516750.date1374380975.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\44525390.date1374380975.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\44533375.date1374380975.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\44539828.date1374380975.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\44561640.date1374380975.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\48741312.date1374457094.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\48746078.date1374457094.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\48763562.date1374457094.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\51093390.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\51111359.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\51144625.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\51154312.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\51187375.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\51234484.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130801183147-18659017.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130802154403-12489081.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130802174050-7390639.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130805150513-8014723.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130806152204-8337123.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130806170905-16958455.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130806185347-19737346.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130807163557-6224243.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130807171605-3541156.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130807185724-1312782.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130808104657-16309838.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130808144852-17435673.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130808173637-11787327.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130808174816-16186903.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130808192307-5956322.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\407250.date1373054575.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\410046.date1373054575.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42397921.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42402921.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42423015.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42440437.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42462187.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\42468953.date1372991917.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3739468.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3739875.date1374193378.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3743578.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3743875.date1374193378.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3747265.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3750593.date1374193378.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3751031.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3753671.date1374193378.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3754734.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3764250.date1374193378.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\385781.date1373054575.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\24826562.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\24837718.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\24844828.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\24851234.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\24862953.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2638921.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\264015.date1375553345.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2642046.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2645984.date1372823547.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\8346359.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\8437343.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\853109.date1372608980.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\892062.date1372608980.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\8982609.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\926546.date1372608980.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9311625.date1374715031.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9314203.date1374715031.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9343687.date1374715031.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\956562.date1372608980.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9868343.date1373408213.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9874265.date1373408213.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9886640.date1373408213.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9907843.date1373408213.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9911734.date1373408213.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\9955609.date1373408213.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\DFE6BA7B_A1EA_8EE0_E2AC_0887300C3EF2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130705193454-19621524.date1373225524.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130708101116-18498934.date1373502748.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130708150231-18902015.date1373502748.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130708164535-385768.date1374193377.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130709143454-17841614.date1374332430.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130709155853-12268877.date1373502748.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130709160418-1792953.date1373834543.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130709182602-6208883.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130710102554-12113042.date1373858400.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130711110849-19452817.date1374023098.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130711151711-5907844.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130716103038-11026092.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1345671.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\14919937.date1372912514.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\14922968.date1372912514.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\14927187.date1372912514.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\14931015.date1372912514.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\14933343.date1372912514.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\14935890.date1372912514.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\158578.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\161656.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16782812.date1374628189.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16790640.date1374628189.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\16798390.date1374628189.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1838671.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1857328.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1868015.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1871890.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\192984.date1372611388.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1936546.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1944468.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\195453.date1373421083.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\196109.date1372611388.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\19980953.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\19984203.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\19987359.date1376016470.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\199921.date1372611388.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12997328.date1373502748.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\13024031.date1373502748.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\13052031.date1373502748.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\13136031.date1373502748.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1328953.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1332765.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1336796.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1339968.date1372953693.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\221031.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\11376390.date1373858399.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\11378468.date1373858399.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\11388406.date1373858399.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12152828.date1373755615.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12156062.date1373755615.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12159671.date1373755615.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12163843.date1373755615.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12165828.date1373755615.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12244437.date1373755615.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\12979390.date1373502748.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\6540453.date1374023098.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\6613500.date1374023098.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\6616546.date1374023098.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\666015.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\676625.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\679656.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\684203.date1374274206.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\687984.date1374274206.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31888390.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31891781.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31895796.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31899578.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31903031.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31906640.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\332421.date1375553345.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3732421.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3733859.date1374193378.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3735375.date1373166185.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130717135926-2678132.date1374193377.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130717170838-11998583.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130717175152-7813152.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130718110016-1137846.date1374801354.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130718170908-5029388.date1374332430.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130718182439-14603199.date1374269505.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130718192238-15222805.date1374269505.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130718211255-9236489.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130719173317-11780313.date1375156337.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130723163200-11439905.date1374801354.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130724161739-2874339.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130725093542-16123419.date1374881568.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130725110950-9914392.date1375156337.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130725151248-5047981.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130730105357-11729907.date1375553345.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130730154647-15470946.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130731112841-9540638.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130731112935-1601130.date1376016470.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130731113012-3275075.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\20130731173502-14191313.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3951656.date1373841955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3954031.date1373841955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3957015.date1373841955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3959656.date1373841955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3961125.date1373841955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\3977687.date1373841955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\400859.date1373054575.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\404125.date1373054575.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\22216359.date1373764600.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\22219343.date1373764600.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\22222984.date1373764600.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\22227750.date1373764600.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\22230968.date1373764600.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\22249984.date1373764600.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\225156.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2361250.date1374635070.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\237343.date1373421083.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2445937.date1374635070.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\24817656.date1373251256.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\5425734.date1374332430.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\5431953.date1374332430.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\5438640.date1374332430.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\5445125.date1374332430.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\5450171.date1374332430.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\5468468.date1374332430.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\643281.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\651921.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\274484.date1375553345.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\282984.date1375553345.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2843109.date1374881569.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2844937.date1374881569.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2847750.date1374881569.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2851671.date1374881569.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\2860406.date1374881569.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\29350625.date1375156337.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\29357468.date1375156337.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\29388328.date1375156337.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\695562.date1374274206.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\697078.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\699406.date1374274206.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\708046.date1373590115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\751328.date1374274206.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\825484.date1374801355.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\825562.date1372608980.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\83045609.date1374973081.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\83049843.date1374973081.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\83054046.date1374973081.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\83058437.date1374973081.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\83073296.date1374973081.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\8324437.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\834203.date1372608980.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\17070640.date1375056293.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\17078203.date1375056293.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\17113093.date1375056293.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\17120781.date1375056293.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\17148093.date1375056293.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\172859.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\173515.date1373421083.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\175062.date1374269505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\181953.date1373421083.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\1824250.date1373667396.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\29401796.date1375156337.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\29462921.date1375156337.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\298125.date1375553345.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31106890.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31135562.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31157234.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31172234.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31176296.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\31233406.date1373834543.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\206203.date1372611388.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\208203.date1373421083.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\203484.date1372611388.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\flashNew\203890.date1373421083.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\cache\playhome\CDC31C17_EDDD_5D25_B71A_0C33B6C566A4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\DiagnosticConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\FunshionDoctor.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\TmpFile.zip (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\funshionmark.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\question.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\BmpDetect.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\bmpdetection.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\bmpexception.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\bmpNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\bmpOK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\CaptionCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\CaptionMinBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\feedbackbtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\forumhelpbtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\gifChecking.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\gifRepairing.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\gifScanning.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ignorebtnbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ProblemHelpBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\problemtabbk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ProgressBarBK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ProgressBarFG.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\recheck.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\repairBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ReRepairBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\RestoreBtnBK.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarDownArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarUpArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarVerBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarVerWidgetBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarVerWidgetHeadOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarVerWidgetMidOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionDoctor\Tools_skin\ScrollBarVerWidgetTrailOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionTools\FunshionHelper.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionTools\LoadIE.log (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\funshionTools\npFunshion.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第67集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第68集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第69集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\非诚勿扰-20130727-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\非诚勿扰-20130728-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\非诚勿扰-20130803-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\非诚勿扰-20130804-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第57集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第58集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第59集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第60集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第61集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第62集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第63集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第64集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第65集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\historyTorrent\精忠岳飞-第66集-MP4.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\adConfig.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\adConfig.xml.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\adMaterialsTable1.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\Funshion Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\minisite.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\textAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\textMiniAdLink.xml (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cyrus&Kiki\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

(end)
 



Rkill 2.6.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/12/2013 11:41:45 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\nlssrv32.exe (PID: 1712) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * System Restore Disabled

   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\ [ZA Dir]
     * C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\L\ [ZA Dir]
     * C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\U\ [ZA Dir]
     * C:\WINDOWS\Installer\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\ [ZA Dir]
     * C:\WINDOWS\Installer\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\L\ [ZA Dir]
     * C:\WINDOWS\Installer\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\U\ [ZA Dir]

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic

 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled

 * SharedAccess [Missing ImagePath]
 * wscsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

 * C:\WINDOWS\System32\powrprof.dll : 17,408 : 04/14/2008 09:59 PM : 4c8c732253319d8a57dde322df645a94 [NoSig]
 +-> C:\WINDOWS\$NtServicePackUninstall$\powrprof.dll : 17,408 : 04/14/2008 09:59 PM : 4c8c732253319d8a57dde322df645a94 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\powrprof.dll : 17,408 : 04/14/2008 09:59 PM : 4c8c732253319d8a57dde322df645a94 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\powrprof.dll : 17,408 : 04/14/2008 09:59 PM : 4c8c732253319d8a57dde322df645a94 [Pos Repl]

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/12/2013 11:42:46 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)
 



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 13 August 2013 - 12:45 PM

Hello, you have A zeroaccess rootkit. we need to start a new topic to remove it.

 

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 13 August 2013 - 07:18 PM

Hi, I followed the step from preparation guide and ran DDS and it ran but didn't generate any document.

 

Can you kindly advise what should i do?



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:32 PM

Posted 13 August 2013 - 09:55 PM

If there is no DDS.txt document on the Desktop then You can either try running  DDS again or we will use OTL instead of DDS.
 
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 cyrusar

cyrusar
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 PM

Posted 13 August 2013 - 10:16 PM

OTL logfile created on: 13/8/2013 23:03:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Cyrus&Kiki\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
 
2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.54% Memory free
3.85 Gb Paging File | 3.06 Gb Available in Paging File | 79.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 5.48 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 11.19 Gb Free Space | 5.73% Space Free | Partition Type: NTFS
Drive E: | 192.31 Gb Total Space | 36.71 Gb Free Space | 19.09% Space Free | Partition Type: NTFS
Drive F: | 126.96 Gb Total Space | 0.24 Gb Free Space | 0.19% Space Free | Partition Type: NTFS
Drive G: | 105.93 Gb Total Space | 10.74 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
 
Computer Name: CYRUS-KIKI | User Name: Cyrus&Kiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/13 23:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\OTL.exe
PRC - [2013/08/11 18:07:01 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/19 18:34:40 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe
PRC - [2009/11/01 22:30:00 | 002,508,104 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/09/08 17:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:15 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/02/16 11:54:40 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
PRC - [2006/02/16 11:53:06 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2006/02/16 11:11:38 | 000,532,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2005/12/20 16:38:06 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/08 17:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Unknown] --  -- (SharedAccess)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/11 18:07:01 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/19 18:34:40 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/09/08 17:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/02/16 11:54:40 | 000,086,016 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE -- (LBTServ)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CYRUS&~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/18 14:21:08 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130813.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/07/18 14:21:08 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130813.009\NAVENG.SYS -- (NAVENG)
DRV - [2013/06/18 19:43:45 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/11/09 17:44:06 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130813.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/18 05:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/18 05:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/10/15 23:49:58 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/04/10 17:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/02/01 15:17:12 | 000,428,269 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/01 15:13:50 | 000,854,154 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/01 15:11:14 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/01 15:10:32 | 000,064,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/01 15:06:30 | 000,045,475 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2005/12/20 16:54:34 | 000,027,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/12/20 16:54:28 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/08/04 06:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.hk/
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\SearchScopes\{C0F8D4EB-E77B-455D-9045-FB48907B4F5A}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com.hk/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Documents and Settings\Cyrus&Kiki\funshion\funshionTools\npFunshion.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/27 17:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/08/13 19:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012/11/11 00:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/11 20:14:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/11 20:14:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext [2007/10/17 23:37:48 | 000,000,000 | ---D | M]
 
[2013/06/30 12:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cyrus&Kiki\Application Data\Mozilla\Extensions
[2013/08/11 20:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/11 20:14:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/08/11 20:14:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/11 20:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2013/08/11 20:14:19 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-ggic@partners.mozilla.com
[2013/08/11 20:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/11 20:14:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/29 17:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/08/27 17:36:43 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://www.google.com.hk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Google Drive = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2010/10/31 18:16:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {878B8524-AED5-4870-9A96-A515440DAC75} - No CLSID value found.
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online.                              )
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online.                              )
O3 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online.                              )
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech BT Wizard] LBTWiz.exe -silent File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-602162358-2111687655-839522115-1004..\Run: [PPS Accelerator] C:\PROGRA~1\PPStream\ppsap.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用電驢下載 - C:\Program Files\easyMule\IE2EM.htm File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-602162358-2111687655-839522115-1004\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192494645927 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206229050468 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1336AD5-485F-4E0D-8B5D-F219DAAE2EA8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWlgn.DLL (Logitech Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/15 23:11:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/13 23:02:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\OTL.exe
[2013/08/13 20:20:31 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\dds.com
[2013/08/12 19:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/12 19:09:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/12 19:08:28 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\123mno.exe
[2013/08/12 19:04:38 | 001,893,504 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\rkill.com
[2013/08/11 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/11 21:52:18 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\esetsmartinstaller_enu.exe
[2013/08/11 21:29:07 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\tdsskiller.exe
[2013/08/11 21:28:36 | 000,760,937 | ---- | C] (Farbar) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\MiniToolBox.exe
[2013/08/11 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/11 18:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/08/11 18:07:17 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/11 18:07:17 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/11 18:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/11 18:07:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/11 18:07:14 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/11 18:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/27 22:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cyrus&Kiki\Desktop\House
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/13 23:08:32 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\Cyrus&Kiki\FunShion.ini
[2013/08/13 23:02:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\OTL.exe
[2013/08/13 22:29:00 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/13 21:29:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/13 21:23:16 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D377BA26-55A5-45C6-8F03-7C3F89ACA780}.job
[2013/08/13 20:20:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\dds.com
[2013/08/13 19:59:52 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-602162358-2111687655-839522115-1004.job
[2013/08/13 19:59:51 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-2111687655-839522115-1004.job
[2013/08/13 19:57:28 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/08/13 19:57:28 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/08/13 19:57:28 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\FSPlatform.job
[2013/08/13 19:57:24 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\FSPlatform1.job
[2013/08/13 19:57:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/13 19:50:17 | 000,475,980 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/13 19:50:17 | 000,077,014 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/12 19:19:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/12 19:08:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\123mno.exe
[2013/08/12 19:04:39 | 001,893,504 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\rkill.com
[2013/08/11 21:52:20 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\esetsmartinstaller_enu.exe
[2013/08/11 21:29:19 | 000,666,633 | ---- | M] () -- C:\Documents and Settings\Cyrus&Kiki\Desktop\AdwCleaner.exe
[2013/08/11 21:29:07 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\tdsskiller.exe
[2013/08/11 21:28:40 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Cyrus&Kiki\Desktop\MiniToolBox.exe
[2013/08/11 18:07:01 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/08/11 18:07:01 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/08/11 18:07:01 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/08/11 18:07:01 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/08/11 18:07:01 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/08/11 18:07:01 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/08/11 18:07:01 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/08/11 15:01:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/08/11 12:12:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/08/07 21:42:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/07 21:42:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/05 20:14:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/04 22:59:30 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Cyrus&Kiki\Application Data\coreavc.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/13 20:07:31 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\FunShion.ini
[2013/08/12 19:09:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/11 21:29:19 | 000,666,633 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\Desktop\AdwCleaner.exe
[2013/06/26 19:09:35 | 000,003,718 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/04/05 22:18:08 | 001,169,609 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2013/04/05 22:18:07 | 000,085,639 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012/08/26 23:16:38 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat
[2012/08/26 23:07:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2012/02/26 00:47:38 | 001,733,564 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-2111687655-839522115-1004-0.dat
[2012/02/26 00:47:36 | 000,276,722 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/25 21:56:08 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 00:55:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/29 19:36:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\FunshionService.timestamp
[2011/03/28 22:42:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\admovie.jpg
[2010/06/21 03:00:04 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\Application Data\coreavc.ini
[2010/01/22 20:19:10 | 000,003,532 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\vodservercfg.blf.bak
[2009/09/14 00:07:32 | 000,018,218 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qupylanalo._sy
[2009/09/14 00:07:32 | 000,012,804 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\Application Data\ipuzyra.dl
[2007/10/15 23:57:47 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/12/09 11:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\L
[2012/07/18 20:54:28 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\U
[2010/12/09 11:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\L
[2010/12/09 11:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Cyrus&Kiki\Local Settings\Application Data\{625e405d-4750-4f4b-4d15-2d9a73a48c4c}\U
[2008/02/24 23:58:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 


OTL Extras logfile created on: 13/8/2013 23:03:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Cyrus&Kiki\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
 
2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.54% Memory free
3.85 Gb Paging File | 3.06 Gb Available in Paging File | 79.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 5.48 Gb Free Space | 7.01% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 11.19 Gb Free Space | 5.73% Space Free | Partition Type: NTFS
Drive E: | 192.31 Gb Total Space | 36.71 Gb Free Space | 19.09% Space Free | Partition Type: NTFS
Drive F: | 126.96 Gb Total Space | 0.24 Gb Free Space | 0.19% Space Free | Partition Type: NTFS
Drive G: | 105.93 Gb Total Space | 10.74 Gb Free Space | 10.14% Space Free | Partition Type: NTFS
 
Computer Name: CYRUS-KIKI | User Name: Cyrus&Kiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-602162358-2111687655-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Translate\FlashGet 3\FlashGet3.exe" = D:\Translate\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple 應用程式支援
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95250409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allok RM RMVB to AVI MPEG DVD Converter_is1" = Allok RM RMVB to AVI MPEG DVD Converter 1.4.4
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.6
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"GMATPrep 2.1.277" = GMATPrep
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEAK5" = Microsoft Internet Explorer Administration Kit 5
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyCamera" = Canon Utilities MyCamera
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.8.0
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Speed Dial Utility" = Canon Speed Dial Utility
"SysInfo" = Creative System Information
"TTPlayer" = 千千静听 5.7正式版
"uTorrent" = µTorrent
"Verizon Broadband Toolbar Firefox only" = Verizon Broadband Toolbar Firefox only
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"verizon_broad" = Verizon Broadband Toolbar (IE only)
"Video Downloader_is1" = Video Downloader version 2.0
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"WinAVI VideoConverter_is1" = WinAVI VideoConverter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-602162358-2111687655-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent 6.0
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/7/2013 11:35:33 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/7/2013 11:35:39 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/7/2013 11:35:58 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 6/7/2013 11:35:58 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.3.37, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 11/7/2013 23:44:31 | Computer Name = CYRUS-KIKI | Source = Application Error | ID = 1000
Description = Faulting application gom.exe, version 2.1.50.5145, faulting module
 realmediasplitter.ax, version 1.0.1.2, fault address 0x00005b23.
 
Error - 13/7/2013 12:39:42 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 13/7/2013 12:40:06 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 22.0.0.4917, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 26/7/2013 19:29:31 | Computer Name = CYRUS-KIKI | Source = Application Error | ID = 1000
Description = Faulting application gom.exe, version 2.1.50.5145, faulting module
 realmediasplitter.ax, version 1.0.1.2, fault address 0x00005b23.
 
Error - 11/8/2013 18:03:13 | Computer Name = CYRUS-KIKI | Source = Application Hang | ID = 1002
Description = Hanging application lesstabs_1007-de145c3c.exe, version 1.7.2.0, hang
 module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 13/8/2013 19:59:38 | Computer Name = CYRUS-KIKI | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Tried to start a service that wasn't the latest version of CLR Optimization service.
 Will shutdown
 
[ System Events ]
Error - 11/8/2013 21:49:38 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 12/8/2013 18:59:07 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 12/8/2013 19:03:34 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 12/8/2013 19:05:10 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7034
Description = The Nalpeiron Licensing Service service terminated unexpectedly.  
It has done this 1 time(s).
 
Error - 12/8/2013 19:24:38 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 12/8/2013 23:41:50 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7034
Description = The Nalpeiron Licensing Service service terminated unexpectedly.  
It has done this 1 time(s).
 
Error - 13/8/2013 0:07:40 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 13/8/2013 0:11:18 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 13/8/2013 19:42:16 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 13/8/2013 19:58:51 | Computer Name = CYRUS-KIKI | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
 
< End of report >
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users