Jump to content


Photo

Bytes received is more than bytes sent, bytes are active though in Idle.


  • This topic is locked This topic is locked
94 replies to this topic

#1 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 29 October 2011 - 11:38 PM

Hi experts,
I've installed a software called NetMon in order to monitor my pc.

Previously my bytes sent/received are very active and running fast though im in idle. (I din load any webpage or download things or software updates)
After that my bytes received is more than bytes sent, and the bytes thingy still running fast when im in idle.

This caused my internet quota used very fast, I've to pay for every mb i loaded.
So, please help...


I appreciate your attention.
Thank you.

Edit: Please read the Forum FAQ and post the 4 requested logs. We need the information in order to help you.

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 30 October 2011 - 11:08 PM

Please read the Forum FAQ and post the requested logs. We need the information in order to help you.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 31 October 2011 - 05:03 AM

Sorry for the inconvenience.

Here is my mbam log:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8049

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

31/10/2011 5:09:09 PM
mbam-log-2011-10-31 (17-09-09).txt

Scan type: Quick scan
Objects scanned: 184353
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\User\AppData\Roaming\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\User\AppData\Roaming\NetMon\lang_1028.ini (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\NetMon\NetMon.ini (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\NetMon\netmonform.ini (Trojan.NetMon) -> Quarantined and deleted successfully.






Here is the combofix i've did previously.
Hope this helps.



The log of combofix.
p/s: I dint turn on google chrome and other programmes when combofix. It took up more than 10minutes to finish scan.


ComboFix 11-10-27.03 - User 0/2011 Thu 19:15:00.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.2759 [GMT 8:00]
執行位置: c:\users\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Outdated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20110617112420_alibaba110617zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110922171335_moyu110925zanting.swf
c:\favoritevideo\InvisibleFolder\20110922193854_huoyingshijie110923zanting.swf
c:\favoritevideo\InvisibleFolder\20110922205525_huoyingshijie110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110922205606_huoyingshijie110923qipao.swf
c:\favoritevideo\InvisibleFolder\20110922205740_huoyingshijie110923chabo.swf
c:\favoritevideo\InvisibleFolder\20110923153957_jingdong110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923162308_maibaobao110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923163258_pingan110923zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923163718_pingan110923zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110923180519_taoabo110926houtie.swf
c:\favoritevideo\InvisibleFolder\20110923180817_taobao110926zanting.swf
c:\favoritevideo\InvisibleFolder\20110923183227_yingxionglianmeng110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110923183434_yingxionglianmeng110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110926104845_xiandaifs110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926105142_xiandaifs110926zanting.swf
c:\favoritevideo\InvisibleFolder\20110926144233_dongnanqiche110926zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110926144352_dongnanqiche110926cha15s.swf
c:\favoritevideo\InvisibleFolder\20110926160946_maibaobao110926cha15s.swf
c:\favoritevideo\InvisibleFolder\20110926161126_maibaobao110926zanting.swf
c:\favoritevideo\InvisibleFolder\20110926161635_pinganchuangye110926zating15s.swf
c:\favoritevideo\InvisibleFolder\20110926161800_pinganchuangye110926cha15s.swf
c:\favoritevideo\InvisibleFolder\20110926161839_maibaobao110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926171725_quanqiushiming110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110926175852_zhuibu110926zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926180137_zhuibu110926zanting.jpg
c:\favoritevideo\InvisibleFolder\20110926182405_panpan110926jiaobiao1.swf
c:\favoritevideo\InvisibleFolder\20110926182601_panpan110926jiaobiao2.swf
c:\favoritevideo\InvisibleFolder\20110926182753_panpan110926jiaobiao3.swf
c:\favoritevideo\InvisibleFolder\20110926215518_shanhaichuangshilu110927chabo.swf
c:\favoritevideo\InvisibleFolder\20110926215755_shanhaichuangshilu110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110926215940_shanhaichuangshilu110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110927100546_bianfeng110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110927100706_bianfeng110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927102553_chuanqi110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927103020_guangqichuanqi110927zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110927103243_guangqichuanqi110927cha15s.swf
c:\favoritevideo\InvisibleFolder\20110927103633_1haodian110927cha15s.swf
c:\favoritevideo\InvisibleFolder\20110927104005_1haodian110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927104204_nvwujijie110927zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927104247_1haodian110927zanting.swf
c:\favoritevideo\InvisibleFolder\20110927121627_kuainvwenjuan110927zanting.jpg
c:\favoritevideo\InvisibleFolder\20110927135607_shenguishijie110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927135744_shenguishijie110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110927151210_zhengtumianfei110929zanting.swf
c:\favoritevideo\InvisibleFolder\20110927151425_zhengtumianfie110930zanting.swf
c:\favoritevideo\InvisibleFolder\20110927161042_taohuayuanji111002zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927161150_guangzhoujinye110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927170254_yitiantulong110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927170507_yitiantulong110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110927173940_qiannvyouhun110930zanting.swf
c:\favoritevideo\InvisibleFolder\20110927174121_qiba110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927181748_xunxian110930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110927182112_xunxian111005zanting.swf
c:\favoritevideo\InvisibleFolder\20110928122430_37wan110929zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928135536_oulaiya110928zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928135708_oulaiya110928zanting.swf
c:\favoritevideo\InvisibleFolder\20110928155510_shijitiancheng111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110928164546_yongbing110930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928175337_moyu111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110928181438_qiannvyouhun111003zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110928181624_qiannvyouhun111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110928182536_kuainvwenjuan110928jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20110929103414_zuixiaoyao111007zanting.swf
c:\favoritevideo\InvisibleFolder\20110929111421_yingxionglianmeng110906zanting.swf
c:\favoritevideo\InvisibleFolder\20110929111705_yingxionglianmeng111007zanting.swf
c:\favoritevideo\InvisibleFolder\20110929112311_yingxionglianmeng111004zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929115505_lieguo110930zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929115628_lieguo110930zanting.swf
c:\favoritevideo\InvisibleFolder\20110929140819_saishiti111001azhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929141026_aitishi111001azanting.jpg
c:\favoritevideo\InvisibleFolder\20110929141429_aishiti111001achabo.jpg
c:\favoritevideo\InvisibleFolder\20110929152449_xiandaifs110929zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929152611_xiandaifs110929zanting.swf
c:\favoritevideo\InvisibleFolder\20110929170234_tengxundnf111006zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110929170521_tengxundnf111009zanting.swf
c:\favoritevideo\InvisibleFolder\20110929173139_17vee110929zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930105007_qqfeiche111003zanting.swf
c:\favoritevideo\InvisibleFolder\20110930121728_neibuguanggaomoren110930zhu15s.jpg
c:\favoritevideo\InvisibleFolder\20110930135908_chuanqi111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930140207_guangqichuanqi111001cha15s.swf
c:\favoritevideo\InvisibleFolder\20110930140235_1haodian111008cha15s.swf
c:\favoritevideo\InvisibleFolder\20110930140619_1haodian111008zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930140830_1haodian111008zanting.swf
c:\favoritevideo\InvisibleFolder\20110930143739_taobao111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110930143903_taobao111001houtie.swf
c:\favoritevideo\InvisibleFolder\20110930144008_taobao111001qipao.swf
c:\favoritevideo\InvisibleFolder\20110930145107_taobao111001chabo.swf
c:\favoritevideo\InvisibleFolder\20110930151327_vasmoren110930zanting.jpg
c:\favoritevideo\InvisibleFolder\20110930164224_shengshishaguo111001chabo.swf
c:\favoritevideo\InvisibleFolder\20110930164357_shengshishanguo2fu111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930164531_shengshisanguo2fu111001zanting.swf
c:\favoritevideo\InvisibleFolder\20110930215822_jintiannichuanyue111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110930215939_jintiannichuanyue111001zanting.jpg
c:\favoritevideo\InvisibleFolder\20110930230148_zhuainannvshen111001zanting.jpg
c:\favoritevideo\InvisibleFolder\20111001020448_moren111001zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111001083240_shenxiandao8f111004chabo.swf
c:\favoritevideo\InvisibleFolder\20111001083424_shenxiandao8f111004zanting.swf
c:\favoritevideo\InvisibleFolder\20111001084233_shenxiandao8f111004zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111002185144_youbaoguang111008zanting15s.swf
c:\favoritevideo\InvisibleFolder\20111002185333_wubaoguang111008zanting15s.swf
c:\favoritevideo\InvisibleFolder\20111003091620_haier111003zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111005210435_huoyingshijie111007chabo.swf
c:\favoritevideo\InvisibleFolder\20111005210549_huoyingshijie111007zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111005210638_huoyingshijie111007zanting.swf
c:\favoritevideo\InvisibleFolder\20111008132532_neibuguanggaomoren111008.swf
c:\favoritevideo\InvisibleFolder\20111008143626_teliwu111012zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111008144900_taobao111009houtie.swf
c:\favoritevideo\InvisibleFolder\20111008145030_taobao111009zanting.swf
c:\favoritevideo\InvisibleFolder\20111008145118_taobao111009chabo.swf
c:\favoritevideo\InvisibleFolder\20111008155239_maibaobao111008zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111008155349_maibaobao111008zanting.swf
c:\favoritevideo\InvisibleFolder\20111008155521_maibaobao111008cha15s.swf
c:\favoritevideo\InvisibleFolder\20111008173428_zhuxian111010zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111008173536_zhuxian111010zanting.swf
c:\favoritevideo\InvisibleFolder\20111008174023_chuanqi111009zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111008175642_chuanqi111008cha15s.swf
c:\favoritevideo\InvisibleFolder\20111009150407_aishiti111011chabo.jpg
c:\favoritevideo\InvisibleFolder\20111009150512_aishiti111011zanting.jpg
c:\favoritevideo\InvisibleFolder\20111009150713_aishiti111011zhu30s.swf
c:\favoritevideo\InvisibleFolder\20111009160553_xibohui111010zanting.swf
c:\favoritevideo\InvisibleFolder\20111009160640_xibohui111010chabo.swf
c:\favoritevideo\InvisibleFolder\20111009174046_taobao111011chabo.swf
c:\favoritevideo\InvisibleFolder\20111009174124_taobao111011houtie.swf
c:\favoritevideo\InvisibleFolder\20111009174159_taobao111011zanting.swf
c:\favoritevideo\InvisibleFolder\20111009174246_taobao111011qipao.swf
c:\favoritevideo\InvisibleFolder\20111009182022_51bigou111010zanting.swf
c:\favoritevideo\InvisibleFolder\20111009220648_shanhaichuangshi111010chabo.swf
c:\favoritevideo\InvisibleFolder\20111009220909_shanhaichuangshi111010zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111009221015_shanhaichuangshi111010zanting.swf
c:\favoritevideo\InvisibleFolder\20111009225042_sucaicyouhuoban111009zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111010134011_aoleyagao111010zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111010153343_51bigou111010newzanting.swf
c:\favoritevideo\InvisibleFolder\20111010181114_pptvmoren111010zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111011101718_weipinhui111011zhu15s(0).swf
c:\favoritevideo\InvisibleFolder\20111011140430_lvzhengxianfeng111012zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111011140547_fazhengxianfeng111012zanting.jpg
c:\favoritevideo\InvisibleFolder\20111011160146_maibaobao111011zanting.swf
c:\favoritevideo\InvisibleFolder\20111011160258_maibaobao111011cha15s.swf
c:\favoritevideo\InvisibleFolder\20111011221226_taobao111013chabo.swf
c:\favoritevideo\InvisibleFolder\20111011221318_taobao111013houtie.swf
c:\favoritevideo\InvisibleFolder\20111011221356_taobao111013zanting.swf
c:\favoritevideo\InvisibleFolder\20111012175346_wenjuan110801houtie15s.swf
c:\favoritevideo\InvisibleFolder\20111012183240_meilianyingyu111012zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111012183832_shenguishijie11012zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111012184103_shenguishijie111013zanting.swf
c:\favoritevideo\InvisibleFolder\20111012184744_shengshi3fu111013chabo.swf
c:\favoritevideo\InvisibleFolder\20111012184836_shengshi3fu111013houtie.swf
c:\favoritevideo\InvisibleFolder\20111012185037_shengshi3fu111013zanting.swf
c:\favoritevideo\InvisibleFolder\20111012213207_alibaba111012zanting.swf
c:\favoritevideo\InvisibleFolder\20111013115819_youpingwang111013zanting.swf
c:\favoritevideo\InvisibleFolder\20111013143543_hongjifengniao111014zanting.swf
c:\favoritevideo\InvisibleFolder\20111013151458_huashuoxuanguwang111014chabo.gif
c:\favoritevideo\InvisibleFolder\20111013155736_zuixiaoyao111014zanting.swf
c:\favoritevideo\InvisibleFolder\20111013162134_jianengjinpaidian111017zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111013162254_jianengjinpaidian111017zanting.swf
c:\favoritevideo\InvisibleFolder\20111013163327_tengxundnf111016zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111013163536_tengxundnf111014zanting.swf
c:\favoritevideo\InvisibleFolder\20111013165355_maibaobao111013zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111013171416_qiannvyouhun111014zanting.swf
c:\favoritevideo\InvisibleFolder\20111014121609_qiannvyouhun111015zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111014144943_meizhiyuan111017diantizhu15s.wmv
c:\favoritevideo\InvisibleFolder\20111014160449_xingji2111015zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111014163333_xingji2111015zanting.swf
c:\favoritevideo\InvisibleFolder\20111014163635_xingji2111015jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20111014181025_aomenjiudian111014zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111014181249_taobao111015qipao.swf
c:\favoritevideo\InvisibleFolder\20111014181319_taobao111015zanting.swf
c:\favoritevideo\InvisibleFolder\20111014181355_taobao111015chabo.swf
c:\favoritevideo\InvisibleFolder\20111014181432_taobao111015houtie.swf
c:\favoritevideo\InvisibleFolder\20111014183539_wendao111015zanting.swf
c:\favoritevideo\InvisibleFolder\20111014184226_dianhun111015zanting.swf
c:\favoritevideo\InvisibleFolder\20111014225036_qiretingfengyun111014zanting.jpg
c:\favoritevideo\InvisibleFolder\20111014225512_qietingfengyun111014zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111015141924_wolongyin111016chabo.swf
c:\favoritevideo\InvisibleFolder\20111015142335_wolongyin111016zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111015142506_wolongyin111016zanting.swf
c:\favoritevideo\InvisibleFolder\20111015152451_aishiti111017zanting.jpg
c:\favoritevideo\InvisibleFolder\20111015152554_aishiti111017chabo.jpg
c:\favoritevideo\InvisibleFolder\20111017141829_aomenjiudian111017zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111017163732_tianlongbabu111018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111017164244_tianlongbabu111018zanting.swf
c:\favoritevideo\InvisibleFolder\20111017175318_tengxundnf111018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111017175527_tengxundnf111020zanting.swf
c:\favoritevideo\InvisibleFolder\20111017183033_shuangxingxian111018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111017183240_shuangxingxian111018zanting.swf
c:\favoritevideo\InvisibleFolder\20111017183708_alibaba111017zanting.swf
c:\favoritevideo\InvisibleFolder\20111018105843_shuangxingxian111018zhu15snew.swf
c:\favoritevideo\InvisibleFolder\20111018131518_shenxiandao111019chabo.swf
c:\favoritevideo\InvisibleFolder\20111018131557_shenxiandao111019zanting.swf
c:\favoritevideo\InvisibleFolder\20111018133141_dongfengbiaozhi111018qipao.swf
c:\favoritevideo\InvisibleFolder\20111018150344_zhuxian111019zanting.swf
c:\favoritevideo\InvisibleFolder\20111018155329_dacheng111019zanting.swf
c:\favoritevideo\InvisibleFolder\20111018172733_tianlongbabu111019zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111018173716_tianlongbabu111019zanting.swf
c:\favoritevideo\InvisibleFolder\20111018175820_dianhun111019zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111018223530_shenxiandao111019zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111018224225_wolongyin111018zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111019133524_1haodian111019zanting.swf
c:\favoritevideo\InvisibleFolder\20111019133716_1haodian111019cha15s.swf
c:\favoritevideo\InvisibleFolder\20111019133833_1haodian111019zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111019172154_oulaiya111020zanting15s.swf
c:\favoritevideo\InvisibleFolder\20111019172231_dongfengbiaozhi111021zanting.swf
c:\favoritevideo\InvisibleFolder\20111019172403_dongfengbiaozhi111021zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111019173246_tianlongbabu111020zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111019173421_tianlongbabu111020zanting.swf
c:\favoritevideo\InvisibleFolder\20111019173506_oulaiya111019zantingnopv.swf
c:\favoritevideo\InvisibleFolder\20111019174523_taobao111020chabo.swf
c:\favoritevideo\InvisibleFolder\20111019174603_taobao111020zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111019174953_taobao111020zanting.swf
c:\favoritevideo\InvisibleFolder\20111019185529_qqfeiche111021.swf
c:\favoritevideo\InvisibleFolder\20111019185743_qqfeiche111020zanting.swf
c:\favoritevideo\InvisibleFolder\20111020155017_qqfeiche111023zanting.swf
c:\favoritevideo\InvisibleFolder\20111020155713_qiannvyouhun111021zanting.swf
c:\favoritevideo\InvisibleFolder\20111020155848_qiannvyouhun111022zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111020164318_moyu111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111020172521_aishiti111024zanting.jpg
c:\favoritevideo\InvisibleFolder\20111020172545_aishiti111020chabo.jpg
c:\favoritevideo\InvisibleFolder\20111020174124_tianlongbabu111021zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111020174248_tianlongbabu111021zanting.swf
c:\favoritevideo\InvisibleFolder\20111020175755_guangyuwendao111021zanting.swf
c:\favoritevideo\InvisibleFolder\20111020182221_yingxionglianmeng111022zanting.swf
c:\favoritevideo\InvisibleFolder\20111020182406_yingxionglianmeng111023zanting.swf
c:\favoritevideo\InvisibleFolder\20111020182547_yingxionglianmeng111023zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111021131821_taobao111024chabo.swf
c:\favoritevideo\InvisibleFolder\20111021132142_taobao111024zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111021132435_taobao111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111021132514_taobao111024qipao.swf
c:\favoritevideo\InvisibleFolder\20111021143946_huoying3f111022zanting.swf
c:\favoritevideo\InvisibleFolder\20111021144449_huoying3f111022zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111021155756_yougou111022qipao.swf
c:\favoritevideo\InvisibleFolder\20111021160117_yougouwang111022zanting.swf
c:\favoritevideo\InvisibleFolder\20111021163203_maibaobao111021zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111021163359_maibaobao111021zanting.swf
c:\favoritevideo\InvisibleFolder\20111021163523_maibaobao111021cha15s.swf
c:\favoritevideo\InvisibleFolder\20111021184322_beijingyidong111022zanting.swf
c:\favoritevideo\InvisibleFolder\20111021184618_zhenqiao111023jiaobiaozhuliu.swf
c:\favoritevideo\InvisibleFolder\20111021223211_zhenqiao111023zanting.swf
c:\favoritevideo\InvisibleFolder\20111024104653_renbaochexian111024zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111024104742_renbaochexian111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111024104856_renbaochexian111024chabo.swf
c:\favoritevideo\InvisibleFolder\20111024110623_yihaodian111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111024110821_yihaodian111024cha15s.swf
c:\favoritevideo\InvisibleFolder\20111024111014_yihaodian111024zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111024210445_guangqichuanqi111024zanting.swf
c:\favoritevideo\InvisibleFolder\20111025100349_yougouwang111025zanting.swf
c:\favoritevideo\InvisibleFolder\20111025100454_yougouwang111025qipao.swf
c:\favoritevideo\InvisibleFolder\20111025103256_xianglong18zhang111026chabo.swf
c:\favoritevideo\InvisibleFolder\20111025103528_xianglong18zhang111026zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111025103617_xianglong18zhang111026zanting.swf
c:\favoritevideo\InvisibleFolder\20111025133535_tgcshengdian111025zanting.swf
c:\favoritevideo\InvisibleFolder\20111025180920_guangyuwendao111025zanting.swf
c:\favoritevideo\InvisibleFolder\20111025181835_shengmozhixue111026zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111025181959_shengmozhixue111026zanting.swf
c:\favoritevideo\InvisibleFolder\20111025205649_zhenqiao111025zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111025210044_zhenqiao111026zanting.swf
c:\favoritevideo\InvisibleFolder\20111025210241_zhenqiao111026jiaobiao.swf
c:\favoritevideo\InvisibleFolder\20111026135536_taobao111027zanting.swf
c:\favoritevideo\InvisibleFolder\20111026135725_taobao111027houtie.swf
c:\favoritevideo\InvisibleFolder\20111026135802_taobao111027chabo.swf
c:\favoritevideo\InvisibleFolder\20111026151339_shenmo111027zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111026151450_shenmo111027zanting.swf
c:\favoritevideo\InvisibleFolder\20111027174858_maibaobao111027zhu15s.swf
c:\favoritevideo\InvisibleFolder\20111027175043_maibaobao111027cha15s.swf
c:\favoritevideo\InvisibleFolder\20111027175246_maibaobao111027zanting.swf
c:\favoritevideo\InvisibleFolder\sop.dll
c:\users\User\AppData\Local\Temp\nsv771D.tmp\nsDialogs.dll
c:\users\User\AppData\Local\Temp\nsv771D.tmp\System.dll
c:\users\User\AppData\Local\Temp\VAProxyD_temp0.dll
c:\users\User\AppData\Roaming\8A25.exe
c:\users\User\AppData\Roaming\C995.tmp
c:\users\User\AppData\Roaming\CF04.exe
c:\users\User\AppData\Roaming\D652.exe
c:\users\User\AppData\Roaming\NetMon
c:\users\User\AppData\Roaming\NetMon\Lang_1028.ini
c:\users\User\AppData\Roaming\NetMon\NetMon.ini
c:\users\User\AppData\Roaming\NetMon\NetMonForm.INI
c:\windows\SysWow64\~.inf
.
.
((((((((((((((((((((((((( 2011-09-27 至 2011-10-27 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2011-10-27 11:42 . 2011-10-27 11:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-27 11:42 . 2011-10-27 11:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-26 15:48 . 2011-10-26 15:48 -------- d-----w- C:\VritualRoot
2011-10-26 14:04 . 2011-10-26 14:05 -------- d-----w- c:\programdata\Comodo
2011-10-26 14:04 . 2011-10-26 14:04 -------- d-----w- c:\program files\COMODO
2011-10-26 14:04 . 2011-10-26 14:04 -------- d-----w- c:\programdata\Comodo Downloader
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg6n.sys
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg5n.sys
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg4n.sys
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg3n.sys
2011-10-26 13:15 . 2004-10-15 10:17 60496 ----a-w- c:\windows\SysWow64\drivers\Teefer.sys
2011-10-26 13:15 . 2004-10-15 10:18 21075 ----a-w- c:\windows\SysWow64\drivers\wpsdrvnt.sys
2011-10-26 13:14 . 2004-10-15 10:32 83096 ----a-w- c:\windows\SysWow64\SSSensor.dll
2011-10-26 13:14 . 2011-10-26 13:14 -------- d-----w- c:\program files (x86)\Sygate
2011-10-26 13:14 . 2011-10-26 13:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-26 12:26 . 2011-10-26 12:26 -------- d-----w- c:\program files (x86)\StoneSoftwares
2011-10-26 05:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49062E72-BEF6-4D35-9ADB-B006F2F8EB07}\mpengine.dll
2011-10-26 05:07 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 05:07 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-16 23:50 . 2011-10-23 13:02 -------- d-----w- c:\users\User\AppData\Roaming\Epson
2011-10-16 14:27 . 2011-10-16 14:27 -------- d-----w- c:\programdata\UDL
2011-10-16 14:26 . 2011-10-16 14:26 -------- d-----w- c:\program files\Epson Software
2011-10-16 14:26 . 2011-10-16 14:27 -------- d-----w- c:\program files (x86)\Epson Software
2011-10-16 14:24 . 2011-10-16 14:24 -------- d-----w- c:\users\User\AppData\Local\ABBYY
2011-10-16 14:23 . 2011-10-16 14:25 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2011-10-16 14:23 . 2011-10-16 14:23 -------- d-----w- c:\programdata\ABBYY
2011-10-16 14:23 . 2011-10-16 14:23 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-10-16 14:22 . 2011-10-16 14:22 -------- d-----w- c:\program files\Common Files\EPSON
2011-10-16 14:20 . 2007-04-10 02:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2011-10-16 14:20 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMGGI.DLL
2011-10-16 14:20 . 2009-10-01 04:01 88064 ----a-w- c:\windows\system32\E_IBCBGGI.DLL
2011-10-16 14:20 . 2011-10-23 13:03 -------- d-----w- c:\programdata\EPSON
2011-10-16 14:20 . 2011-10-16 14:26 -------- d-----w- c:\program files (x86)\epson
2011-10-16 14:20 . 2009-11-19 16:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2011-10-16 14:20 . 2009-04-30 16:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-10-16 14:20 . 2009-04-30 16:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-10-13 10:10 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 10:10 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 10:10 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 10:10 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 10:08 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 10:08 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 10:08 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 10:08 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 11:00 . 2011-10-12 11:00 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
2011-10-08 01:50 . 2011-10-08 01:50 -------- d-----w- c:\users\User\AppData\Roaming\NVIDIA
2011-10-07 15:08 . 2011-10-07 15:32 -------- d-----w- c:\users\User\AppData\Local\ReaJPEG
2011-10-07 10:48 . 2011-10-07 10:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 10:47 . 2011-10-07 10:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 10:47 . 2011-10-07 10:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 10:47 . 2011-10-07 10:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 10:47 . 2011-10-07 10:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 10:47 . 2011-10-07 10:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 10:47 . 2011-10-07 10:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-10-06 02:53 . 2011-10-06 02:53 -------- d-----w- c:\windows\Sun
2011-10-03 09:10 . 2011-10-27 10:49 -------- d-----w- c:\programdata\QvodPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 07:23 . 2011-09-10 04:13 48528834 ----a-w- c:\windows\SysWow64\~.tmp
2011-10-17 12:20 . 2011-02-22 03:49 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-05 01:52 . 2011-06-05 01:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 12:10 . 2011-09-01 12:10 0 ----a-w- c:\windows\SysWow64\nsaDD26.tmp
2011-09-01 12:10 . 2011-09-01 12:10 0 ----a-w- c:\windows\system32\nslDDB4.tmp
2011-09-01 12:10 . 2011-09-01 12:10 0 ----a-w- c:\windows\SysWow64\nsvB6A2.tmp
2011-08-31 09:00 . 2011-07-15 02:34 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 12:13 . 2011-02-21 03:38 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-22 01:05 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2011-08-22 01:05 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys
2011-08-19 05:36 . 2011-08-19 05:11 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-19 05:36 . 2011-08-19 05:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll
2011-08-07 15:21 . 2011-08-07 15:21 2690928 ----a-w- c:\windows\SysWow64\SogouPY.ime
2011-08-07 15:21 . 2011-01-20 03:37 4703088 ----a-w- c:\windows\system32\SogouPY.ime
2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-21_10.55.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-16 14:20 . 2009-01-10 16:00 45056 c:\windows\twain_32\escndv\local\0809\escndvrs.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\local\0804\escndvrs.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\local\0412\escndvrs.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\local\0404\escndvrs.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 49152 c:\windows\twain_32\escndv\estwm.exe
+ 2011-10-16 14:20 . 2009-01-09 16:00 86016 c:\windows\twain_32\escndv\es00a9\local\0809\esmpsres.dll
+ 2011-10-16 14:20 . 2009-01-13 16:00 90112 c:\windows\twain_32\escndv\es00a9\local\0804\esres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 73728 c:\windows\twain_32\escndv\es00a9\local\0804\esmpsres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 73728 c:\windows\twain_32\escndv\es00a9\local\0412\esmpsres.dll
+ 2011-10-16 14:20 . 2009-01-13 16:00 94208 c:\windows\twain_32\escndv\es00a9\local\0404\esres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 73728 c:\windows\twain_32\escndv\es00a9\local\0404\esmpsres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 45056 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\eptifres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 45056 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\eppitres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 45056 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\eppijres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 49152 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\eppdfres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 45056 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\epmtfres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 45056 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\epjpgres.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 45056 c:\windows\twain_32\escndv\es00a9\ffmt\local\0809\epbmpres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\eptifres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\eppitres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\eppijres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 36864 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\eppdfres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\epmtfres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\epjpgres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0804\epbmpres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\eptifres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\eppitres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\eppijres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 36864 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\eppdfres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\epmtfres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\epjpgres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0412\epbmpres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\eptifres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\eppitres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\eppijres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 36864 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\eppdfres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\epmtfres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\epjpgres.dll
+ 2011-10-16 14:20 . 2009-01-11 16:00 32768 c:\windows\twain_32\escndv\es00a9\ffmt\local\0404\epbmpres.dll
+ 2011-10-16 14:20 . 2005-08-28 16:00 98304 c:\windows\twain_32\escndv\es00a9\ffmt\espimtif.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 90112 c:\windows\twain_32\escndv\es00a9\ffmt\epbmp.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 49152 c:\windows\twain_32\escndv\es00a9\estwm.exe
+ 2011-10-16 14:20 . 2008-04-10 16:00 53248 c:\windows\twain_32\escndv\es00a9\esicm.dll
+ 2011-10-16 14:20 . 2009-01-13 16:00 36864 c:\windows\twain_32\escndv\es00a9\esdscl.dll
+ 2011-10-16 14:20 . 2008-07-15 16:00 94208 c:\windows\twain_32\escndv\es00a9\esdde.dll
+ 2011-10-16 14:20 . 2006-11-01 16:00 90112 c:\windows\twain_32\escndv\es00a9\esddc.dll
+ 2011-10-13 10:11 . 2011-08-20 04:27 67072 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-10 09:10 . 2011-06-21 05:26 67072 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-10 09:10 . 2011-06-21 05:28 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-13 10:11 . 2011-08-20 04:31 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2011-08-10 09:10 . 2011-06-21 05:26 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2011-10-13 10:11 . 2011-08-20 04:27 48128 c:\windows\SysWOW64\jsproxy.dll
+ 2004-10-15 10:31 . 2004-10-15 10:31 99480 c:\windows\SysWOW64\FwsVpn.dll
+ 2009-07-14 04:54 . 2011-10-27 06:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-19 05:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-19 05:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-27 06:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-19 05:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-27 06:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 01:53 . 2011-10-26 13:18 73298 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-26 13:18 34652 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-21 01:32 . 2011-10-26 13:18 17184 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060712862-2128723342-4021548419-1000_UserData.bin
+ 2011-10-16 14:20 . 2007-11-28 02:01 82432 c:\windows\system32\spool\drivers\x64\3\EPSET64.DLL
+ 2011-10-16 14:20 . 2009-09-14 06:00 74752 c:\windows\system32\spool\drivers\x64\3\E_IREDGGI.DLL
+ 2011-10-16 14:20 . 2009-08-05 05:20 84992 c:\windows\system32\spool\drivers\x64\3\E_IMW0GGI.DLL
+ 2011-10-16 14:20 . 2009-10-23 02:00 35840 c:\windows\system32\spool\drivers\x64\3\E_IHSRGGI.DLL
+ 2011-10-16 14:20 . 2009-08-10 04:07 25600 c:\windows\system32\spool\drivers\x64\3\E_IGRCGGI.DLL
+ 2011-10-16 14:20 . 2009-11-05 01:06 20992 c:\windows\system32\spool\drivers\x64\3\E_IGEPGGI.DLL
+ 2011-10-16 14:20 . 2010-03-12 01:00 28160 c:\windows\system32\spool\drivers\x64\3\E_IAUDGGI.DLL
+ 2011-10-16 14:20 . 2009-10-23 08:00 55296 c:\windows\system32\spool\drivers\x64\3\E_IASRGGI.DLL
+ 2011-10-16 14:20 . 2009-08-24 07:08 58368 c:\windows\system32\spool\drivers\x64\3\E_FBL6GGI.DLL
+ 2011-10-16 14:20 . 2007-12-07 06:03 49152 c:\windows\system32\spool\drivers\x64\3\E_FBA6GGI.DLL
- 2011-08-10 09:10 . 2011-06-21 06:19 97280 c:\windows\system32\mshtmled.dll
+ 2011-10-13 10:11 . 2011-08-20 05:34 97280 c:\windows\system32\mshtmled.dll
- 2011-08-10 09:10 . 2011-06-21 06:20 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-10-13 10:11 . 2011-08-20 05:37 95232 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-10-13 10:11 . 2011-08-20 05:33 64512 c:\windows\system32\jsproxy.dll
- 2011-08-10 09:10 . 2011-06-21 06:18 64512 c:\windows\system32\jsproxy.dll
- 2009-07-14 05:30 . 2011-07-14 02:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-10-26 14:05 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-10-07 10:48 . 2011-10-07 10:48 93200 c:\windows\system32\DriverStore\FileRepository\inspect.inf_amd64_neutral_a7ec3789bc21a5c0\inspect.sys
+ 2011-10-16 14:20 . 2009-04-30 16:00 17408 c:\windows\system32\DriverStore\FileRepository\esa9.inf_amd64_neutral_9d4863e84ff5360f\esxcdev.dll
+ 2011-10-16 14:20 . 2009-01-09 16:00 49152 c:\windows\system32\DriverStore\FileRepository\esa9.inf_amd64_neutral_9d4863e84ff5360f\estwm.exe
+ 2011-10-16 14:20 . 2008-04-10 16:00 53248 c:\windows\system32\DriverStore\FileRepository\esa9.inf_amd64_neutral_9d4863e84ff5360f\esicm.dll
+ 2011-10-16 14:20 . 2009-01-13 16:00 36864 c:\windows\system32\DriverStore\FileRepository\esa9.inf_amd64_neutral_9d4863e84ff5360f\esdscl.dll
+ 2011-10-16 14:20 . 2008-07-15 16:00 94208 c:\windows\system32\DriverStore\FileRepository\esa9.inf_amd64_neutral_9d4863e84ff5360f\esdde.dll
+ 2011-10-16 14:20 . 2006-11-01 16:00 90112 c:\windows\system32\DriverStore\FileRepository\esa9.inf_amd64_neutral_9d4863e84ff5360f\esddc.dll
+ 2011-10-16 14:20 . 2007-11-28 02:01 82432 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\EPSET64.DLL
+ 2011-10-16 14:20 . 2009-08-10 04:07 25600 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\EPIPGI30.DLL
+ 2011-10-16 14:20 . 2009-10-01 04:01 88064 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\ECBTEGB.DLL
+ 2011-10-16 14:20 . 2009-08-24 07:08 58368 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\EBPBIDI6.DLL
+ 2011-10-16 14:20 . 2007-12-07 06:03 49152 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\EBAPI6.DLL
+ 2011-10-16 14:20 . 2009-10-23 08:00 55296 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_SCE0GB.DLL
+ 2011-10-16 14:20 . 2009-10-23 02:00 35840 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_HCE0GB.DLL
+ 2011-10-16 14:20 . 2009-08-05 05:20 84992 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_GUMWF5.DLL
+ 2011-10-16 14:20 . 2009-09-14 06:00 74752 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_GRED10.DLL
+ 2011-10-16 14:20 . 2007-04-10 02:06 10752 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_GCINST.DLL
+ 2011-10-16 14:20 . 2010-03-12 01:00 28160 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_GAUDF1.DLL
+ 2011-10-16 14:20 . 2009-11-05 01:06 20992 c:\windows\system32\DriverStore\FileRepository\e_gf1ggi.inf_amd64_neutral_b3fb9a504e140eec\WINX64\E_DGE641.DLL
+ 2011-07-13 04:46 . 2011-04-28 03:54 80384 c:\windows\system32\drivers\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\drivers\bthenum.sys
+ 2011-02-20 10:06 . 2011-10-27 11:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-20 10:06 . 2011-08-21 04:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-20 10:06 . 2011-08-21 04:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-20 10:06 . 2011-10-27 11:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-27 11:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-21 04:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-06-30 00:31 . 2009-08-19 15:50 24416 c:\windows\system32\AdobePDFUI.dll
+ 2011-09-16 23:36 . 2009-08-19 15:50 24416 c:\windows\system32\AdobePDFUI.dll
+ 2011-08-24 08:05 . 2011-07-09 05:29 49664 c:\windows\servicing\GC64\tzupd.exe
- 2011-07-07 15:01 . 2010-11-20 13:25 49664 c:\windows\servicing\GC64\tzupd.exe
- 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-22 05:18 . 2011-10-26 13:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-10-27 05:29 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-08-13 16:14 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-02-22 05:18 . 2011-10-26 13:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-22 05:18 . 2011-08-21 10:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-22 05:18 . 2011-10-26 13:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 03:02 . 2011-10-27 11:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 03:02 . 2011-10-27 11:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-06 08:48 . 2011-04-06 08:48 11120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
+ 2011-07-09 02:05 . 2011-07-09 02:05 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2011-04-12 14:16 . 2011-04-12 14:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
- 2010-03-18 06:27 . 2010-03-18 06:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-05-17 02:08 . 2011-05-17 02:08 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2011-04-06 08:48 . 2011-04-06 08:48 11120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
+ 2011-07-09 01:30 . 2011-07-09 01:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-04-12 07:11 . 2011-04-12 07:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2011-05-17 01:27 . 2011-05-17 01:27 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
- 2010-03-18 05:16 . 2010-03-18 05:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-10-13 19:07 . 2011-10-13 19:07 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-08-10 10:55 . 2011-08-10 10:55 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 31 October 2011 - 11:40 AM

Hi experts,
I've installed a software called NetMon in order to monitor my pc.

Previously my bytes sent/received are very active and running fast though im in idle. (I din load any webpage or download things or software updates)
After that my bytes received is more than bytes sent, and the bytes thingy still running fast when im in idle.

MBAM has identified your Netmon as a trojan. Uninstall it.
You might want to get the Microsoft tool Microsoft Network Monitor
The second download button is the one to use. The tool will give you a detailed insight into what is connecting to the internet. You will probably be surprised at the number of active connections. It doesn't tell you the number of bytes sent and received, which are pretty meanngless numbers as they include all sorts of background non-data traffic.

More important, please do these scans:
Please download tdsskiller.exe and save it to your Desktop. Go here for information.
  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply, along with DDS.txt, checkup.txt and the MBAM log

Please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 31 October 2011 - 01:29 PM

Dear cnm,

Hi again.

I've uninstalled Netmon and installed Microsoft Network Monitor, but I not sure how to use it. Can you kindly explain how to monitor how much mb I've load from internet?
tdsskiller.exe found a suspicious threat.






I couldnt proceed the DSS part.
There was no response when I clicked it.

This is the log of security check:

Posted Image

Checkup notepad


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Sygate Personal Firewall
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 7
Java™ SE Development Kit 7
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (3.1.7) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````




Here is the MBRCheck log:
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P67A-UD3
Logical Drives Mask: 0x000000bc

Kernel Drivers (total 171):
0x03414000 \SystemRoot\system32\ntoskrnl.exe
0x039FD000 \SystemRoot\system32\hal.dll
0x00BC1000 \SystemRoot\system32\kdcom.dll
0x00CBF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0E000 \SystemRoot\system32\PSHED.dll
0x00D22000 \SystemRoot\system32\CLFS.SYS
0x00EB0000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F70000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0106C000 \SystemRoot\System32\Drivers\sptd.sys
0x011C9000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x00F7F000 \SystemRoot\system32\drivers\ACPI.sys
0x0102F000 \SystemRoot\system32\drivers\msisadrv.sys
0x01039000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00D80000 \SystemRoot\system32\drivers\pci.sys
0x01046000 \SystemRoot\System32\drivers\partmgr.sys
0x011D2000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD6000 \SystemRoot\System32\drivers\mountmgr.sys
0x011E7000 \SystemRoot\system32\drivers\pavboot64.sys
0x00C5C000 \SystemRoot\system32\drivers\vmbus.sys
0x00C98000 \SystemRoot\system32\drivers\winhv.sys
0x011F2000 \SystemRoot\system32\drivers\atapi.sys
0x00DB3000 \SystemRoot\system32\drivers\ataport.SYS
0x0105B000 \SystemRoot\system32\drivers\msahci.sys
0x00FF0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00EA4000 \SystemRoot\system32\drivers\amdxata.sys
0x0124A000 \SystemRoot\system32\drivers\fltmgr.sys
0x01296000 \SystemRoot\system32\drivers\fileinfo.sys
0x012AA000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0144B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x012B6000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01314000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01631000 \SystemRoot\system32\drivers\ndis.sys
0x01724000 \SystemRoot\system32\drivers\NETIO.SYS
0x01784000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01849000 \SystemRoot\System32\drivers\tcpip.sys
0x01A4D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A97000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01AA7000 \SystemRoot\system32\drivers\volsnap.sys
0x01AF3000 \SystemRoot\System32\Drivers\spldr.sys
0x01AFB000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B35000 \SystemRoot\System32\Drivers\mup.sys
0x01B47000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B50000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B8A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01BA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01813000 \SystemRoot\System32\DRIVERS\cmderd.sys
0x0181B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02E24000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x02EB4000 \SystemRoot\System32\Drivers\Null.SYS
0x02EBD000 \SystemRoot\System32\Drivers\Beep.SYS
0x02EC4000 \SystemRoot\System32\drivers\vga.sys
0x02ED2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02EF7000 \SystemRoot\System32\drivers\watchdog.sys
0x02F07000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02F10000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02F19000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02F22000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02F2D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02F3E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02F60000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02F6D000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x02F79000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04233000 \SystemRoot\system32\drivers\afd.sys
0x042BC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x042C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x042EB000 \SystemRoot\system32\DRIVERS\inspect.sys
0x04303000 \SystemRoot\system32\DRIVERS\nm3.sys
0x04312000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04321000 \SystemRoot\system32\DRIVERS\serial.sys
0x0433E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04359000 \SystemRoot\system32\drivers\termdd.sys
0x0436D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043BE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x043CA000 \SystemRoot\system32\drivers\mssmbios.sys
0x043D5000 \SystemRoot\System32\drivers\discache.sys
0x044C0000 \SystemRoot\system32\drivers\csc.sys
0x04543000 \SystemRoot\System32\Drivers\dfsc.sys
0x04561000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04572000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x04596000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x045BC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F21A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FE75000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x0FE77000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0FF6B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0FFB1000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FFD5000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0FFE6000 \SystemRoot\system32\drivers\usbehci.sys
0x04400000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04456000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x0FFF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01386000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0F200000 \SystemRoot\system32\DRIVERS\fdc.sys
0x0F20D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x017AF000 \SystemRoot\System32\Drivers\awctop0p.SYS
0x04486000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04496000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x045D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x044AC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04200000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FBE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FDF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02E0B000 \SystemRoot\system32\drivers\kbdclass.sys
0x01600000 \SystemRoot\system32\drivers\mouclass.sys
0x01200000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x0FFF9000 \SystemRoot\system32\drivers\swenum.sys
0x04A3B000 \SystemRoot\system32\drivers\ks.sys
0x04A7E000 \SystemRoot\system32\drivers\umbus.sys
0x04A90000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04AEA000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04B02000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04B17000 \SystemRoot\system32\drivers\nvhda64v.sys
0x04B40000 \SystemRoot\system32\drivers\portcls.sys
0x04B7D000 \SystemRoot\system32\drivers\drmk.sys
0x04B9F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A93000 \SystemRoot\system32\drivers\HdAudio.sys
0x05AEF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05B27000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x05B3F000 \SystemRoot\System32\Drivers\bthport.sys
0x05BCB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05BE8000 \SystemRoot\system32\drivers\hidusb.sys
0x05A00000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x05A19000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x05A22000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05A2F000 \SystemRoot\system32\drivers\kbdhid.sys
0x05A3D000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05A4B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05A57000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05A62000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04BA5000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x05A75000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x04BD1000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05A85000 \SystemRoot\System32\drivers\Dxapi.sys
0x04BF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x006D0000 \SystemRoot\System32\cdd.dll
0x04A00000 \SystemRoot\system32\drivers\luafv.sys
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x01BD0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0160F000 \SystemRoot\system32\drivers\WudfPf.sys
0x04A23000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05BF6000 \SystemRoot\system32\DRIVERS\mtkwmptv_x64.sys
0x013DD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05EBA000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05EF0000 \SystemRoot\system32\drivers\HTTP.sys
0x05FB9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05FD7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05E2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05E7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05E9F000 \SystemRoot\System32\Drivers\adfs.SYS
0x07A56000 \SystemRoot\system32\drivers\peauth.sys
0x07AFC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07B07000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07B38000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07B4A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07E0D000 \SystemRoot\System32\DRIVERS\srv.sys
0x07EA5000 \??\C:\Windows\system32\drivers\mbam.sys
0x07EAF000 \SystemRoot\system32\drivers\spsys.sys
0x77080000 \Windows\System32\ntdll.dll
0x48540000 \Windows\System32\smss.exe
0xFF3A0000 \Windows\System32\apisetschema.dll

Processes (total 81):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
448 csrss.exe
512 C:\Windows\System32\wininit.exe
536 csrss.exe
584 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
860 C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
880 C:\Windows\System32\nvvsvc.exe
920 C:\Windows\System32\svchost.exe
1020 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
400 C:\Windows\System32\svchost.exe
460 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\audiodg.exe
1116 C:\Windows\System32\svchost.exe
1268 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1280 C:\Windows\System32\nvvsvc.exe
1328 C:\Program Files (x86)\Sygate\SPF\Smc.exe
1544 C:\Windows\System32\dwm.exe
1564 C:\Windows\explorer.exe
1712 C:\Windows\System32\spoolsv.exe
1744 C:\Windows\System32\taskeng.exe
1756 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1772 C:\Windows\System32\taskhost.exe
1792 C:\Windows\System32\svchost.exe
1924 C:\PROGRA~2\SOGOUI~1\600~1.60~\SGTool.exe
1048 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1676 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
1820 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
1468 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2052 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2088 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2112 C:\Program Files\P1\P1 4G\GPCommonService.exe
2148 C:\Program Files\P1\P1 4G\GPCommonServicex64.exe
2176 C:\Windows\System32\lxczcoms.exe
2212 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
2256 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2264 C:\Windows\System32\conhost.exe
2272 C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
2368 C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
2408 C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe
2440 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2484 C:\Windows\SysWOW64\PnkBstrA.exe
2516 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
2560 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2604 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
2628 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2660 C:\Windows\System32\svchost.exe
2736 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2764 C:\Windows\SysWOW64\svchost.exe
2824 D:\PPS.tv\PPStream\PPSAP.exe
2268 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3472 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
3516 C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
3588 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3616 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
3624 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3640 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3660 C:\QvodPlayer\QvodTerminal.exe
3692 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
4408 C:\Windows\servicing\TrustedInstaller.exe
4552 C:\Windows\System32\SearchIndexer.exe
4608 C:\Windows\System32\svchost.exe
4716 C:\Windows\System32\svchost.exe
4932 C:\Windows\System32\svchost.exe
2840 C:\Program Files\Windows Media Player\wmpnetwk.exe
4968 C:\Windows\System32\svchost.exe
3652 WmiPrvSE.exe
3328 dllhost.exe
3924 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3856 C:\Program Files (x86)\Nero\Update\NASvc.exe
3612 C:\Windows\System32\sppsvc.exe
1016 C:\Users\User\Desktop\MBRCheck.exe
2024 C:\Windows\System32\conhost.exe
3232 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`09100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AADS-00S9B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#6 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 31 October 2011 - 01:31 PM

Sorry, missed out this.
TDSSKILLER:

01:49:57.0911 1992 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
01:49:59.0186 1992 ============================================================
01:49:59.0186 1992 Current date / time: 2011/11/01 01:49:59.0186
01:49:59.0186 1992 SystemInfo:
01:49:59.0186 1992
01:49:59.0186 1992 OS Version: 6.1.7601 ServicePack: 1.0
01:49:59.0186 1992 Product type: Workstation
01:49:59.0186 1992 ComputerName: USER-PC
01:49:59.0187 1992 UserName: User
01:49:59.0187 1992 Windows directory: C:\Windows
01:49:59.0187 1992 System windows directory: C:\Windows
01:49:59.0187 1992 Running under WOW64
01:49:59.0187 1992 Processor architecture: Intel x64
01:49:59.0187 1992 Number of processors: 4
01:49:59.0187 1992 Page size: 0x1000
01:49:59.0187 1992 Boot type: Normal boot
01:49:59.0187 1992 ============================================================
01:50:08.0910 1992 Initialize success
01:50:41.0975 6812 ============================================================
01:50:41.0975 6812 Scan started
01:50:41.0975 6812 Mode: Manual;
01:50:41.0975 6812 ============================================================
01:50:46.0703 6812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:50:46.0751 6812 1394ohci - ok
01:50:49.0366 6812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:50:49.0371 6812 ACPI - ok
01:50:50.0092 6812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:50:50.0095 6812 AcpiPmi - ok
01:50:50.0984 6812 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
01:50:51.0091 6812 adfs - ok
01:50:52.0203 6812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:50:52.0432 6812 adp94xx - ok
01:50:53.0081 6812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:50:53.0104 6812 adpahci - ok
01:50:53.0469 6812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:50:53.0775 6812 adpu320 - ok
01:50:54.0267 6812 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
01:50:54.0755 6812 AFD - ok
01:50:55.0209 6812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:50:55.0300 6812 agp440 - ok
01:50:55.0486 6812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:50:55.0489 6812 aliide - ok
01:50:55.0708 6812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:50:55.0718 6812 amdide - ok
01:50:56.0194 6812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:50:56.0510 6812 AmdK8 - ok
01:50:56.0555 6812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:50:56.0562 6812 AmdPPM - ok
01:50:56.0687 6812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:50:56.0846 6812 amdsata - ok
01:50:56.0968 6812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:50:57.0135 6812 amdsbs - ok
01:50:57.0197 6812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:50:57.0223 6812 amdxata - ok
01:50:58.0045 6812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:50:58.0358 6812 AppID - ok
01:50:58.0999 6812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:50:59.0247 6812 arc - ok
01:50:59.0440 6812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:50:59.0491 6812 arcsas - ok
01:50:59.0739 6812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:51:00.0054 6812 AsyncMac - ok
01:51:00.0176 6812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:51:00.0177 6812 atapi - ok
01:51:01.0005 6812 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
01:51:01.0010 6812 avgntflt - ok
01:51:01.0304 6812 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
01:51:01.0422 6812 avipbb - ok
01:51:01.0700 6812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:51:02.0098 6812 b06bdrv - ok
01:51:03.0100 6812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:51:03.0862 6812 b57nd60a - ok
01:51:04.0384 6812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:51:04.0387 6812 Beep - ok
01:51:05.0405 6812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:51:06.0123 6812 blbdrive - ok
01:51:06.0912 6812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:51:07.0136 6812 bowser - ok
01:51:07.0585 6812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:51:07.0588 6812 BrFiltLo - ok
01:51:07.0636 6812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:51:07.0638 6812 BrFiltUp - ok
01:51:07.0911 6812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:51:07.0920 6812 Brserid - ok
01:51:08.0004 6812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:51:08.0008 6812 BrSerWdm - ok
01:51:08.0102 6812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:51:08.0260 6812 BrUsbMdm - ok
01:51:09.0100 6812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:51:09.0396 6812 BrUsbSer - ok
01:51:09.0996 6812 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
01:51:10.0016 6812 BthEnum - ok
01:51:10.0133 6812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:51:10.0318 6812 BTHMODEM - ok
01:51:10.0486 6812 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:51:10.0489 6812 BthPan - ok
01:51:11.0062 6812 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
01:51:11.0331 6812 BTHPORT - ok
01:51:11.0542 6812 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
01:51:11.0665 6812 BTHUSB - ok
01:51:12.0722 6812 catchme - ok
01:51:13.0048 6812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:51:13.0052 6812 cdfs - ok
01:51:13.0341 6812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:51:13.0563 6812 cdrom - ok
01:51:13.0705 6812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:51:13.0711 6812 circlass - ok
01:51:14.0069 6812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:51:14.0236 6812 CLFS - ok
01:51:15.0104 6812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:51:15.0106 6812 CmBatt - ok
01:51:15.0330 6812 cmderd (67c7a415e487dfb26d029838f568ef80) C:\Windows\system32\DRIVERS\cmderd.sys
01:51:15.0330 6812 cmderd - ok
01:51:15.0449 6812 cmdGuard (f81457b43f083e0ff8eacae720f0537b) C:\Windows\system32\DRIVERS\cmdguard.sys
01:51:15.0505 6812 cmdGuard - ok
01:51:15.0578 6812 cmdHlp (0091563e864c5d750771919ea8900763) C:\Windows\system32\DRIVERS\cmdhlp.sys
01:51:15.0635 6812 cmdHlp - ok
01:51:15.0674 6812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:51:15.0703 6812 cmdide - ok
01:51:15.0905 6812 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
01:51:15.0919 6812 CNG - ok
01:51:16.0004 6812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:51:16.0411 6812 Compbatt - ok
01:51:16.0600 6812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:51:16.0756 6812 CompositeBus - ok
01:51:17.0078 6812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:51:17.0147 6812 crcdisk - ok
01:51:17.0358 6812 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:51:17.0461 6812 CSC - ok
01:51:18.0144 6812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:51:19.0143 6812 DfsC - ok
01:51:20.0327 6812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:51:20.0438 6812 discache - ok
01:51:21.0106 6812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:51:21.0110 6812 Disk - ok
01:51:21.0676 6812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:51:21.0919 6812 drmkaud - ok
01:51:22.0608 6812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:51:22.0845 6812 DXGKrnl - ok
01:51:24.0433 6812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:51:25.0334 6812 ebdrv - ok
01:51:26.0220 6812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:51:26.0423 6812 elxstor - ok
01:51:27.0075 6812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:51:27.0183 6812 ErrDev - ok
01:51:28.0696 6812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:51:29.0233 6812 exfat - ok
01:51:30.0546 6812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:51:30.0581 6812 fastfat - ok
01:51:31.0209 6812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:51:31.0213 6812 fdc - ok
01:51:31.0273 6812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:51:31.0278 6812 FileInfo - ok
01:51:31.0323 6812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:51:31.0327 6812 Filetrace - ok
01:51:31.0479 6812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:51:31.0482 6812 flpydisk - ok
01:51:31.0821 6812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:51:33.0690 6812 FltMgr - ok
01:51:34.0421 6812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:51:34.0470 6812 FsDepends - ok
01:51:34.0540 6812 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
01:51:34.0554 6812 Fs_Rec - ok
01:51:34.0786 6812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:51:34.0902 6812 fvevol - ok
01:51:35.0105 6812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:51:35.0378 6812 gagp30kx - ok
01:51:35.0506 6812 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
01:51:35.0509 6812 gdrv - ok
01:51:36.0785 6812 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
01:51:36.0915 6812 GVTDrv64 - ok
01:51:37.0380 6812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:51:37.0665 6812 hcw85cir - ok
01:51:38.0768 6812 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:51:38.0992 6812 HdAudAddService - ok
01:51:39.0660 6812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
01:51:39.0663 6812 HDAudBus - ok
01:51:40.0068 6812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:51:40.0153 6812 HidBatt - ok
01:51:40.0862 6812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:51:40.0913 6812 HidBth - ok
01:51:41.0055 6812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:51:41.0084 6812 HidIr - ok
01:51:41.0336 6812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
01:51:41.0352 6812 HidUsb - ok
01:51:41.0495 6812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:51:41.0501 6812 HpSAMD - ok
01:51:41.0900 6812 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
01:51:42.0190 6812 HTCAND64 - ok
01:51:42.0427 6812 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
01:51:42.0624 6812 htcnprot - ok
01:51:43.0215 6812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:51:43.0959 6812 HTTP - ok
01:51:45.0491 6812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:51:45.0517 6812 hwpolicy - ok
01:51:47.0115 6812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:51:47.0163 6812 i8042prt - ok
01:51:48.0189 6812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:51:49.0400 6812 iaStorV - ok
01:51:50.0165 6812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:51:50.0183 6812 iirsp - ok
01:51:50.0546 6812 inspect (db2ce341c290292f60c6bb13b7a1d84e) C:\Windows\system32\DRIVERS\inspect.sys
01:51:50.0612 6812 inspect - ok
01:51:51.0585 6812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:51:51.0667 6812 intelide - ok
01:51:52.0386 6812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:51:52.0388 6812 intelppm - ok
01:51:52.0970 6812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:51:52.0977 6812 IpFilterDriver - ok
01:51:53.0784 6812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:51:53.0865 6812 IPMIDRV - ok
01:51:54.0378 6812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:51:54.0436 6812 IPNAT - ok
01:51:55.0124 6812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:51:55.0249 6812 IRENUM - ok
01:51:55.0853 6812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:51:55.0946 6812 isapnp - ok
01:51:56.0107 6812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:51:56.0164 6812 iScsiPrt - ok
01:51:57.0400 6812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
01:51:58.0033 6812 kbdclass - ok
01:51:58.0723 6812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:51:58.0913 6812 kbdhid - ok
01:51:59.0682 6812 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
01:51:59.0700 6812 KSecDD - ok
01:52:00.0425 6812 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
01:52:00.0614 6812 KSecPkg - ok
01:52:01.0196 6812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:52:01.0428 6812 ksthunk - ok
01:52:02.0466 6812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:52:02.0472 6812 lltdio - ok
01:52:03.0193 6812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:52:03.0248 6812 LSI_FC - ok
01:52:03.0424 6812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:52:03.0588 6812 LSI_SAS - ok
01:52:03.0659 6812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:52:03.0799 6812 LSI_SAS2 - ok
01:52:03.0910 6812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:52:03.0953 6812 LSI_SCSI - ok
01:52:04.0022 6812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:52:04.0359 6812 luafv - ok
01:52:05.0017 6812 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
01:52:05.0079 6812 MBAMProtector - ok
01:52:05.0503 6812 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
01:52:05.0516 6812 mcdbus - ok
01:52:05.0697 6812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:52:05.0807 6812 megasas - ok
01:52:05.0924 6812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:52:05.0932 6812 MegaSR - ok
01:52:06.0048 6812 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
01:52:06.0054 6812 MEIx64 - ok
01:52:06.0938 6812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:52:06.0941 6812 Modem - ok
01:52:07.0397 6812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:52:07.0623 6812 monitor - ok
01:52:08.0923 6812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
01:52:09.0042 6812 mouclass - ok
01:52:09.0759 6812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:52:09.0763 6812 mouhid - ok
01:52:10.0441 6812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:52:10.0568 6812 mountmgr - ok
01:52:10.0964 6812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:52:10.0973 6812 mpio - ok
01:52:11.0097 6812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:52:11.0103 6812 mpsdrv - ok
01:52:11.0222 6812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:52:11.0228 6812 MRxDAV - ok
01:52:11.0394 6812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:52:11.0904 6812 mrxsmb - ok
01:52:12.0579 6812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:52:12.0596 6812 mrxsmb10 - ok
01:52:12.0953 6812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:52:13.0507 6812 mrxsmb20 - ok
01:52:14.0277 6812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:52:14.0455 6812 msahci - ok
01:52:15.0269 6812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:52:15.0278 6812 msdsm - ok
01:52:16.0873 6812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:52:17.0225 6812 Msfs - ok
01:52:17.0764 6812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:52:17.0797 6812 mshidkmdf - ok
01:52:18.0713 6812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:52:18.0716 6812 msisadrv - ok
01:52:19.0605 6812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:52:19.0608 6812 MSKSSRV - ok
01:52:19.0986 6812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:52:19.0989 6812 MSPCLOCK - ok
01:52:20.0036 6812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:52:20.0055 6812 MSPQM - ok
01:52:20.0273 6812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:52:20.0428 6812 MsRPC - ok
01:52:20.0746 6812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:52:20.0748 6812 mssmbios - ok
01:52:21.0034 6812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:52:21.0054 6812 MSTEE - ok
01:52:21.0506 6812 MT7118VU (c76064c1a27327c3dfe77ee616e75498) C:\Windows\system32\DRIVERS\mt7118vu_x64.sys
01:52:21.0523 6812 MT7118VU - ok
01:52:21.0603 6812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:52:21.0677 6812 MTConfig - ok
01:52:21.0812 6812 MTKWMPROT (0b3a924256627188fa04ed6f3fd2b735) C:\Windows\system32\DRIVERS\mtkwmptv_x64.sys
01:52:21.0815 6812 MTKWMPROT - ok
01:52:21.0939 6812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:52:21.0953 6812 Mup - ok
01:52:22.0107 6812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:52:22.0113 6812 NativeWifiP - ok
01:52:23.0303 6812 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:52:23.0319 6812 NDIS - ok
01:52:23.0895 6812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:52:24.0326 6812 NdisCap - ok
01:52:24.0840 6812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:52:24.0854 6812 NdisTapi - ok
01:52:25.0504 6812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:52:25.0521 6812 Ndisuio - ok
01:52:25.0896 6812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:52:26.0028 6812 NdisWan - ok
01:52:26.0191 6812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:52:26.0194 6812 NDProxy - ok
01:52:26.0332 6812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:52:26.0336 6812 NetBIOS - ok
01:52:26.0451 6812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:52:26.0451 6812 NetBT - ok
01:52:26.0557 6812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:52:26.0710 6812 nfrd960 - ok
01:52:27.0155 6812 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
01:52:27.0157 6812 nm3 - ok
01:52:27.0236 6812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:52:27.0377 6812 Npfs - ok
01:52:27.0435 6812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:52:27.0788 6812 nsiproxy - ok
01:52:28.0310 6812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:52:28.0388 6812 Ntfs - ok
01:52:28.0832 6812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:52:29.0081 6812 Null - ok
01:52:29.0533 6812 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys
01:52:29.0599 6812 nusb3hub - ok
01:52:30.0340 6812 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys
01:52:30.0653 6812 nusb3xhc - ok
01:52:31.0369 6812 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
01:52:31.0432 6812 NVHDA - ok
01:52:33.0267 6812 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:52:34.0424 6812 nvlddmkm - ok
01:52:35.0125 6812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:52:35.0154 6812 nvraid - ok
01:52:35.0758 6812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:52:35.0764 6812 nvstor - ok
01:52:36.0132 6812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:52:36.0827 6812 nv_agp - ok
01:52:36.0974 6812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:52:36.0989 6812 ohci1394 - ok
01:52:37.0115 6812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:52:37.0122 6812 Parport - ok
01:52:37.0257 6812 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
01:52:37.0277 6812 partmgr - ok
01:52:37.0492 6812 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
01:52:37.0493 6812 pavboot - ok
01:52:37.0673 6812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:52:37.0680 6812 pci - ok
01:52:37.0752 6812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:52:37.0833 6812 pciide - ok
01:52:37.0991 6812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:52:38.0212 6812 pcmcia - ok
01:52:38.0314 6812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:52:38.0415 6812 pcw - ok
01:52:38.0557 6812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:52:38.0579 6812 PEAUTH - ok
01:52:38.0792 6812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:52:38.0814 6812 PptpMiniport - ok
01:52:38.0881 6812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:52:39.0254 6812 Processor - ok
01:52:39.0479 6812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:52:39.0481 6812 Psched - ok
01:52:39.0610 6812 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
01:52:39.0905 6812 PxHlpa64 - ok
01:52:40.0983 6812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:52:41.0029 6812 ql2300 - ok
01:52:41.0463 6812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:52:41.0469 6812 ql40xx - ok
01:52:41.0548 6812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:52:41.0553 6812 QWAVEdrv - ok
01:52:41.0772 6812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:52:41.0935 6812 RasAcd - ok
01:52:42.0132 6812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:52:42.0217 6812 RasAgileVpn - ok
01:52:42.0367 6812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:52:43.0131 6812 Rasl2tp - ok
01:52:43.0741 6812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:52:43.0765 6812 RasPppoe - ok
01:52:44.0288 6812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:52:44.0402 6812 RasSstp - ok
01:52:45.0148 6812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:52:45.0505 6812 rdbss - ok
01:52:46.0072 6812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:52:46.0232 6812 rdpbus - ok
01:52:46.0667 6812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:52:46.0852 6812 RDPCDD - ok
01:52:47.0203 6812 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:52:47.0534 6812 RDPDR - ok
01:52:47.0650 6812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:52:47.0803 6812 RDPENCDD - ok
01:52:48.0379 6812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:52:48.0604 6812 RDPREFMP - ok
01:52:49.0344 6812 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
01:52:49.0415 6812 RdpVideoMiniport - ok
01:52:49.0643 6812 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
01:52:49.0643 6812 RDPWD - ok
01:52:49.0808 6812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:52:49.0822 6812 rdyboost - ok
01:52:50.0137 6812 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:52:50.0202 6812 RFCOMM - ok
01:52:50.0414 6812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:52:50.0418 6812 rspndr - ok
01:52:51.0185 6812 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:52:51.0194 6812 RTL8167 - ok
01:52:51.0695 6812 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:52:51.0707 6812 s3cap - ok
01:52:51.0802 6812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:52:51.0807 6812 sbp2port - ok
01:52:51.0925 6812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:52:51.0930 6812 scfilter - ok
01:52:52.0231 6812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:52:52.0360 6812 secdrv - ok
01:52:52.0823 6812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:52:52.0928 6812 Serenum - ok
01:52:53.0393 6812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:52:53.0400 6812 Serial - ok
01:52:53.0491 6812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:52:53.0514 6812 sermouse - ok
01:52:53.0787 6812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:52:53.0797 6812 sffdisk - ok
01:52:53.0961 6812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:52:54.0001 6812 sffp_mmc - ok
01:52:54.0109 6812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:52:54.0113 6812 sffp_sd - ok
01:52:54.0180 6812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:52:54.0184 6812 sfloppy - ok
01:52:54.0463 6812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:52:54.0495 6812 SiSRaid2 - ok
01:52:54.0569 6812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:52:55.0210 6812 SiSRaid4 - ok
01:52:55.0597 6812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:52:55.0784 6812 Smb - ok
01:52:56.0601 6812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:52:56.0623 6812 spldr - ok
01:52:57.0454 6812 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
01:52:57.0454 6812 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
01:52:57.0455 6812 sptd ( LockedFile.Multi.Generic ) - warning
01:52:57.0455 6812 sptd - detected LockedFile.Multi.Generic (1)
01:52:58.0018 6812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:52:58.0432 6812 srv - ok
01:52:58.0926 6812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:52:59.0146 6812 srv2 - ok
01:53:00.0201 6812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:53:00.0828 6812 srvnet - ok
01:53:02.0564 6812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:53:03.0378 6812 stexstor - ok
01:53:04.0382 6812 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:53:04.0462 6812 storflt - ok
01:53:05.0235 6812 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:53:05.0247 6812 storvsc - ok
01:53:06.0334 6812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:53:06.0450 6812 swenum - ok
01:53:06.0561 6812 Synth3dVsc - ok
01:53:07.0503 6812 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
01:53:07.0609 6812 Tcpip - ok
01:53:08.0492 6812 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
01:53:08.0505 6812 TCPIP6 - ok
01:53:09.0092 6812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:53:09.0193 6812 tcpipreg - ok
01:53:09.0307 6812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:53:09.0654 6812 TDPIPE - ok
01:53:09.0722 6812 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
01:53:09.0814 6812 TDTCP - ok
01:53:09.0941 6812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:53:09.0951 6812 tdx - ok
01:53:10.0122 6812 Teefer - ok
01:53:10.0536 6812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:53:10.0542 6812 TermDD - ok
01:53:10.0682 6812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:53:10.0698 6812 tssecsrv - ok
01:53:10.0972 6812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:53:11.0135 6812 TsUsbFlt - ok
01:53:11.0800 6812 tsusbhub - ok
01:53:12.0026 6812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:53:12.0068 6812 tunnel - ok
01:53:12.0212 6812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:53:12.0337 6812 uagp35 - ok
01:53:12.0689 6812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:53:12.0760 6812 udfs - ok
01:53:13.0566 6812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:53:13.0949 6812 uliagpkx - ok
01:53:14.0231 6812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
01:53:14.0371 6812 umbus - ok
01:53:14.0481 6812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:53:14.0665 6812 UmPass - ok
01:53:14.0792 6812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:53:14.0884 6812 usbccgp - ok
01:53:15.0102 6812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:53:15.0728 6812 usbcir - ok
01:53:16.0511 6812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:53:17.0563 6812 usbehci - ok
01:53:19.0118 6812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:53:20.0156 6812 usbhub - ok
01:53:21.0554 6812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:53:22.0502 6812 usbohci - ok
01:53:22.0901 6812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:53:22.0906 6812 usbprint - ok
01:53:23.0304 6812 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:53:24.0947 6812 usbscan - ok
01:53:25.0618 6812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:53:25.0620 6812 USBSTOR - ok
01:53:25.0804 6812 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:53:25.0859 6812 usbuhci - ok
01:53:26.0935 6812 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
01:53:28.0555 6812 usb_rndisx - ok
01:53:29.0387 6812 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
01:53:29.0513 6812 VClone - ok
01:53:29.0962 6812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:53:30.0052 6812 vdrvroot - ok
01:53:30.0161 6812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:53:30.0317 6812 vga - ok
01:53:30.0456 6812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:53:30.0685 6812 VgaSave - ok
01:53:30.0701 6812 VGPU - ok
01:53:30.0895 6812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:53:31.0543 6812 vhdmp - ok
01:53:31.0694 6812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:53:31.0914 6812 viaide - ok
01:53:32.0113 6812 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:53:32.0300 6812 vmbus - ok
01:53:32.0810 6812 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:53:34.0423 6812 VMBusHID - ok
01:53:34.0799 6812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:53:35.0418 6812 volmgr - ok
01:53:36.0289 6812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:53:36.0876 6812 volmgrx - ok
01:53:37.0606 6812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:53:37.0743 6812 volsnap - ok
01:53:38.0175 6812 vsdatant - ok
01:53:38.0300 6812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:53:38.0454 6812 vsmraid - ok
01:53:38.0528 6812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:53:38.0689 6812 vwifibus - ok
01:53:38.0884 6812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:53:39.0574 6812 WacomPen - ok
01:53:40.0095 6812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:53:40.0575 6812 WANARP - ok
01:53:40.0684 6812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:53:40.0685 6812 Wanarpv6 - ok
01:53:41.0561 6812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:53:41.0565 6812 Wd - ok
01:53:41.0816 6812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:53:42.0169 6812 Wdf01000 - ok
01:53:42.0378 6812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:53:42.0653 6812 WfpLwf - ok
01:53:42.0666 6812 wg3n - ok
01:53:42.0681 6812 wg4n - ok
01:53:42.0695 6812 wg5n - ok
01:53:42.0709 6812 wg6n - ok
01:53:42.0749 6812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:53:42.0840 6812 WIMMount - ok
01:53:43.0315 6812 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:53:43.0505 6812 WinUsb - ok
01:53:44.0145 6812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:53:44.0583 6812 WmiAcpi - ok
01:53:46.0827 6812 wpsdrvnt - ok
01:53:47.0853 6812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:53:48.0194 6812 ws2ifsl - ok
01:53:50.0468 6812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:53:50.0728 6812 WudfPf - ok
01:53:52.0150 6812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:53:52.0167 6812 WUDFRd - ok
01:53:52.0490 6812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:53:52.0584 6812 \Device\Harddisk0\DR0 - ok
01:53:52.0588 6812 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
01:53:52.0594 6812 \Device\Harddisk1\DR1 - ok
01:53:52.0597 6812 Boot (0x1200) (3c19a3c20737cf8c9a3f8e791787dc6f) \Device\Harddisk0\DR0\Partition0
01:53:52.0598 6812 \Device\Harddisk0\DR0\Partition0 - ok
01:53:52.0663 6812 Boot (0x1200) (aec5d769cdfde005e1736dca78216d4e) \Device\Harddisk0\DR0\Partition1
01:53:52.0664 6812 \Device\Harddisk0\DR0\Partition1 - ok
01:53:52.0774 6812 Boot (0x1200) (b7465f0621cc14cef32253553c7849cc) \Device\Harddisk0\DR0\Partition2
01:53:52.0775 6812 \Device\Harddisk0\DR0\Partition2 - ok
01:53:52.0779 6812 Boot (0x1200) (f9e0f5e5da92feba466aca41cfc46e69) \Device\Harddisk1\DR1\Partition0
01:53:52.0780 6812 \Device\Harddisk1\DR1\Partition0 - ok
01:53:52.0780 6812 ============================================================
01:53:52.0780 6812 Scan finished
01:53:52.0780 6812 ============================================================
01:53:52.0792 6652 Detected object count: 1
01:53:52.0792 6652 Actual detected object count: 1
01:54:42.0146 6652 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:54:42.0146 6652 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#7 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 31 October 2011 - 01:37 PM

MBAM LOG

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8049

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

1/11/2011 2:35:31 AM
mbam-log-2011-11-01 (02-35-31).txt

Scan type: Quick scan
Objects scanned: 184342
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\User\AppData\Roaming\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\User\AppData\Roaming\NetMon\lang_1028.ini (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\NetMon\NetMon.ini (Trojan.NetMon) -> Quarantined and deleted successfully.
c:\Users\User\AppData\Roaming\NetMon\netmonform.ini (Trojan.NetMon) -> Quarantined and deleted successfully.



P/S: I've uninstalled NETMON, i wonder why it is still exist as a threat?????

#8 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 31 October 2011 - 01:49 PM

As I told you, that Microsoft utility won't tell you how many bytes downloaded. There isn't any simple way to do that, if you want to see bytes other than those you downloaded with your browser.

I need to see the TDSSKiller log, please.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 31 October 2011 - 01:59 PM

Ah, there the TDSSKiller log is. Good.

The reason MBAM found it again is that trojans are not so easy to remove. The one you have may have a backdoor and may have stolen your passwords and other login info. It's important that you change your important passwords but that will be useless until you are clean.

Now I would like you to download a new copy of ComboFix and run it.
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Do not download it from anywhere else.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know if you are still seeing excessive bandwidth usage. Netmon.exe is thought to be a mass-mailing worm.

The easiest way to see bytes received and sent: Start > Run and enter 'cmd'.
In the command window enter 'netstat -e'. Won't tell you a lot though - Received is always more than Sent. If Sent was more than Received it would generally be sinister. 'netstat /?' for other switches.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#10 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 08:46 AM

Hello.
I've downloaded combofix from your link. But it dint help me to install, and I wait for around 20minutes. after i agree for combofix disclaimer, the blue screen doesnt appear... HELP!

My avira umbrella already close, and i close all programs including this window! help please!!!

#11 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 10:24 AM

Hey, I got it right, but i wonder how i got it.






ComboFix 11-11-04.04 - User 1/2011 Wed 23:01:54.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4256 [GMT 8:00]
執行位置: c:\users\User\Desktop\areyouserious.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- 早前運行的結果 --
.
c:\windows\SysWow64\sfcfiles.dll . . . is missing!!
.
--------
.
.
((((((((((((((((((((((((( 2011-10-09 至 2011-11-09 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2011-11-09 15:16 . 2011-11-09 15:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-09 15:16 . 2011-11-09 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-09 14:52 . 2011-11-09 14:52 -------- d-----w- C:\Howareyou
2011-11-09 14:44 . 2011-11-09 14:52 -------- d-----w- C:\Combofix2
2011-11-09 14:09 . 2011-11-09 14:57 -------- d-----w- C:\ComboFix
2011-11-02 02:29 . 2011-11-02 02:29 -------- d-----w- c:\users\User\AppData\Local\COMODO
2011-10-31 17:42 . 2011-10-31 17:42 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2011-10-31 10:11 . 2009-06-30 02:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2011-10-31 10:10 . 2011-10-31 10:10 -------- d-----w- c:\program files (x86)\Panda Security
2011-10-31 09:58 . 2011-10-31 09:58 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan
2011-10-26 15:48 . 2011-10-26 15:48 -------- d-----w- C:\VritualRoot
2011-10-26 14:04 . 2011-10-26 14:05 -------- d-----w- c:\programdata\Comodo
2011-10-26 14:04 . 2011-10-26 14:04 -------- d-----w- c:\program files\COMODO
2011-10-26 14:04 . 2011-10-26 14:04 -------- d-----w- c:\programdata\Comodo Downloader
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg6n.sys
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg5n.sys
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg4n.sys
2011-10-26 13:15 . 2004-10-15 10:32 14568 ----a-w- c:\windows\SysWow64\drivers\wg3n.sys
2011-10-26 13:15 . 2004-10-15 10:17 60496 ----a-w- c:\windows\SysWow64\drivers\Teefer.sys
2011-10-26 13:15 . 2004-10-15 10:18 21075 ----a-w- c:\windows\SysWow64\drivers\wpsdrvnt.sys
2011-10-26 13:14 . 2004-10-15 10:32 83096 ----a-w- c:\windows\SysWow64\SSSensor.dll
2011-10-26 13:14 . 2011-10-26 13:14 -------- d-----w- c:\program files (x86)\Sygate
2011-10-26 13:14 . 2011-10-26 13:14 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-10-26 05:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49062E72-BEF6-4D35-9ADB-B006F2F8EB07}\mpengine.dll
2011-10-26 05:07 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 05:07 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-16 23:50 . 2011-10-23 13:02 -------- d-----w- c:\users\User\AppData\Roaming\Epson
2011-10-16 14:27 . 2011-10-16 14:27 -------- d-----w- c:\programdata\UDL
2011-10-16 14:26 . 2011-10-16 14:26 -------- d-----w- c:\program files\Epson Software
2011-10-16 14:26 . 2011-10-16 14:27 -------- d-----w- c:\program files (x86)\Epson Software
2011-10-16 14:24 . 2011-10-16 14:24 -------- d-----w- c:\users\User\AppData\Local\ABBYY
2011-10-16 14:23 . 2011-10-16 14:25 -------- d-----w- c:\program files (x86)\ABBYY FineReader 9.0 Sprint
2011-10-16 14:23 . 2011-10-16 14:23 -------- d-----w- c:\programdata\ABBYY
2011-10-16 14:23 . 2011-10-16 14:23 -------- d-----w- c:\program files (x86)\Common Files\ABBYY
2011-10-16 14:22 . 2011-10-16 14:22 -------- d-----w- c:\program files\Common Files\EPSON
2011-10-16 14:20 . 2007-04-10 02:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2011-10-16 14:20 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMGGI.DLL
2011-10-16 14:20 . 2009-10-01 04:01 88064 ----a-w- c:\windows\system32\E_IBCBGGI.DLL
2011-10-16 14:20 . 2011-10-23 13:03 -------- d-----w- c:\programdata\EPSON
2011-10-16 14:20 . 2011-10-16 14:26 -------- d-----w- c:\program files (x86)\epson
2011-10-16 14:20 . 2009-11-19 16:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2011-10-16 14:20 . 2009-04-30 16:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2011-10-16 14:20 . 2009-04-30 16:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2011-10-13 10:10 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 10:10 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 10:10 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 10:10 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 10:08 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 10:08 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 10:08 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 10:08 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 11:00 . 2011-10-12 11:00 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-03 23:41 . 2011-06-05 01:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-27 07:23 . 2011-09-10 04:13 48528834 ----a-w- c:\windows\SysWow64\~.tmp
2011-10-17 12:20 . 2011-02-22 03:49 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-07 10:48 . 2011-10-07 10:48 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 10:47 . 2011-10-07 10:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 10:47 . 2011-10-07 10:47 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 10:47 . 2011-10-07 10:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 10:47 . 2011-10-07 10:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 10:47 . 2011-10-07 10:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll
2011-10-07 10:47 . 2011-10-07 10:47 388280 ----a-w- c:\windows\system32\guard64.dll
2011-09-01 12:10 . 2011-09-01 12:10 0 ----a-w- c:\windows\SysWow64\nsaDD26.tmp
2011-09-01 12:10 . 2011-09-01 12:10 0 ----a-w- c:\windows\system32\nslDDB4.tmp
2011-09-01 12:10 . 2011-09-01 12:10 0 ----a-w- c:\windows\SysWow64\nsvB6A2.tmp
2011-08-31 09:00 . 2011-07-15 02:34 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 12:13 . 2011-02-21 03:38 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-22 01:05 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys
2011-08-22 01:05 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys
2011-08-19 05:36 . 2011-08-19 05:11 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-19 05:36 . 2011-08-19 05:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-27_11.43.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-09 10:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-27 06:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-27 06:57 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-09 10:10 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-27 06:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-09 10:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 01:53 . 2011-11-09 14:56 75992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-09 14:56 35996 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-21 01:32 . 2011-11-09 14:56 17898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060712862-2128723342-4021548419-1000_UserData.bin
+ 2010-06-09 09:10 . 2010-06-09 09:10 46392 c:\windows\system32\drivers\nm3.sys
+ 2011-02-20 10:06 . 2011-11-09 14:53 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-20 10:06 . 2011-11-09 14:53 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-09 14:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-28 00:23 . 2011-10-28 00:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-02-22 05:18 . 2011-11-09 14:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-22 05:18 . 2011-10-26 13:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-10-30 13:49 89968 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-02-22 05:18 . 2011-10-26 13:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-22 05:18 . 2011-11-09 14:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-22 05:18 . 2011-10-26 13:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-22 05:18 . 2011-11-09 14:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 03:02 . 2011-10-27 11:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 03:02 . 2011-11-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 03:02 . 2011-11-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 03:02 . 2011-10-27 11:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-20 17:28 . 2011-10-31 18:38 6526 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-22 10:05 . 2011-11-09 14:05 1713 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-10-22 10:05 . 2011-10-26 13:15 1713 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-10-26 13:16 . 2011-10-26 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-09 14:53 . 2011-11-09 14:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-09 14:53 . 2011-11-09 14:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-26 13:16 . 2011-10-26 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-03 23:41 . 2011-11-03 23:41 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
+ 2011-11-03 23:41 . 2011-11-03 23:41 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.dll
+ 2011-02-22 06:47 . 2011-11-02 14:27 379668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-02-27 15:06 . 2011-11-01 09:04 380798 c:\windows\system32\prfh0404.dat
- 2011-02-27 15:06 . 2011-10-27 08:29 380798 c:\windows\system32\prfh0404.dat
- 2011-02-27 15:06 . 2011-10-27 08:29 100202 c:\windows\system32\prfc0404.dat
+ 2011-02-27 15:06 . 2011-11-01 09:04 100202 c:\windows\system32\prfc0404.dat
- 2009-07-14 02:36 . 2011-10-27 08:29 618936 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-01 09:04 618936 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-27 08:29 107256 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-11-01 09:04 107256 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-10-27 11:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-09 13:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-28 00:22 . 2011-10-28 00:22 197632 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
- 2009-07-14 05:01 . 2011-10-26 13:15 697476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-09 14:52 697476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-08-04 06:06 . 2009-08-04 06:06 132352 c:\windows\Downloaded Program Files\as2stubie.dll
+ 2011-10-26 14:05 . 2011-11-09 15:13 1474832 c:\windows\system32\drivers\sfi.dat
+ 2011-02-22 13:37 . 2011-10-31 18:17 6438208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-22 13:37 . 2011-10-26 09:22 6438208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-09 09:19 . 2010-06-09 09:19 3079168 c:\windows\Installer\1c41d04.msi
+ 2010-06-09 09:19 . 2010-06-09 09:19 4590080 c:\windows\Installer\1c41cfe.msi
+ 2011-07-13 17:36 . 2011-11-09 12:07 12981892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1060712862-2128723342-4021548419-1000-12288.dat
.
-- 快照技術重新設置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]
"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"QvodTerminal"="c:\qvodplayer\QvodTerminal.exe" [2011-09-30 1025936]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SmcService"="c:\progra~2\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-05-26 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-05-26 184120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableUIPI"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-09 86016]
R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-09 86016]
R2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-22 30528]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 161080]
S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104]
S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ XLDoctor Service
.
計劃任務 文件夾 裡的內容
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]
"AutoRunExterminator"="c:\users\User\Desktop\AutoRunExterminator.exe" [2010-05-13 47104]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com
mStart Page = hxxp://www.155.com/?id=104295
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: ?????? - c:\program files (x86)\Thunder Network\Thunder\BHO\GetUrl.htm
IE: ?????????? - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
Trusted Zone: facebook.com
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 122.255.99.228 122.255.99.236
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://malaysia.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4591C12F-E48E-E902-03B2-5E71153BAB77}*]
"ialhfbnnhgnhnkhani"=hex:6a,61,6b,64,6d,69,6f,6c,6f,6d,63,6f,6b,67,6b,6e,69,6a,
68,6f,00,00
"habjlbgmgjfcnbic"=hex:6a,61,6b,64,6d,69,6f,6c,6f,6d,63,6f,6b,67,6b,6e,69,6a,
68,6f,00,d4
.
[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*]
"hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a,
6f,62,00,84
"gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d,
6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\
"iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69,
63,70,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ N莤 *X*]
"UninstallString"="\"c:\\Program Files\\Koei\\San10 Tc\\setup\\uninst.exe\""
"DisplayName"="三?志 X "
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2011-11-09 23:23:02
ComboFix-quarantined-files.txt 2011-11-09 15:23
ComboFix2.txt 2011-10-27 11:51
ComboFix3.txt 2011-08-22 01:25
ComboFix4.txt 2011-08-21 11:01
.
Pre-Run: 97,517,830,144 bytes free
Post-Run: 97,092,698,112 bytes free
.
- - End Of File - - D9883F85D2E5AAF4503380B91B47825C

#12 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 10:32 AM

Hi.
I tried to click combofix for several times (since it dint give me response after the agreement page).
So I changed the name of combofix to a new name ( i read from forum that some malwares recognize it and don't let it run or install).

Sorry that I did this without your permission, owh, I'm worried.
First time combofix ran, there was an error showed that: THE CONTENTS OF FOLDER C:\WINDOWS\ERDNT\HIV-BACKUP could not be completely deleted!
And another error: PEU.3XE HAS STOPPED WORKING. I clicked CLOSE THE PROGRAM.

But the blue screen suddenly gone. It dint create any txt file.
Then I double clicked the combofix on desktop for several times. (and keep on restart)

This time it works. So the txt file is pasted above this tread.
But my internet quota still running fast. Seems like the problem hasnt solve yet....

#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 09 November 2011 - 02:28 PM

That log has a very odd Snapshot section.

Please delete all copies of ComboFix (right-click, select Delete).
Then download and run a new one from BleepingComputer.
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 03:20 PM

Hello.
As i mentioned before, it doenst proceed to the bluescreen if I dint change the name of combofix on desktop.

It pop out an Administrator window saying that
'c. bat' is not recognized as an internal or external command operable program or batch file.
C:\combofix>

#15 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 09 November 2011 - 03:22 PM

Delete the old copies, download new one. Save it to your Desktop as Something. Double-click Something to run it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#16 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 03:31 PM

pop out a window here: C:\COMBOFIX\CF21965.3XE
WINDOWS CANNOT FIND "C:\COMBOFIX\CF21965.3XE". MAKE SURE YOU TYPED THE NAME CORRECTLY AND THEN TRY AGAIN.

#17 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 09 November 2011 - 05:31 PM

OK. Please run these two scans.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy the contents of these files, one at a time, and post with two other replies.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#18 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 07:23 PM

KASPERSKY TDSSKILLER:
One treat found, SKIP.



08:14:27.0992 4724 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
08:14:28.0008 4724 ============================================================
08:14:28.0008 4724 Current date / time: 2011/11/10 08:14:28.0008
08:14:28.0008 4724 SystemInfo:
08:14:28.0008 4724
08:14:28.0008 4724 OS Version: 6.1.7601 ServicePack: 1.0
08:14:28.0008 4724 Product type: Workstation
08:14:28.0008 4724 ComputerName: USER-PC
08:14:28.0008 4724 UserName: User
08:14:28.0008 4724 Windows directory: C:\Windows
08:14:28.0008 4724 System windows directory: C:\Windows
08:14:28.0008 4724 Running under WOW64
08:14:28.0008 4724 Processor architecture: Intel x64
08:14:28.0008 4724 Number of processors: 4
08:14:28.0008 4724 Page size: 0x1000
08:14:28.0008 4724 Boot type: Normal boot
08:14:28.0008 4724 ============================================================
08:14:29.0349 4724 Initialize success
08:14:31.0518 1172 ============================================================
08:14:31.0518 1172 Scan started
08:14:31.0518 1172 Mode: Manual;
08:14:31.0518 1172 ============================================================
08:14:32.0641 1172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:14:32.0641 1172 1394ohci - ok
08:14:32.0734 1172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:14:32.0734 1172 ACPI - ok
08:14:32.0797 1172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:14:32.0797 1172 AcpiPmi - ok
08:14:32.0890 1172 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
08:14:32.0890 1172 adfs - ok
08:14:33.0015 1172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:14:33.0015 1172 adp94xx - ok
08:14:33.0093 1172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:14:33.0093 1172 adpahci - ok
08:14:33.0124 1172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:14:33.0124 1172 adpu320 - ok
08:14:33.0171 1172 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:14:33.0187 1172 AFD - ok
08:14:33.0202 1172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:14:33.0202 1172 agp440 - ok
08:14:33.0234 1172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:14:33.0234 1172 aliide - ok
08:14:33.0249 1172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:14:33.0249 1172 amdide - ok
08:14:33.0265 1172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:14:33.0265 1172 AmdK8 - ok
08:14:33.0280 1172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:14:33.0280 1172 AmdPPM - ok
08:14:33.0296 1172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:14:33.0312 1172 amdsata - ok
08:14:33.0327 1172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:14:33.0343 1172 amdsbs - ok
08:14:33.0343 1172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:14:33.0343 1172 amdxata - ok
08:14:33.0436 1172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:14:33.0436 1172 AppID - ok
08:14:33.0468 1172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:14:33.0468 1172 arc - ok
08:14:33.0483 1172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:14:33.0483 1172 arcsas - ok
08:14:33.0514 1172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:14:33.0514 1172 AsyncMac - ok
08:14:33.0530 1172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:14:33.0530 1172 atapi - ok
08:14:33.0608 1172 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
08:14:33.0608 1172 avgntflt - ok
08:14:33.0639 1172 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
08:14:33.0639 1172 avipbb - ok
08:14:33.0686 1172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:14:33.0686 1172 b06bdrv - ok
08:14:33.0717 1172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:14:33.0717 1172 b57nd60a - ok
08:14:33.0733 1172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:14:33.0748 1172 Beep - ok
08:14:33.0795 1172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:14:33.0795 1172 blbdrive - ok
08:14:33.0842 1172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:14:33.0842 1172 bowser - ok
08:14:33.0873 1172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:14:33.0873 1172 BrFiltLo - ok
08:14:33.0889 1172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:14:33.0889 1172 BrFiltUp - ok
08:14:33.0936 1172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:14:33.0951 1172 Brserid - ok
08:14:33.0998 1172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:14:33.0998 1172 BrSerWdm - ok
08:14:34.0014 1172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:14:34.0014 1172 BrUsbMdm - ok
08:14:34.0029 1172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:14:34.0029 1172 BrUsbSer - ok
08:14:34.0092 1172 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
08:14:34.0092 1172 BthEnum - ok
08:14:34.0123 1172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:14:34.0123 1172 BTHMODEM - ok
08:14:34.0154 1172 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:14:34.0154 1172 BthPan - ok
08:14:34.0201 1172 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
08:14:34.0216 1172 BTHPORT - ok
08:14:34.0248 1172 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
08:14:34.0263 1172 BTHUSB - ok
08:14:34.0404 1172 catchme - ok
08:14:34.0435 1172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:14:34.0435 1172 cdfs - ok
08:14:34.0497 1172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:14:34.0497 1172 cdrom - ok
08:14:34.0544 1172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:14:34.0544 1172 circlass - ok
08:14:34.0575 1172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:14:34.0591 1172 CLFS - ok
08:14:34.0669 1172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:14:34.0669 1172 CmBatt - ok
08:14:34.0716 1172 cmderd (67c7a415e487dfb26d029838f568ef80) C:\Windows\system32\DRIVERS\cmderd.sys
08:14:34.0716 1172 cmderd - ok
08:14:34.0747 1172 cmdGuard (f81457b43f083e0ff8eacae720f0537b) C:\Windows\system32\DRIVERS\cmdguard.sys
08:14:34.0762 1172 cmdGuard - ok
08:14:34.0778 1172 cmdHlp (0091563e864c5d750771919ea8900763) C:\Windows\system32\DRIVERS\cmdhlp.sys
08:14:34.0778 1172 cmdHlp - ok
08:14:34.0825 1172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:14:34.0825 1172 cmdide - ok
08:14:34.0950 1172 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
08:14:35.0012 1172 CNG - ok
08:14:35.0121 1172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:14:35.0121 1172 Compbatt - ok
08:14:35.0168 1172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:14:35.0168 1172 CompositeBus - ok
08:14:35.0199 1172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:14:35.0199 1172 crcdisk - ok
08:14:35.0262 1172 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:14:35.0277 1172 CSC - ok
08:14:35.0340 1172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:14:35.0340 1172 DfsC - ok
08:14:35.0355 1172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:14:35.0355 1172 discache - ok
08:14:35.0433 1172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:14:35.0433 1172 Disk - ok
08:14:35.0464 1172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:14:35.0464 1172 drmkaud - ok
08:14:35.0527 1172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:14:35.0527 1172 DXGKrnl - ok
08:14:35.0605 1172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:14:35.0667 1172 ebdrv - ok
08:14:35.0698 1172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:14:35.0714 1172 elxstor - ok
08:14:35.0730 1172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:14:35.0730 1172 ErrDev - ok
08:14:35.0761 1172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:14:35.0761 1172 exfat - ok
08:14:35.0776 1172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:14:35.0792 1172 fastfat - ok
08:14:35.0808 1172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:14:35.0808 1172 fdc - ok
08:14:35.0839 1172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:14:35.0839 1172 FileInfo - ok
08:14:35.0870 1172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:14:35.0870 1172 Filetrace - ok
08:14:35.0964 1172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:14:35.0979 1172 flpydisk - ok
08:14:36.0026 1172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:14:36.0026 1172 FltMgr - ok
08:14:36.0057 1172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:14:36.0057 1172 FsDepends - ok
08:14:36.0088 1172 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:14:36.0088 1172 Fs_Rec - ok
08:14:36.0151 1172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:14:36.0151 1172 fvevol - ok
08:14:36.0166 1172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:14:36.0166 1172 gagp30kx - ok
08:14:36.0213 1172 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
08:14:36.0213 1172 gdrv - ok
08:14:36.0276 1172 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
08:14:36.0276 1172 GVTDrv64 - ok
08:14:36.0291 1172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:14:36.0291 1172 hcw85cir - ok
08:14:36.0354 1172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:14:36.0369 1172 HdAudAddService - ok
08:14:36.0400 1172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:14:36.0400 1172 HDAudBus - ok
08:14:36.0416 1172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:14:36.0416 1172 HidBatt - ok
08:14:36.0432 1172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:14:36.0447 1172 HidBth - ok
08:14:36.0478 1172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:14:36.0478 1172 HidIr - ok
08:14:36.0494 1172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:14:36.0494 1172 HidUsb - ok
08:14:36.0525 1172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:14:36.0541 1172 HpSAMD - ok
08:14:36.0572 1172 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
08:14:36.0588 1172 HTCAND64 - ok
08:14:36.0650 1172 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
08:14:36.0650 1172 htcnprot - ok
08:14:36.0697 1172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:14:36.0712 1172 HTTP - ok
08:14:36.0775 1172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:14:36.0775 1172 hwpolicy - ok
08:14:36.0822 1172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:14:36.0822 1172 i8042prt - ok
08:14:36.0946 1172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:14:36.0978 1172 iaStorV - ok
08:14:37.0009 1172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:14:37.0024 1172 iirsp - ok
08:14:37.0087 1172 inspect (db2ce341c290292f60c6bb13b7a1d84e) C:\Windows\system32\DRIVERS\inspect.sys
08:14:37.0087 1172 inspect - ok
08:14:37.0118 1172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:14:37.0118 1172 intelide - ok
08:14:37.0196 1172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:14:37.0196 1172 intelppm - ok
08:14:37.0274 1172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:14:37.0274 1172 IpFilterDriver - ok
08:14:37.0336 1172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:14:37.0336 1172 IPMIDRV - ok
08:14:37.0368 1172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:14:37.0368 1172 IPNAT - ok
08:14:37.0399 1172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:14:37.0399 1172 IRENUM - ok
08:14:37.0430 1172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:14:37.0430 1172 isapnp - ok
08:14:37.0477 1172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:14:37.0477 1172 iScsiPrt - ok
08:14:37.0508 1172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:14:37.0508 1172 kbdclass - ok
08:14:37.0586 1172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:14:37.0586 1172 kbdhid - ok
08:14:37.0633 1172 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
08:14:37.0633 1172 KSecDD - ok
08:14:37.0726 1172 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
08:14:37.0726 1172 KSecPkg - ok
08:14:37.0758 1172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:14:37.0758 1172 ksthunk - ok
08:14:37.0804 1172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:14:37.0804 1172 lltdio - ok
08:14:37.0836 1172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:14:37.0851 1172 LSI_FC - ok
08:14:37.0867 1172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:14:37.0867 1172 LSI_SAS - ok
08:14:37.0929 1172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:14:37.0945 1172 LSI_SAS2 - ok
08:14:37.0960 1172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:14:37.0960 1172 LSI_SCSI - ok
08:14:37.0992 1172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:14:37.0992 1172 luafv - ok
08:14:38.0085 1172 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
08:14:38.0085 1172 MBAMProtector - ok
08:14:38.0179 1172 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
08:14:38.0194 1172 mcdbus - ok
08:14:38.0226 1172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:14:38.0226 1172 megasas - ok
08:14:38.0241 1172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:14:38.0257 1172 MegaSR - ok
08:14:38.0304 1172 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
08:14:38.0304 1172 MEIx64 - ok
08:14:38.0319 1172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:14:38.0335 1172 Modem - ok
08:14:38.0366 1172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:14:38.0366 1172 monitor - ok
08:14:38.0413 1172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:14:38.0413 1172 mouclass - ok
08:14:38.0428 1172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:14:38.0428 1172 mouhid - ok
08:14:38.0491 1172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:14:38.0491 1172 mountmgr - ok
08:14:38.0538 1172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:14:38.0553 1172 mpio - ok
08:14:38.0569 1172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:14:38.0569 1172 mpsdrv - ok
08:14:38.0631 1172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:14:38.0647 1172 MRxDAV - ok
08:14:38.0725 1172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:14:38.0725 1172 mrxsmb - ok
08:14:38.0850 1172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:14:38.0850 1172 mrxsmb10 - ok
08:14:38.0896 1172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:14:38.0896 1172 mrxsmb20 - ok
08:14:38.0912 1172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:14:38.0912 1172 msahci - ok
08:14:38.0943 1172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:14:38.0943 1172 msdsm - ok
08:14:38.0990 1172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:14:38.0990 1172 Msfs - ok
08:14:39.0037 1172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:14:39.0037 1172 mshidkmdf - ok
08:14:39.0068 1172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:14:39.0068 1172 msisadrv - ok
08:14:39.0099 1172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:14:39.0099 1172 MSKSSRV - ok
08:14:39.0115 1172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:14:39.0115 1172 MSPCLOCK - ok
08:14:39.0130 1172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:14:39.0130 1172 MSPQM - ok
08:14:39.0193 1172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:14:39.0193 1172 MsRPC - ok
08:14:39.0240 1172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:14:39.0240 1172 mssmbios - ok
08:14:39.0286 1172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:14:39.0286 1172 MSTEE - ok
08:14:39.0349 1172 MT7118VU (c76064c1a27327c3dfe77ee616e75498) C:\Windows\system32\DRIVERS\mt7118vu_x64.sys
08:14:39.0349 1172 MT7118VU - ok
08:14:39.0364 1172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:14:39.0364 1172 MTConfig - ok
08:14:39.0427 1172 MTKWMPROT (0b3a924256627188fa04ed6f3fd2b735) C:\Windows\system32\DRIVERS\mtkwmptv_x64.sys
08:14:39.0427 1172 MTKWMPROT - ok
08:14:39.0458 1172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:14:39.0458 1172 Mup - ok
08:14:39.0505 1172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:14:39.0520 1172 NativeWifiP - ok
08:14:39.0645 1172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:14:39.0661 1172 NDIS - ok
08:14:39.0708 1172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:14:39.0708 1172 NdisCap - ok
08:14:39.0754 1172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:14:39.0754 1172 NdisTapi - ok
08:14:39.0832 1172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:14:39.0832 1172 Ndisuio - ok
08:14:39.0864 1172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:14:39.0879 1172 NdisWan - ok
08:14:39.0973 1172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:14:39.0973 1172 NDProxy - ok
08:14:40.0020 1172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:14:40.0020 1172 NetBIOS - ok
08:14:40.0113 1172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:14:40.0113 1172 NetBT - ok
08:14:40.0176 1172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:14:40.0191 1172 nfrd960 - ok
08:14:40.0269 1172 nm3 (f554c5fd7bd1efa4da5cfe2eed86391f) C:\Windows\system32\DRIVERS\nm3.sys
08:14:40.0269 1172 nm3 - ok
08:14:40.0316 1172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:14:40.0316 1172 Npfs - ok
08:14:40.0347 1172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:14:40.0347 1172 nsiproxy - ok
08:14:40.0441 1172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:14:40.0472 1172 Ntfs - ok
08:14:40.0488 1172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:14:40.0488 1172 Null - ok
08:14:40.0534 1172 nusb3hub (c25cc69829e976c67b34152334eeddd1) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:14:40.0550 1172 nusb3hub - ok
08:14:40.0581 1172 nusb3xhc (20bc4b57a6dba0447adb3b623c200f8e) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:14:40.0581 1172 nusb3xhc - ok
08:14:40.0628 1172 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
08:14:40.0628 1172 NVHDA - ok
08:14:41.0392 1172 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:14:41.0439 1172 nvlddmkm - ok
08:14:41.0751 1172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:14:41.0751 1172 nvraid - ok
08:14:41.0814 1172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:14:41.0814 1172 nvstor - ok
08:14:41.0876 1172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:14:41.0907 1172 nv_agp - ok
08:14:41.0954 1172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:14:41.0954 1172 ohci1394 - ok
08:14:42.0032 1172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:14:42.0048 1172 Parport - ok
08:14:42.0110 1172 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:14:42.0110 1172 partmgr - ok
08:14:42.0188 1172 pavboot (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
08:14:42.0188 1172 pavboot - ok
08:14:42.0204 1172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:14:42.0219 1172 pci - ok
08:14:42.0235 1172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:14:42.0235 1172 pciide - ok
08:14:42.0250 1172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:14:42.0266 1172 pcmcia - ok
08:14:42.0297 1172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:14:42.0297 1172 pcw - ok
08:14:42.0328 1172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:14:42.0344 1172 PEAUTH - ok
08:14:42.0516 1172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:14:42.0516 1172 PptpMiniport - ok
08:14:42.0547 1172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:14:42.0547 1172 Processor - ok
08:14:42.0609 1172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:14:42.0609 1172 Psched - ok
08:14:42.0656 1172 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
08:14:42.0672 1172 PxHlpa64 - ok
08:14:42.0703 1172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:14:42.0734 1172 ql2300 - ok
08:14:42.0750 1172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:14:42.0750 1172 ql40xx - ok
08:14:42.0781 1172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:14:42.0781 1172 QWAVEdrv - ok
08:14:42.0796 1172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:14:42.0796 1172 RasAcd - ok
08:14:42.0828 1172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:14:42.0828 1172 RasAgileVpn - ok
08:14:42.0906 1172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:14:42.0906 1172 Rasl2tp - ok
08:14:42.0937 1172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:14:42.0937 1172 RasPppoe - ok
08:14:42.0952 1172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:14:42.0952 1172 RasSstp - ok
08:14:42.0984 1172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:14:42.0984 1172 rdbss - ok
08:14:43.0030 1172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:14:43.0030 1172 rdpbus - ok
08:14:43.0046 1172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:14:43.0046 1172 RDPCDD - ok
08:14:43.0108 1172 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:14:43.0108 1172 RDPDR - ok
08:14:43.0124 1172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:14:43.0124 1172 RDPENCDD - ok
08:14:43.0155 1172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:14:43.0155 1172 RDPREFMP - ok
08:14:43.0218 1172 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
08:14:43.0218 1172 RdpVideoMiniport - ok
08:14:43.0249 1172 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:14:43.0249 1172 RDPWD - ok
08:14:43.0311 1172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:14:43.0311 1172 rdyboost - ok
08:14:43.0389 1172 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:14:43.0389 1172 RFCOMM - ok
08:14:43.0436 1172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:14:43.0436 1172 rspndr - ok
08:14:43.0483 1172 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:14:43.0483 1172 RTL8167 - ok
08:14:43.0545 1172 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:14:43.0545 1172 s3cap - ok
08:14:43.0592 1172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:14:43.0592 1172 sbp2port - ok
08:14:43.0639 1172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:14:43.0639 1172 scfilter - ok
08:14:43.0686 1172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:14:43.0686 1172 secdrv - ok
08:14:43.0701 1172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:14:43.0701 1172 Serenum - ok
08:14:43.0732 1172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:14:43.0748 1172 Serial - ok
08:14:43.0795 1172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:14:43.0795 1172 sermouse - ok
08:14:43.0826 1172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:14:43.0826 1172 sffdisk - ok
08:14:43.0842 1172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:14:43.0842 1172 sffp_mmc - ok
08:14:43.0873 1172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:14:43.0873 1172 sffp_sd - ok
08:14:43.0920 1172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:14:43.0920 1172 sfloppy - ok
08:14:43.0951 1172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:14:43.0951 1172 SiSRaid2 - ok
08:14:43.0982 1172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:14:43.0982 1172 SiSRaid4 - ok
08:14:43.0998 1172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:14:43.0998 1172 Smb - ok
08:14:44.0076 1172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:14:44.0076 1172 spldr - ok
08:14:44.0169 1172 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
08:14:44.0169 1172 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
08:14:44.0169 1172 sptd ( LockedFile.Multi.Generic ) - warning
08:14:44.0185 1172 sptd - detected LockedFile.Multi.Generic (1)
08:14:44.0356 1172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:14:44.0356 1172 srv - ok
08:14:44.0403 1172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:14:44.0403 1172 srv2 - ok
08:14:44.0434 1172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:14:44.0434 1172 srvnet - ok
08:14:44.0528 1172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:14:44.0528 1172 stexstor - ok
08:14:44.0575 1172 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:14:44.0575 1172 storflt - ok
08:14:44.0606 1172 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:14:44.0606 1172 storvsc - ok
08:14:44.0622 1172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:14:44.0622 1172 swenum - ok
08:14:44.0637 1172 Synth3dVsc - ok
08:14:44.0731 1172 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
08:14:44.0762 1172 Tcpip - ok
08:14:44.0824 1172 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
08:14:44.0840 1172 TCPIP6 - ok
08:14:44.0902 1172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:14:44.0902 1172 tcpipreg - ok
08:14:44.0934 1172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:14:44.0934 1172 TDPIPE - ok
08:14:44.0949 1172 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:14:44.0949 1172 TDTCP - ok
08:14:45.0027 1172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:14:45.0043 1172 tdx - ok
08:14:45.0090 1172 Teefer - ok
08:14:45.0152 1172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:14:45.0152 1172 TermDD - ok
08:14:45.0230 1172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:14:45.0230 1172 tssecsrv - ok
08:14:45.0277 1172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:14:45.0277 1172 TsUsbFlt - ok
08:14:45.0324 1172 tsusbhub - ok
08:14:45.0386 1172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:14:45.0402 1172 tunnel - ok
08:14:45.0417 1172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:14:45.0417 1172 uagp35 - ok
08:14:45.0480 1172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:14:45.0480 1172 udfs - ok
08:14:45.0511 1172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:14:45.0511 1172 uliagpkx - ok
08:14:45.0573 1172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:14:45.0573 1172 umbus - ok
08:14:45.0589 1172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:14:45.0589 1172 UmPass - ok
08:14:45.0620 1172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:14:45.0636 1172 usbccgp - ok
08:14:45.0667 1172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:14:45.0682 1172 usbcir - ok
08:14:45.0729 1172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:14:45.0729 1172 usbehci - ok
08:14:45.0776 1172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:14:45.0776 1172 usbhub - ok
08:14:45.0792 1172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:14:45.0807 1172 usbohci - ok
08:14:45.0838 1172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:14:45.0838 1172 usbprint - ok
08:14:45.0885 1172 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:14:45.0885 1172 usbscan - ok
08:14:45.0932 1172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:14:45.0932 1172 USBSTOR - ok
08:14:45.0963 1172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:14:45.0963 1172 usbuhci - ok
08:14:46.0010 1172 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
08:14:46.0010 1172 usb_rndisx - ok
08:14:46.0072 1172 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
08:14:46.0072 1172 VClone - ok
08:14:46.0182 1172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:14:46.0182 1172 vdrvroot - ok
08:14:46.0197 1172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:14:46.0197 1172 vga - ok
08:14:46.0228 1172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:14:46.0228 1172 VgaSave - ok
08:14:46.0244 1172 VGPU - ok
08:14:46.0291 1172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:14:46.0306 1172 vhdmp - ok
08:14:46.0322 1172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:14:46.0322 1172 viaide - ok
08:14:46.0353 1172 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:14:46.0353 1172 vmbus - ok
08:14:46.0369 1172 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:14:46.0384 1172 VMBusHID - ok
08:14:46.0431 1172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:14:46.0431 1172 volmgr - ok
08:14:46.0494 1172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:14:46.0494 1172 volmgrx - ok
08:14:46.0525 1172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:14:46.0540 1172 volsnap - ok
08:14:46.0556 1172 vsdatant - ok
08:14:46.0587 1172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:14:46.0587 1172 vsmraid - ok
08:14:46.0618 1172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:14:46.0618 1172 vwifibus - ok
08:14:46.0650 1172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:14:46.0665 1172 WacomPen - ok
08:14:46.0696 1172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:14:46.0696 1172 WANARP - ok
08:14:46.0696 1172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:14:46.0696 1172 Wanarpv6 - ok
08:14:46.0743 1172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:14:46.0743 1172 Wd - ok
08:14:46.0790 1172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:14:46.0790 1172 Wdf01000 - ok
08:14:46.0837 1172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:14:46.0837 1172 WfpLwf - ok
08:14:46.0852 1172 wg3n - ok
08:14:46.0852 1172 wg4n - ok
08:14:46.0868 1172 wg5n - ok
08:14:46.0884 1172 wg6n - ok
08:14:46.0899 1172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:14:46.0899 1172 WIMMount - ok
08:14:46.0993 1172 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:14:46.0993 1172 WinUsb - ok
08:14:47.0040 1172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:14:47.0040 1172 WmiAcpi - ok
08:14:47.0102 1172 wpsdrvnt - ok
08:14:47.0133 1172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:14:47.0133 1172 ws2ifsl - ok
08:14:47.0196 1172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:14:47.0196 1172 WudfPf - ok
08:14:47.0242 1172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:14:47.0242 1172 WUDFRd - ok
08:14:47.0352 1172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:14:47.0352 1172 \Device\Harddisk0\DR0 - ok
08:14:47.0367 1172 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2
08:15:01.0173 1172 \Device\Harddisk1\DR2 - ok
08:15:01.0205 1172 Boot (0x1200) (3c19a3c20737cf8c9a3f8e791787dc6f) \Device\Harddisk0\DR0\Partition0
08:15:01.0205 1172 \Device\Harddisk0\DR0\Partition0 - ok
08:15:01.0236 1172 Boot (0x1200) (aec5d769cdfde005e1736dca78216d4e) \Device\Harddisk0\DR0\Partition1
08:15:01.0236 1172 \Device\Harddisk0\DR0\Partition1 - ok
08:15:01.0283 1172 Boot (0x1200) (b7465f0621cc14cef32253553c7849cc) \Device\Harddisk0\DR0\Partition2
08:15:01.0283 1172 \Device\Harddisk0\DR0\Partition2 - ok
08:15:01.0283 1172 Boot (0x1200) (96cd9fc1a759d62aa6d38773eef00bee) \Device\Harddisk1\DR2\Partition0
08:15:01.0283 1172 \Device\Harddisk1\DR2\Partition0 - ok
08:15:01.0283 1172 ============================================================
08:15:01.0283 1172 Scan finished
08:15:01.0283 1172 ============================================================
08:15:01.0298 4948 Detected object count: 1
08:15:01.0298 4948 Actual detected object count: 1
08:15:17.0683 4948 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:15:17.0683 4948 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#19 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 07:24 PM

OTL.TXT

OTL logfile created on: 10/11/2011 8:17:02 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

5.98 Gb Total Physical Memory | 4.81 Gb Available Physical Memory | 80.40% Memory free
11.97 Gb Paging File | 10.15 Gb Available in Paging File | 84.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 90.43 Gb Free Space | 37.06% Space Free | Partition Type: NTFS
Drive D: | 221.62 Gb Total Space | 79.64 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive F: | 498.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.76 Gb Total Space | 2.45 Gb Free Space | 65.19% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\P1\P1 4G\GPCommonService.exe (Green Packet Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
PRC - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
PRC - D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
PRC - C:\Program Files (x86)\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (GPCommonService(64)) -- C:\Program Files\P1\P1 4G\GPCommonServicex64.exe (Green Packet Inc.)
SRV:64bit: - (GPCommonService) -- C:\Program Files\P1\P1 4G\GPCommonService.exe (Green Packet Inc.)
SRV:64bit: - (mi-raysat_3dsmax2011_64) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (XLDoctor Service) -- C:\Program Files (x86)\Thunder Network\Thunder\Program\DctSer.dll (ShenZhen Xunlei Networking Technologies,LTD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (mi-raysat_3dsmax2011_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (Autodesk Network Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.)
SRV - (lxcz_device) -- C:\Windows\SysWow64\lxczcoms.exe ( )
SRV - (SmcService) -- C:\Program Files (x86)\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MT7118VU) -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys (MediaTek Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (MTKWMPROT) -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys (MediaTek Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (wg6n) -- C:\Windows\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\Windows\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\Windows\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\Windows\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\Windows\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\Windows\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.155.com/?id=104295
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.6
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "http://malaysia.sear...type=937811&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@duomi.com/Duomi: C:\Program Files (x86)\DuoMi\npduomi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/04/25 19:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/04 18:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 14:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/15 00:08:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/22 19:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/06/09 10:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions
[2011/04/10 08:57:41 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2011/03/16 21:48:28 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\searchplugins\mywebsearch.xml
[2011/08/30 18:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/04 18:49:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/28 22:03:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/08/24 20:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/08/30 18:24:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/08/30 18:24:33 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011/07/04 18:49:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/24 20:13:07 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2011/09/06 01:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/03/15 00:08:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2011/03/15 00:08:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2011/03/15 00:08:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2011/03/15 00:08:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2011/03/15 00:08:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2011/03/15 00:08:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2011/05/09 19:05:03 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2011/04/11 19:26:20 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2011/08/12 16:04:56 | 000,002,289 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
[2011/05/09 19:05:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/04/11 19:26:20 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2011/05/09 19:05:03 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2011/06/08 14:51:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/05/09 19:05:03 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/05/09 19:05:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2011/08/30 18:24:33 | 000,000,855 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: xl_chrome_plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_0\xl_chrome.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Gun Bros = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh\2.0.0_0\
CHR - Extension: Monster Dash = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_0\
CHR - Extension: Plants vs Zombies = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: chrometheme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nicedinboajebiggohjlngiflbdkaace\1_0\
CHR - Extension: BitDefender QuickScan = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\

O1 HOSTS File: ([2011/10/28 15:36:28 | 000,000,057 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ѹ֧) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AutoRunExterminator] C:\Users\User\Desktop\AutoRunExterminator.exe (Inside Core)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [QvodTerminal] C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [SmcService] C:\Program Files (x86)\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8:64bit: - Extra context menu item: ?????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: ?????????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: ?????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: ?????????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 122.255.99.228 122.255.99.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42946A87-75D4-4AE4-9AA6-F9AFFCD4CAB7}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A4BDCDC-EB45-46B2-BF26-DA9B7839192C}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F6F06AC-E632-4AEA-80EE-AF5984AA526E}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A01C6897-78A1-45DE-A470-0ED3AE55F416}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B53D3012-F6DD-46B6-ACC6-A9082CC7A25C}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA3E54CF-1AF0-4EFE-9343-3AE2CE70890B}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B8EC78-2C37-4D17-AEB4-7F826361C0A4}: DhcpNameServer = 122.255.99.228 122.255.99.236
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 -

#20 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 09 November 2011 - 07:26 PM

Hi. OTL showed that scan is completed. But only OTL.TXT pop out. There is no Extras..
OTL.txt file saved on desktop. I can't see EXTRAS.TXT too.... what happened...

#21 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 09 November 2011 - 10:30 PM

Extras.txt opens in a second Notepad window. Usually it will be C:\Extras.txt - see if you can find it.

Get Internet Explorer 9.

There are pieces of ComboFix all over. The contents of quarantine should be listed in
C:\Qoobox\ComboFix-quarantined-files.txt, but I don't see the Qoobox.
Try to uninstall ComboFIx.
Start > Run, and enter 'combofix /uninstall'. Note the space after combofix.

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3571475C
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Files
C:\Users\User\AppData\Roaming\hHLkyDEdH7J1
C:\Users\User\AppData\Roaming\fLdfltehhjgg
C:\Users\User\AppData\Roaming\E6H1dg6eedLF
C:\Users\User\AppData\Roaming\j7Aj8Lg66f66
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CREATERESTOREPOINT]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).

Post the log OTL.TXT in your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#22 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 10 November 2011 - 12:11 AM

Hello.

I can't find EXTRAS.TXT anywhere. Not in Local disk C.
And I run the cmd to uninstall combofix. It couldnt run.

Combofix
Windows cannot find 'combofix'. Make sure you typed the name correctly, and then try again.

But I found C:\Qoobox\ComboFix-quarantined-files.txt
2011-10-27 11:22:37 . 2011-10-27 11:22:37 14,496 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Local\Temp\nsv771D.tmp\System.dll.vir
2011-10-27 11:22:37 . 2011-10-27 11:22:37 9,728 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Local\Temp\nsv771D.tmp\nsDialogs.dll.vir
2011-10-27 10:20:37 . 2011-10-27 10:20:46 64,714 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111027175043_maibaobao111027cha15s.swf.vir
2011-10-27 10:20:05 . 2011-10-27 10:20:41 310,241 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111027174858_maibaobao111027zhu15s.swf.vir
2011-10-27 10:20:01 . 2011-10-27 10:20:06 40,320 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111027175246_maibaobao111027zanting.swf.vir
2011-10-27 06:32:11 . 2011-10-27 06:53:49 770 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\NetMon\Lang_1028.ini.vir
2011-10-27 06:32:11 . 2011-10-27 06:53:49 11 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\NetMon\NetMon.ini.vir
2011-10-26 16:22:16 . 2011-10-26 16:22:41 242,747 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111026151339_shenmo111027zhu15s.swf.vir
2011-10-26 16:20:27 . 2011-10-26 16:22:21 788,163 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111026135725_taobao111027houtie.swf.vir
2011-10-26 16:20:22 . 2011-10-26 16:20:31 37,269 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111026151450_shenmo111027zanting.swf.vir
2011-10-26 16:20:18 . 2011-10-26 16:20:26 35,758 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111026135536_taobao111027zanting.swf.vir
2011-10-26 16:20:02 . 2011-10-26 16:20:21 60,276 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111026135802_taobao111027chabo.swf.vir
2011-10-26 13:15:17 . 2011-10-27 06:53:51 67 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\NetMon\NetMonForm.INI.vir
2011-10-26 04:58:46 . 2011-10-26 04:59:10 280,605 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025181835_shengmozhixue111026zhu15s.swf.vir
2011-10-26 04:58:39 . 2011-10-26 04:58:50 40,768 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025103617_xianglong18zhang111026zanting.swf.vir
2011-10-26 04:58:29 . 2011-10-26 04:58:40 37,197 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025103256_xianglong18zhang111026chabo.swf.vir
2011-10-26 04:58:21 . 2011-10-26 04:58:30 34,754 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025181959_shengmozhixue111026zanting.swf.vir
2011-10-26 04:58:06 . 2011-10-26 04:58:25 97,824 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025103528_xianglong18zhang111026zhu15s.swf.vir
2011-10-26 04:58:02 . 2011-10-26 04:58:10 35,071 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025180920_guangyuwendao111025zanting.swf.vir
2011-10-25 13:56:40 . 2011-10-25 13:56:47 6,706 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025210241_zhenqiao111026jiaobiao.swf.vir
2011-10-25 13:56:02 . 2011-10-25 13:56:42 819,015 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025205649_zhenqiao111025zhu15s.swf.vir
2011-10-25 13:55:57 . 2011-10-25 13:56:02 34,817 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025210044_zhenqiao111026zanting.swf.vir
2011-10-25 07:56:07 . 2011-10-25 07:56:12 36,844 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025133535_tgcshengdian111025zanting.swf.vir
2011-10-25 02:29:46 . 2011-10-25 02:29:54 40,784 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025100349_yougouwang111025zanting.swf.vir
2011-10-25 02:29:41 . 2011-10-25 02:29:49 44,263 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111025100454_yougouwang111025qipao.swf.vir
2011-10-24 16:11:11 . 2011-10-24 16:11:31 34,538 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024210445_guangqichuanqi111024zanting.swf.vir
2011-10-24 06:12:05 . 2011-10-24 06:12:21 236,535 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020172521_aishiti111024zanting.jpg.vir
2011-10-24 06:11:54 . 2011-10-24 06:12:06 157,004 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020172545_aishiti111020chabo.jpg.vir
2011-10-24 06:11:46 . 2011-10-24 06:11:56 101,942 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021132514_taobao111024qipao.swf.vir
2011-10-24 06:11:43 . 2011-10-24 06:11:51 40,910 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021184322_beijingyidong111022zanting.swf.vir
2011-10-24 06:11:37 . 2011-10-24 06:11:46 60,768 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024110821_yihaodian111024cha15s.swf.vir
2011-10-24 06:11:34 . 2011-10-24 06:11:41 33,793 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024104742_renbaochexian111024zanting.swf.vir
2011-10-24 06:11:30 . 2011-10-24 06:11:36 34,862 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021132435_taobao111024zanting.swf.vir
2011-10-24 06:11:27 . 2011-10-24 06:11:31 28,149 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020155017_qqfeiche111023zanting.swf.vir
2011-10-24 06:11:24 . 2011-10-24 06:11:31 35,280 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020164318_moyu111024zanting.swf.vir
2011-10-24 06:11:20 . 2011-10-24 06:11:26 39,015 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021131821_taobao111024chabo.swf.vir
2011-10-24 06:11:16 . 2011-10-24 06:11:21 33,860 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024104653_renbaochexian111024zhu15s.swf.vir
2011-10-24 06:11:13 . 2011-10-24 06:11:21 38,117 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018133141_dongfengbiaozhi111018qipao.swf.vir
2011-10-24 06:11:08 . 2011-10-24 06:11:16 40,005 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024110623_yihaodian111024zanting.swf.vir
2011-10-24 06:11:06 . 2011-10-24 06:11:11 17,803 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024104856_renbaochexian111024chabo.swf.vir
2011-10-24 06:10:54 . 2011-10-24 06:11:11 233,954 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111024111014_yihaodian111024zhu15s.swf.vir
2011-10-24 06:10:43 . 2011-10-24 06:10:56 182,326 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021132142_taobao111024zhu15s.swf.vir
2011-10-23 05:38:01 . 2011-10-23 05:38:07 40,163 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021223211_zhenqiao111023zanting.swf.vir
2011-10-23 05:37:58 . 2011-10-23 05:38:02 4,569 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021184618_zhenqiao111023jiaobiaozhuliu.swf.vir
2011-10-23 05:37:44 . 2011-10-23 05:38:02 85,512 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020182547_yingxionglianmeng111023zhu15s.swf.vir
2011-10-23 05:37:35 . 2011-10-23 05:37:47 36,465 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020182406_yingxionglianmeng111023zanting.swf.vir
2011-10-22 00:49:10 . 2011-10-22 00:49:15 194,408 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\sop.dll.vir
2011-10-22 00:49:00 . 2011-10-22 00:49:05 31,180 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021155756_yougou111022qipao.swf.vir
2011-10-22 00:48:45 . 2011-10-22 00:49:00 483,293 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020155848_qiannvyouhun111022zhu15s.swf.vir
2011-10-22 00:48:43 . 2011-10-22 00:48:45 34,215 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021160117_yougouwang111022zanting.swf.vir
2011-10-22 00:48:40 . 2011-10-22 00:48:45 35,073 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020182221_yingxionglianmeng111022zanting.swf.vir
2011-10-22 00:48:38 . 2011-10-22 00:48:40 35,473 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021143946_huoying3f111022zanting.swf.vir
2011-10-22 00:42:53 . 2011-10-22 00:43:01 102,144 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021144449_huoying3f111022zhu15s.swf.vir
2011-10-21 15:15:52 . 2011-10-21 15:16:03 40,566 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021163359_maibaobao111021zanting.swf.vir
2011-10-21 15:15:36 . 2011-10-21 15:15:53 95,847 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021163203_maibaobao111021zhu15s.swf.vir
2011-10-21 15:15:25 . 2011-10-21 15:15:38 48,760 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111021163523_maibaobao111021cha15s.swf.vir
2011-10-21 00:00:06 . 2011-10-21 00:00:12 40,812 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020155713_qiannvyouhun111021zanting.swf.vir
2011-10-21 00:00:04 . 2011-10-21 00:00:07 41,614 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019172231_dongfengbiaozhi111021zanting.swf.vir
2011-10-21 00:00:02 . 2011-10-21 00:00:07 25,902 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019185529_qqfeiche111021.swf.vir
2011-10-20 23:59:58 . 2011-10-21 00:00:02 120,209 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020174124_tianlongbabu111021zhu15s.swf.vir
2011-10-20 23:59:51 . 2011-10-21 00:00:02 190,957 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019172403_dongfengbiaozhi111021zhu15s.swf.vir
2011-10-20 23:59:50 . 2011-10-20 23:59:52 35,279 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020175755_guangyuwendao111021zanting.swf.vir
2011-10-20 23:59:47 . 2011-10-20 23:59:52 37,519 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018150344_zhuxian111019zanting.swf.vir
2011-10-20 23:59:45 . 2011-10-20 23:59:52 36,101 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111020174248_tianlongbabu111021zanting.swf.vir
2011-10-20 04:14:06 . 2011-10-20 04:14:15 35,974 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019173421_tianlongbabu111020zanting.swf.vir
2011-10-20 04:14:03 . 2011-10-20 04:14:10 25,867 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019185743_qqfeiche111020zanting.swf.vir
2011-10-20 04:14:01 . 2011-10-20 04:14:05 34,556 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019174523_taobao111020chabo.swf.vir
2011-10-20 04:13:58 . 2011-10-20 04:14:05 50,720 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019174603_taobao111020zhu15s.swf.vir
2011-10-20 04:13:52 . 2011-10-20 04:14:00 120,038 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019173246_tianlongbabu111020zhu15s.swf.vir
2011-10-20 04:13:47 . 2011-10-20 04:13:55 50,866 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019172154_oulaiya111020zanting15s.swf.vir
2011-10-20 04:13:45 . 2011-10-20 04:13:50 34,374 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019174953_taobao111020zanting.swf.vir
2011-10-20 04:13:41 . 2011-10-20 04:13:50 35,637 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017175527_tengxundnf111020zanting.swf.vir
2011-10-20 04:13:39 . 2011-10-20 04:13:45 34,286 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017183240_shuangxingxian111018zanting.swf.vir
2011-10-19 09:56:31 . 2011-10-19 09:56:43 70,345 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019133716_1haodian111019cha15s.swf.vir
2011-10-19 09:56:22 . 2011-10-19 09:56:33 50,176 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019173506_oulaiya111019zantingnopv.swf.vir
2011-10-19 09:55:42 . 2011-10-19 09:56:23 183,933 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019133833_1haodian111019zhu15s.swf.vir
2011-10-19 09:55:35 . 2011-10-19 09:55:43 40,160 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111019133524_1haodian111019zanting.swf.vir
2011-10-19 03:55:45 . 2011-10-19 03:55:53 60,197 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018223530_shenxiandao111019zhu15s.swf.vir
2011-10-19 03:55:38 . 2011-10-19 03:55:48 33,770 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018131557_shenxiandao111019zanting.swf.vir
2011-10-19 03:55:35 . 2011-10-19 03:55:43 25,208 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018131518_shenxiandao111019chabo.swf.vir
2011-10-18 23:55:45 . 2011-10-18 23:55:48 73,501 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018175820_dianhun111019zhu15s.swf.vir
2011-10-18 23:55:43 . 2011-10-18 23:55:48 35,674 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018155329_dacheng111019zanting.swf.vir
2011-10-18 23:55:40 . 2011-10-18 23:55:43 36,010 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018173716_tianlongbabu111019zanting.swf.vir
2011-10-18 23:55:38 . 2011-10-18 23:55:43 120,079 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018172733_tianlongbabu111019zhu15s.swf.vir
2011-10-18 15:30:17 . 2011-10-18 15:30:36 78,928 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018224225_wolongyin111018zhu15s.swf.vir
2011-10-18 03:03:51 . 2011-10-18 03:05:16 3,737,388 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111018105843_shuangxingxian111018zhu15snew.swf.vir
2011-10-17 16:20:14 . 2011-10-17 16:20:36 88,944 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017175318_tengxundnf111018zhu15s.swf.vir
2011-10-17 16:20:05 . 2011-10-17 16:20:16 40,263 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017183708_alibaba111017zanting.swf.vir
2011-10-17 16:19:54 . 2011-10-17 16:20:06 57,800 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017163732_tianlongbabu111018zhu15s.swf.vir
2011-10-17 16:19:45 . 2011-10-17 16:19:56 28,815 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017164244_tianlongbabu111018zanting.swf.vir
2011-10-17 16:16:12 . 2011-10-17 16:19:46 3,748,834 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017183033_shuangxingxian111018zhu15s.swf.vir
2011-10-17 06:27:39 . 2011-10-17 06:27:46 31,390 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111017141829_aomenjiudian111017zhu15s.swf.vir
2011-10-16 23:53:41 . 2011-10-16 23:54:01 899,915 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014144943_meizhiyuan111017diantizhu15s.wmv.vir
2011-10-16 23:53:33 . 2011-10-16 23:53:46 168,380 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111015152451_aishiti111017zanting.jpg.vir
2011-10-16 23:53:31 . 2011-10-16 23:53:36 57,410 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111015152554_aishiti111017chabo.jpg.vir
2011-10-16 23:53:29 . 2011-10-16 23:53:36 64,929 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013162134_jianengjinpaidian111017zhu15s.swf.vir
2011-10-16 23:53:27 . 2011-10-16 23:53:31 33,917 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013162254_jianengjinpaidian111017zanting.swf.vir
2011-10-16 23:50:29 . 2011-10-16 23:50:29 13,020 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\8A25.exe.vir
2011-10-16 14:10:37 . 2011-10-16 14:10:37 13,020 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\CF04.exe.vir
2011-10-16 12:56:30 . 2011-10-16 12:56:33 30,453 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014225036_qiretingfengyun111014zanting.jpg.vir
2011-10-16 12:56:26 . 2011-10-16 12:56:33 31,339 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014181025_aomenjiudian111014zhu15s.swf.vir
2011-10-16 12:56:22 . 2011-10-16 12:56:28 28,215 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111015141924_wolongyin111016chabo.swf.vir
2011-10-16 12:56:14 . 2011-10-16 12:56:23 103,035 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111015142335_wolongyin111016zhu15s.swf.vir
2011-10-16 12:56:09 . 2011-10-16 12:56:18 42,704 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014225512_qietingfengyun111014zhu15s.swf.vir
2011-10-16 12:56:05 . 2011-10-16 12:56:13 33,035 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014183539_wendao111015zanting.swf.vir
2011-10-16 12:55:57 . 2011-10-16 12:56:08 125,634 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014160449_xingji2111015zhu15s.swf.vir
2011-10-16 12:55:53 . 2011-10-16 12:55:58 35,471 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014184226_dianhun111015zanting.swf.vir
2011-10-16 12:55:50 . 2011-10-16 12:55:53 25,238 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014181319_taobao111015zanting.swf.vir
2011-10-16 12:55:47 . 2011-10-16 12:55:53 29,873 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111015142506_wolongyin111016zanting.swf.vir
2011-10-16 12:55:43 . 2011-10-16 12:55:48 57,810 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013163327_tengxundnf111016zhu15s.swf.vir
2011-10-16 12:55:40 . 2011-10-16 12:55:43 25,266 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014181432_taobao111015houtie.swf.vir
2011-10-16 12:55:36 . 2011-10-16 12:55:43 34,437 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014163333_xingji2111015zanting.swf.vir
2011-10-16 12:55:34 . 2011-10-16 12:55:38 6,829 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014163635_xingji2111015jiaobiao.swf.vir
2011-10-16 12:55:10 . 2011-10-16 12:55:38 462,281 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014121609_qiannvyouhun111015zhu15s.swf.vir
2011-10-16 12:55:07 . 2011-10-16 12:55:13 23,224 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014181249_taobao111015qipao.swf.vir
2011-10-16 12:55:03 . 2011-10-16 12:55:08 25,310 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111014181355_taobao111015chabo.swf.vir
2011-10-16 12:52:49 . 2011-10-16 12:52:49 13,020 ----a-w- C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\D652.exe.vir
2011-10-13 16:30:36 . 2011-10-13 16:30:38 9,861 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013151458_huashuoxuanguwang111014chabo.gif.vir
2011-10-13 16:30:31 . 2011-10-13 16:30:38 39,204 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013163536_tengxundnf111014zanting.swf.vir
2011-10-13 16:30:28 . 2011-10-13 16:30:33 35,559 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013171416_qiannvyouhun111014zanting.swf.vir
2011-10-13 16:30:24 . 2011-10-13 16:30:28 34,561 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013155736_zuixiaoyao111014zanting.swf.vir
2011-10-13 16:30:20 . 2011-10-13 16:30:28 40,586 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013143543_hongjifengniao111014zanting.swf.vir
2011-10-13 10:30:16 . 2011-10-13 10:30:28 152,196 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013165355_maibaobao111013zhu15s.swf.vir
2011-10-13 04:15:32 . 2011-10-13 04:15:40 30,754 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111013115819_youpingwang111013zanting.swf.vir
2011-10-13 02:15:38 . 2011-10-13 02:15:45 123,527 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012184836_shengshi3fu111013houtie.swf.vir
2011-10-13 02:15:36 . 2011-10-13 02:15:40 37,815 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012184744_shengshi3fu111013chabo.swf.vir
2011-10-13 02:15:33 . 2011-10-13 02:15:40 50,992 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012185037_shengshi3fu111013zanting.swf.vir
2011-10-12 16:30:08 . 2011-10-12 16:30:16 39,463 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012184103_shenguishijie111013zanting.swf.vir
2011-10-12 16:29:59 . 2011-10-12 16:30:11 39,386 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011221318_taobao111013houtie.swf.vir
2011-10-12 16:29:48 . 2011-10-12 16:30:01 99,206 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012183832_shenguishijie11012zhu15s.swf.vir
2011-10-12 16:29:45 . 2011-10-12 16:29:51 39,380 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011221356_taobao111013zanting.swf.vir
2011-10-12 16:29:42 . 2011-10-12 16:29:46 37,052 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011221226_taobao111013chabo.swf.vir
2011-10-12 16:29:20 . 2011-10-12 16:29:46 374,826 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012183240_meilianyingyu111012zhu15s.swf.vir
2011-10-12 16:29:13 . 2011-10-12 16:29:21 72,399 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012175346_wenjuan110801houtie15s.swf.vir
2011-10-12 14:29:11 . 2011-10-12 14:29:16 40,470 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111012213207_alibaba111012zanting.swf.vir
2011-10-11 16:51:35 . 2011-10-11 16:51:41 32,719 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011140547_fazhengxianfeng111012zanting.jpg.vir
2011-10-11 16:51:32 . 2011-10-11 16:51:36 15,228 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008143626_teliwu111012zhu15s.swf.vir
2011-10-11 16:51:29 . 2011-10-11 16:51:36 41,767 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011140430_lvzhengxianfeng111012zhu15s.swf.vir
2011-10-11 11:51:26 . 2011-10-11 11:51:31 58,297 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011160258_maibaobao111011cha15s.swf.vir
2011-10-11 11:51:22 . 2011-10-11 11:51:26 40,727 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011160146_maibaobao111011zanting.swf.vir
2011-10-11 03:59:06 . 2011-10-11 04:00:00 74,732 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111011101718_weipinhui111011zhu15s(0).swf.vir
2011-10-11 00:32:11 . 2011-10-11 00:32:16 43,733 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009150512_aishiti111011zanting.jpg.vir
2011-10-11 00:32:08 . 2011-10-11 00:32:11 40,764 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009150407_aishiti111011chabo.jpg.vir
2011-10-11 00:32:00 . 2011-10-11 00:32:11 212,799 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110617112420_alibaba110617zanting15s.swf.vir
2011-10-11 00:31:46 . 2011-10-11 00:32:01 384,724 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009150713_aishiti111011zhu30s.swf.vir
2011-10-11 00:31:44 . 2011-10-11 00:31:47 40,663 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009174159_taobao111011zanting.swf.vir
2011-10-11 00:31:35 . 2011-10-11 00:31:41 86,351 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009174246_taobao111011qipao.swf.vir
2011-10-11 00:31:33 . 2011-10-11 00:31:36 41,866 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009174046_taobao111011chabo.swf.vir
2011-10-11 00:31:26 . 2011-10-11 00:31:36 184,093 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009174124_taobao111011houtie.swf.vir
2011-10-10 10:37:54 . 2011-10-10 10:38:04 49,557 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111010181114_pptvmoren111010zhu15s.swf.vir
2011-10-10 08:38:18 . 2011-10-10 08:38:29 48,945 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009221015_shanhaichuangshi111010zanting.swf.vir
2011-10-10 08:38:15 . 2011-10-10 08:38:19 24,471 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009220648_shanhaichuangshi111010chabo.swf.vir
2011-10-10 08:37:50 . 2011-10-10 08:38:19 264,487 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111010134011_aoleyagao111010zhu15s.swf.vir
2011-10-10 08:37:46 . 2011-10-10 08:37:54 35,828 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111010153343_51bigou111010newzanting.swf.vir
2011-10-10 08:37:40 . 2011-10-10 08:37:49 86,882 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009220909_shanhaichuangshi111010zhu15s.swf.vir
2011-10-09 16:39:55 . 2011-10-09 16:40:09 183,850 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008173428_zhuxian111010zhu15s.swf.vir
2011-10-09 16:39:45 . 2011-10-09 16:39:59 36,636 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008173536_zhuxian111010zanting.swf.vir
2011-10-09 16:39:40 . 2011-10-09 16:39:49 35,901 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009182022_51bigou111010zanting.swf.vir
2011-10-09 16:39:37 . 2011-10-09 16:39:44 35,913 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009160553_xibohui111010zanting.swf.vir
2011-10-09 16:39:34 . 2011-10-09 16:39:39 27,937 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009160640_xibohui111010chabo.swf.vir
2011-10-09 15:39:38 . 2011-10-09 15:39:44 57,397 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111009225042_sucaicyouhuoban111009zhu15s.swf.vir
2011-10-08 16:36:22 . 2011-10-08 16:36:51 300,411 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008144900_taobao111009houtie.swf.vir
2011-10-08 16:36:18 . 2011-10-08 16:36:26 29,970 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008145118_taobao111009chabo.swf.vir
2011-10-08 16:36:14 . 2011-10-08 16:36:21 50,081 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929170521_tengxundnf111009zanting.swf.vir
2011-10-08 16:36:10 . 2011-10-08 16:36:16 40,644 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008145030_taobao111009zanting.swf.vir
2011-10-08 13:36:18 . 2011-10-08 13:36:41 151,218 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008174023_chuanqi111009zhu15s.swf.vir
2011-10-08 13:36:16 . 2011-10-08 13:36:21 26,181 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008175642_chuanqi111008cha15s.swf.vir
2011-10-08 10:36:17 . 2011-10-08 10:36:21 40,158 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008155349_maibaobao111008zanting.swf.vir
2011-10-08 10:36:12 . 2011-10-08 10:36:21 74,050 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008155239_maibaobao111008zhu15s.swf.vir
2011-10-08 10:36:08 . 2011-10-08 10:36:16 60,653 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008155521_maibaobao111008cha15s.swf.vir
2011-10-08 05:36:10 . 2011-10-08 05:36:16 45,232 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111008132532_neibuguanggaomoren111008.swf.vir
2011-10-08 02:36:15 . 2011-10-08 02:36:21 43,169 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930140235_1haodian111008cha15s.swf.vir
2011-10-08 02:36:12 . 2011-10-08 02:36:16 40,877 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930140830_1haodian111008zanting.swf.vir
2011-10-08 02:36:06 . 2011-10-08 02:36:16 105,122 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930140619_1haodian111008zhu15s.swf.vir
2011-10-07 16:36:18 . 2011-10-07 16:36:26 51,640 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111002185144_youbaoguang111008zanting15s.swf.vir
2011-10-07 16:36:10 . 2011-10-07 16:36:21 69,176 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111002185333_wubaoguang111008zanting15s.swf.vir
2011-10-07 05:03:21 . 2011-10-07 05:03:26 28,718 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111005210435_huoyingshijie111007chabo.swf.vir
2011-10-07 05:03:18 . 2011-10-07 05:03:21 34,483 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111005210638_huoyingshijie111007zanting.swf.vir
2011-10-07 05:03:12 . 2011-10-07 05:03:21 64,373 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111005210549_huoyingshijie111007zhu15s.swf.vir
2011-10-06 16:52:26 . 2011-10-06 16:52:31 35,910 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929103414_zuixiaoyao111007zanting.swf.vir
2011-10-06 16:52:23 . 2011-10-06 16:52:31 36,469 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929111705_yingxionglianmeng111007zanting.swf.vir
2011-10-05 16:26:12 . 2011-10-05 16:26:31 37,550 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929111421_yingxionglianmeng110906zanting.swf.vir
2011-10-05 16:25:54 . 2011-10-05 16:26:16 50,135 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929170234_tengxundnf111006zhu15s.swf.vir
2011-10-04 16:05:06 . 2011-10-04 16:05:14 55,428 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927182112_xunxian111005zanting.swf.vir
2011-10-04 04:50:33 . 2011-10-04 04:50:39 28,876 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111001083424_shenxiandao8f111004zanting.swf.vir
2011-10-04 04:50:29 . 2011-10-04 04:50:34 31,293 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111001083240_shenxiandao8f111004chabo.swf.vir
2011-10-04 04:50:24 . 2011-10-04 04:50:34 81,187 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111001084233_shenxiandao8f111004zhu15s.swf.vir
2011-10-04 01:06:14 . 2011-10-04 01:06:17 52,408 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111003091620_haier111003zhu15s.swf.vir
2011-10-03 16:38:20 . 2011-10-03 16:38:37 85,502 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929112311_yingxionglianmeng111004zhu15s.swf.vir
2011-10-03 00:56:48 . 2011-10-03 00:57:32 992,363 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928181438_qiannvyouhun111003zhu15s.swf.vir
2011-10-02 13:01:22 . 2011-10-02 13:01:36 94,902 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930151327_vasmoren110930zanting.jpg.vir
2011-10-02 13:01:14 . 2011-10-02 13:01:26 42,117 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930230148_zhuainannvshen111001zanting.jpg.vir
2011-10-02 13:00:59 . 2011-10-02 13:01:16 223,627 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929141026_aitishi111001azanting.jpg.vir
2011-10-02 13:00:53 . 2011-10-02 13:01:01 45,179 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930121728_neibuguanggaomoren110930zhu15s.jpg.vir
2011-10-02 13:00:45 . 2011-10-02 13:00:56 38,685 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930215939_jintiannichuanyue111001zanting.jpg.vir
2011-10-02 13:00:39 . 2011-10-02 13:00:46 45,171 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929141429_aishiti111001achabo.jpg.vir
2011-10-02 13:00:34 . 2011-10-02 13:00:41 10,368 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930143739_taobao111001zanting.swf.vir
2011-10-02 13:00:08 . 2011-10-02 13:00:36 496,403 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929140819_saishiti111001azhu15s.swf.vir
2011-10-02 13:00:04 . 2011-10-02 13:00:11 10,286 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930145107_taobao111001chabo.swf.vir
2011-10-02 12:59:53 . 2011-10-02 13:00:06 51,139 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930215822_jintiannichuanyue111001zhu15s.swf.vir
2011-10-02 12:59:44 . 2011-10-02 12:59:56 26,346 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929173139_17vee110929zhu15s.swf.vir
2011-10-02 12:59:31 . 2011-10-02 12:59:46 130,766 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927161042_taohuayuanji111002zhu15s.swf.vir
2011-10-02 12:59:25 . 2011-10-02 12:59:31 43,140 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928181624_qiannvyouhun111001zanting.swf.vir
2011-10-02 12:59:20 . 2011-10-02 12:59:26 39,454 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930164224_shengshishaguo111001chabo.swf.vir
2011-10-02 12:59:14 . 2011-10-02 12:59:21 34,349 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928175337_moyu111001zanting.swf.vir
2011-10-02 12:59:04 . 2011-10-02 12:59:16 150,471 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930135908_chuanqi111001zhu15s.swf.vir
2011-10-02 12:59:00 . 2011-10-02 12:59:06 10,289 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930144008_taobao111001qipao.swf.vir
2011-10-02 12:58:54 . 2011-10-02 12:59:01 51,098 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930164531_shengshisanguo2fu111001zanting.swf.vir
2011-10-02 12:58:50 . 2011-10-02 12:58:56 25,455 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930140207_guangqichuanqi111001cha15s.swf.vir
2011-10-02 12:58:46 . 2011-10-02 12:58:51 10,927 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930143903_taobao111001houtie.swf.vir
2011-10-02 12:58:40 . 2011-10-02 12:58:51 36,822 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928155510_shijitiancheng111001zanting.swf.vir
2011-10-02 12:58:04 . 2011-10-02 12:58:41 698,507 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930164357_shengshishanguo2fu111001zhu15s.swf.vir
2011-10-02 12:58:00 . 2011-10-02 12:58:06 45,244 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20111001020448_moren111001zhu15s.swf.vir
2011-09-30 03:03:17 . 2011-09-30 03:03:22 47,807 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110930105007_qqfeiche111003zanting.swf.vir
2011-09-30 02:03:19 . 2011-09-30 02:03:22 44,700 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929115628_lieguo110930zanting.swf.vir
2011-09-30 02:03:17 . 2011-09-30 02:03:22 44,616 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929115505_lieguo110930zhu15s.swf.vir
2011-09-30 01:03:26 . 2011-09-30 01:03:32 64,773 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927181748_xunxian110930zhu15s.swf.vir
2011-09-30 01:03:24 . 2011-09-30 01:03:27 35,897 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927151425_zhengtumianfie110930zanting.swf.vir
2011-09-30 01:03:22 . 2011-09-30 01:03:27 38,564 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927173940_qiannvyouhun110930zanting.swf.vir
2011-09-29 07:56:53 . 2011-09-29 07:57:07 306,013 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929152449_xiandaifs110929zhu15s.swf.vir
2011-09-29 07:56:43 . 2011-09-29 07:56:57 135,022 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110929152611_xiandaifs110929zanting.swf.vir
2011-09-29 00:52:31 . 2011-09-29 00:52:35 35,909 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927151210_zhengtumianfei110929zanting.swf.vir
2011-09-29 00:52:28 . 2011-09-29 00:52:35 64,523 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928164546_yongbing110930zhu15s.swf.vir
2011-09-29 00:52:26 . 2011-09-29 00:52:30 82,793 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928122430_37wan110929zhu15s.swf.vir
2011-09-29 00:52:23 . 2011-09-29 00:52:30 36,208 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926171725_quanqiushiming110927zanting.swf.vir
2011-09-28 11:07:22 . 2011-09-28 11:07:28 14,573 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928182536_kuainvwenjuan110928jiaobiao.swf.vir
2011-09-28 09:07:29 . 2011-09-28 09:07:38 85,886 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928135536_oulaiya110928zhu15s.swf.vir
2011-09-28 09:07:26 . 2011-09-28 09:07:33 64,359 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110928135708_oulaiya110928zanting.swf.vir
2011-09-28 02:23:44 . 2011-09-28 02:23:57 262,101 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927161150_guangzhoujinye110928zhu15s.swf.vir
2011-09-28 02:23:41 . 2011-09-28 02:23:47 31,001 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927170254_yitiantulong110928zhu15s.swf.vir
2011-09-28 02:23:32 . 2011-09-28 02:23:42 166,014 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927174121_qiba110928zhu15s.swf.vir
2011-09-28 02:23:30 . 2011-09-28 02:23:37 34,110 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927170507_yitiantulong110928zanting.swf.vir
2011-09-28 01:23:47 . 2011-09-28 01:23:52 36,214 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110922171335_moyu110925zanting.swf.vir
2011-09-28 01:23:45 . 2011-09-28 01:23:52 31,522 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927135744_shenguishijie110928zanting.swf.vir
2011-09-28 01:23:42 . 2011-09-28 01:23:47 25,814 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923183434_yingxionglianmeng110928zanting.swf.vir
2011-09-28 01:23:40 . 2011-09-28 01:23:47 52,728 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927100706_bianfeng110928zhu15s.swf.vir
2011-09-28 01:23:33 . 2011-09-28 01:23:42 156,057 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927135607_shenguishijie110928zhu15s.swf.vir
2011-09-27 04:24:28 . 2011-09-27 04:24:35 42,761 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927121627_kuainvwenjuan110927zanting.jpg.vir
2011-09-27 03:25:17 . 2011-09-27 03:25:20 43,324 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927104204_nvwujijie110927zhu15s.swf.vir
2011-09-27 03:25:15 . 2011-09-27 03:25:20 68,062 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927102553_chuanqi110927zhu15s.swf.vir
2011-09-27 03:24:43 . 2011-09-27 03:25:20 722,872 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927104005_1haodian110927zhu15s.swf.vir
2011-09-27 03:24:40 . 2011-09-27 03:24:45 37,842 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927103020_guangqichuanqi110927zanting15s.swf.vir
2011-09-27 03:24:37 . 2011-09-27 03:24:45 40,803 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927104247_1haodian110927zanting.swf.vir
2011-09-27 03:24:32 . 2011-09-27 03:24:40 70,960 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927103633_1haodian110927cha15s.swf.vir
2011-09-27 03:24:30 . 2011-09-27 03:24:35 28,441 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927103243_guangqichuanqi110927cha15s.swf.vir
2011-09-27 02:24:53 . 2011-09-27 02:25:00 29,628 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926215940_shanhaichuangshilu110927zanting.swf.vir
2011-09-27 02:24:49 . 2011-09-27 02:24:55 52,716 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110927100546_bianfeng110927zanting.swf.vir
2011-09-27 02:24:30 . 2011-09-27 02:24:50 316,360 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926215755_shanhaichuangshilu110927zhu15s.swf.vir
2011-09-27 02:24:27 . 2011-09-27 02:24:35 62,185 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926215518_shanhaichuangshilu110927chabo.swf.vir
2011-09-27 00:38:28 . 2011-09-27 00:38:34 41,069 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926144233_dongnanqiche110926zanting15s.swf.vir
2011-09-27 00:38:26 . 2011-09-27 00:38:29 27,874 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926182601_panpan110926jiaobiao2.swf.vir
2011-09-27 00:38:23 . 2011-09-27 00:38:29 34,353 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926144352_dongnanqiche110926cha15s.swf.vir
2011-09-27 00:38:22 . 2011-09-27 00:38:24 16,239 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926182753_panpan110926jiaobiao3.swf.vir
2011-09-26 10:48:06 . 2011-09-26 10:48:11 46,828 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926180137_zhuibu110926zanting.jpg.vir
2011-09-26 10:48:02 . 2011-09-26 10:48:06 74,687 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926161839_maibaobao110926zhu15s.swf.vir
2011-09-26 10:47:58 . 2011-09-26 10:48:06 30,417 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926182405_panpan110926jiaobiao1.swf.vir
2011-09-26 10:47:51 . 2011-09-26 10:48:01 61,308 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926160946_maibaobao110926cha15s.swf.vir
2011-09-26 10:47:48 . 2011-09-26 10:47:56 40,831 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926161126_maibaobao110926zanting.swf.vir
2011-09-26 10:47:44 . 2011-09-26 10:47:51 61,346 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926175852_zhuibu110926zhu15s.swf.vir
2011-09-26 08:47:52 . 2011-09-26 08:47:56 43,482 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926161635_pinganchuangye110926zating15s.swf.vir
2011-09-26 08:47:48 . 2011-09-26 08:47:56 43,178 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926161800_pinganchuangye110926cha15s.swf.vir
2011-09-26 05:35:16 . 2011-09-26 05:35:24 97,825 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110922205525_huoyingshijie110923zhu15s.swf.vir
2011-09-26 05:35:13 . 2011-09-26 05:35:19 58,567 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110922205606_huoyingshijie110923qipao.swf.vir
2011-09-26 05:35:08 . 2011-09-26 05:35:14 74,047 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923162308_maibaobao110923zhu15s.swf.vir
2011-09-26 05:34:46 . 2011-09-26 05:35:09 299,870 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926104845_xiandaifs110926zhu15s.swf.vir
2011-09-26 05:34:42 . 2011-09-26 05:34:49 39,430 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110926105142_xiandaifs110926zanting.swf.vir
2011-09-26 05:34:38 . 2011-09-26 05:34:44 22,807 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923163718_pingan110923zanting15s.swf.vir
2011-09-26 05:34:35 . 2011-09-26 05:34:39 35,388 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110922193854_huoyingshijie110923zanting.swf.vir
2011-09-26 05:34:30 . 2011-09-26 05:34:39 40,303 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923180817_taobao110926zanting.swf.vir
2011-09-26 05:34:27 . 2011-09-26 05:34:34 33,466 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923183227_yingxionglianmeng110926zhu15s.swf.vir
2011-09-26 05:34:20 . 2011-09-26 05:34:29 107,632 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923153957_jingdong110923zhu15s.swf.vir
2011-09-26 05:34:16 . 2011-09-26 05:34:24 28,554 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110922205740_huoyingshijie110923chabo.swf.vir
2011-09-26 05:34:09 . 2011-09-26 05:34:19 97,364 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923180519_taoabo110926houtie.swf.vir
2011-09-26 05:34:06 . 2011-09-26 05:34:09 24,377 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110923163258_pingan110923zhu15s.swf.vir
2011-09-10 04:13:18 . 2011-10-27 07:23:30 220 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\~.inf.vir
2011-08-22 01:13:56 . 2011-08-22 01:15:07 34,204 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819153240_jianerma110822zanting15s.swf.tpp.vir
2011-08-22 01:12:55 . 2011-08-22 01:14:06 34,419 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110820105756_taobao110822qipao.swf.tpp.vir
2011-08-22 01:11:54 . 2011-08-22 01:13:05 34,448 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110820110008_taobao110822cha15s.swf.tpp.vir
2011-08-22 01:10:53 . 2011-08-22 01:12:04 101,507 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819161639_jianeng110822zhu15s.swf.tpp.vir
2011-08-22 01:09:52 . 2011-08-22 01:11:03 34,416 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110820105015_taobao110822zanting.swf.tpp.vir
2011-08-22 01:08:51 . 2011-08-22 01:10:02 39,198 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819161910_jianeng110822zanting15s.swf.tpp.vir
2011-08-21 11:01:05 . 2011-08-21 11:01:05 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat
2011-08-21 11:00:59 . 2011-08-21 11:00:59 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2011-08-21 11:00:48 . 2011-11-09 15:18:51 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2011-08-21 11:00:48 . 2011-08-21 11:00:48 983 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}.reg.dat
2011-08-21 11:00:48 . 2011-08-21 11:00:48 969 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}.reg.dat
2011-08-21 10:52:00 . 2011-11-09 15:12:24 19,636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-21 10:43:57 . 2011-11-09 14:57:14 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-08-21 01:45:15 . 2011-08-21 01:45:22 32,123 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf.vir
2011-08-19 16:23:29 . 2011-08-19 16:23:39 49,832 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf.vir
2011-08-19 16:23:17 . 2011-08-19 16:23:34 121,753 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf.vir
2011-08-19 16:23:13 . 2011-08-19 16:23:19 32,132 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf.vir
2011-08-19 16:22:54 . 2011-08-19 16:23:14 299,053 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf.vir
2011-08-19 16:22:45 . 2011-08-19 16:22:59 98,538 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf.vir
2011-08-19 14:22:47 . 2011-08-19 14:23:46 2,231,656 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\peer.dll.vir
2011-08-19 11:28:03 . 2011-08-19 11:28:08 29,188 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf.vir
2011-08-19 11:28:03 . 2011-08-19 11:28:07 27,785 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf.vir
2011-08-19 11:27:47 . 2011-08-19 11:27:53 43,512 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf.vir
2011-08-19 11:01:00 . 2011-08-19 11:01:20 28,827 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf.vir
2011-08-19 10:01:00 . 2011-08-19 10:01:15 175,577 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf.vir
2011-08-19 08:01:18 . 2011-08-19 08:01:45 986,984 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\oplayer.ocx.vir
2011-08-19 01:36:12 . 2011-08-19 01:36:18 53,103 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf.vir
2011-08-19 01:36:09 . 2011-08-19 01:36:13 36,866 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf.vir
2011-08-19 01:36:06 . 2011-08-19 01:36:13 33,926 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf.vir
2011-08-19 00:36:25 . 2011-08-19 00:36:43 304,056 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf.vir
2011-08-19 00:36:20 . 2011-08-19 00:36:28 40,300 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf.vir
2011-08-19 00:36:17 . 2011-08-19 00:36:23 42,954 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf.vir
2011-08-19 00:36:10 . 2011-08-19 00:36:18 112,049 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf.vir
2011-08-19 00:36:07 . 2011-08-19 00:36:13 32,118 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf.vir
2011-08-19 00:36:03 . 2011-08-19 00:36:08 22,860 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf.vir
2011-08-18 10:12:46 . 2011-08-18 10:12:56 49,696 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf.vir
2011-08-18 10:12:39 . 2011-08-18 10:12:46 50,528 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf.vir
2011-08-18 10:12:34 . 2011-08-18 10:12:41 36,225 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf.vir
2011-08-18 10:12:23 . 2011-08-18 10:12:36 175,589 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf.vir
2011-08-18 01:52:43 . 2011-08-18 01:52:48 30,695 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf.vir
2011-08-18 01:52:38 . 2011-08-18 01:52:43 52,746 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf.vir
2011-08-18 01:52:35 . 2011-08-18 01:52:38 29,640 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf.vir
2011-08-18 01:52:29 . 2011-08-18 01:52:38 62,155 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf.vir
2011-08-18 01:52:26 . 2011-08-18 01:52:33 37,177 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110816163807_taobao110818zanting.swf.vir
2011-08-18 01:52:19 . 2011-08-18 01:52:28 98,409 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110816164011_taobao110818qipao.swf.vir
2011-08-18 01:52:15 . 2011-08-18 01:52:23 32,127 ----a-w- C:\Qoobox\Quarantine\C\FavoriteVideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf.vir
2011-08-17 10:34:39 . 2011-08-17 10:34:49

#23 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 10 November 2011 - 12:33 AM

Good that C:\Qoobox is there. It has Registry backup.
Seems ComboFix didn't like the Invisible Folder.

Extras.txt is only created on the first run, by default, but we can make a new one later.

Meanwhile: OTL will overwrite the OTL.txt so usually no need to delete it, but please go ahead and delete it.
Apparently OTL didn't do the 'Run Fix'. Did you accidentally do 'Run Scan'?.
Try it again, as above. Copy the quote box stuff into its window, then do 'Run Fix'.
If it asks you to reboot, do that right away.

And I would install IE 9 even if you never use it. IE is tied in very closely with WIndows and IE 8 could be a vulnerability.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#24 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 10 November 2011 - 01:46 AM

Hello.

With I9 installed, I run OTL (and delete the OTL.txt already).
One txt pop out (is this the previous one?)
So here is it: (with file name 11102011_125641)

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:3571475C deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ scheduled to be deleted on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E!
========== FILES ==========
C:\Users\User\AppData\Roaming\hHLkyDEdH7J1 moved successfully.
C:\Users\User\AppData\Roaming\fLdfltehhjgg moved successfully.
C:\Users\User\AppData\Roaming\E6H1dg6eedLF moved successfully.
C:\Users\User\AppData\Roaming\j7Aj8Lg66f66 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 53632 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 3127088 bytes
->Temporary Internet Files folder emptied: 10097683 bytes
->Java cache emptied: 51421 bytes
->FireFox cache emptied: 32978323 bytes
->Google Chrome cache emptied: 46519991 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2467 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 48528834 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6559011 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 351528 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 53632 bytes

User: Default User
->Flash cache emptied: 53632 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 11102011_125641

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






















After I reboot, (OTL helped me to reboot this time).
Here is another txt opened after reboot:

File name: 11102011_143407







All processes killed
========== OTL ==========
Unable to delete ADS C:\ProgramData\Temp:0B4227B4 .
Unable to delete ADS C:\ProgramData\Temp:3571475C .
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== FILES ==========
File\Folder C:\Users\User\AppData\Roaming\hHLkyDEdH7J1 not found.
File\Folder C:\Users\User\AppData\Roaming\fLdfltehhjgg not found.
File\Folder C:\Users\User\AppData\Roaming\E6H1dg6eedLF not found.
File\Folder C:\Users\User\AppData\Roaming\j7Aj8Lg66f66 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 53632 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 2635699 bytes
->Temporary Internet Files folder emptied: 39962392 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8022971 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2014 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 48528834 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6570299 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 352099 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 8738728 bytes

Total Files Cleaned = 110.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11102011_143407

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#25 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 10 November 2011 - 01:54 AM

Hidden folder?
Hey, previously I got a virus. Every pendrive I plugged into my pc will have shortcut virus. (I clicked the shortcut folder at the first time)
But learn thru online, it was sth like run cmd and key in this: attrib -h -r -s /s /d g:\*.*

while g is the pendrive name.
Hmm, I dont have shortcut virus already.


And what's wrong with my Documents?
When I click Documents, there is a lot of weird things not save by me. Is it a temporary stuff or something else?

Here is the snapshot of my Documents.
http://img38.imagesh...01nov101448.jpg

#26 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 10 November 2011 - 01:59 AM

OK, that looks very good. Please let me know if it had any effect on the extra web traffic you've been seeing.

Bring up OTL again.
Under Extra Registry, select 'All'. Under File Age select '1 Day'. Then 'Run Scan'.
Post the OTL.TXT and the Extras.txt


It's late. I'll have more for you tomorrow..

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#27 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 10 November 2011 - 03:11 AM

Hello.

Here is the OTL.txt


OTL logfile created on: 10/11/2011 3:24:22 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\User\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 a| Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

5.98 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 72.19% Memory free
11.97 Gb Paging File | 9.99 Gb Available in Paging File | 83.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 89.99 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive D: | 221.62 Gb Total Space | 79.64 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive F: | 498.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.76 Gb Total Space | 2.45 Gb Free Space | 65.19% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

========== Processes (SafeList) ==========

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\P1\P1 4G\GPCommonService.exe (Green Packet Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
PRC - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
PRC - D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (GPCommonService(64)) -- C:\Program Files\P1\P1 4G\GPCommonServicex64.exe (Green Packet Inc.)
SRV:64bit: - (GPCommonService) -- C:\Program Files\P1\P1 4G\GPCommonService.exe (Green Packet Inc.)
SRV:64bit: - (mi-raysat_3dsmax2011_64) -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (mi-raysat_3dsmax2010_64) -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe ()
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (XLDoctor Service) -- C:\Program Files (x86)\Thunder Network\Thunder\Program\DctSer.dll (ShenZhen Xunlei Networking Technologies,LTD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (mi-raysat_3dsmax2011_32) -- C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe ()
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (Autodesk Network Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.)
SRV - (lxcz_device) -- C:\Windows\SysWow64\lxczcoms.exe ( )
SRV - (SmcService) -- C:\Program Files (x86)\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MT7118VU) -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys (MediaTek Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nm3) -- C:\Windows\SysNative\drivers\nm3.sys (Microsoft Corporation)
DRV:64bit: - (MTKWMPROT) -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys (MediaTek Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (wg6n) -- C:\Windows\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\Windows\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\Windows\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\Windows\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\Windows\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\Windows\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.155.com/?id=104295

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.6
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.2.0
FF - prefs.js..keyword.URL: "http://malaysia.sear...type=937811&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@duomi.com/Duomi: C:\Program Files (x86)\DuoMi\npduomi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/04/25 19:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/04 18:49:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 14:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/15 00:08:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/09 10:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions
[2011/04/10 08:57:41 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2011/03/16 21:48:28 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\searchplugins\mywebsearch.xml
[2011/08/30 18:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/28 22:03:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/08/24 20:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/08/30 18:24:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/08/30 18:24:33 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011/07/04 18:49:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/24 20:13:07 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/09 19:05:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/08 14:51:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: xl_chrome_plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_0\xl_chrome.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Gun Bros = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh\2.0.0_0\
CHR - Extension: Monster Dash = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_0\
CHR - Extension: Plants vs Zombies = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: chrometheme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nicedinboajebiggohjlngiflbdkaace\1_0\
CHR - Extension: BitDefender QuickScan = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\

O1 HOSTS File: ([2011/10/28 15:36:28 | 000,000,057 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Ѹ֧) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AutoRunExterminator] C:\Users\User\Desktop\AutoRunExterminator.exe (Inside Core)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [QvodTerminal] C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [SmcService] C:\Program Files (x86)\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: ?????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: ?????????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: ?????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: ?????????? - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 122.255.99.228 122.255.99.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42946A87-75D4-4AE4-9AA6-F9AFFCD4CAB7}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A4BDCDC-EB45-46B2-BF26-DA9B7839192C}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F6F06AC-E632-4AEA-80EE-AF5984AA526E}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A01C6897-78A1-45DE-A470-0ED3AE55F416}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B53D3012-F6DD-46B6-ACC6-A9082CC7A25C}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA3E54CF-1AF0-4EFE-9343-3AE2CE70890B}: DhcpNameServer = 122.255.99.236 122.255.99.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B8EC78-2C37-4D17-AEB4-7F826361C0A4}: DhcpNameServer = 122.255.99.228 122.255.99.236
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/26 19:30:23 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2004/10/04 07:27:26 | 000,143,360 | R--- | M] () - F:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2004/06/05 19:51:02 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 1 Day ==========

[2011/11/10 14:26:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/11/10 14:26:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/10 14:26:14 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/11/10 14:26:14 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/10 14:26:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/11/10 14:26:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/11/10 14:26:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/10 14:26:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/11/10 14:26:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/11/10 14:26:13 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/11/10 14:26:13 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/11/10 14:26:12 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/10 14:26:12 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/11/10 14:26:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/11/10 14:26:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/11/10 14:26:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/10 14:26:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/11/10 14:26:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/11/10 14:26:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/11/10 14:26:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/11/10 14:26:10 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/11/10 14:26:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/11/10 14:26:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/11/10 14:26:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/11/10 14:26:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/11/10 14:26:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/10 14:26:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/11/10 14:26:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/11/10 14:26:08 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/11/10 14:26:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/11/10 14:26:07 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/10 14:26:07 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/10 14:26:07 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/11/10 14:26:07 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/11/10 14:26:07 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/11/10 14:26:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/11/10 14:26:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/11/10 14:26:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/11/10 14:26:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/11/10 14:26:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/11/10 14:26:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/11/10 14:26:07 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/10 14:26:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/11/10 14:26:07 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/11/10 14:26:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/11/10 14:26:07 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/11/10 14:26:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/11/10 14:26:07 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/11/10 14:26:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/11/10 14:26:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/11/10 14:26:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/11/10 14:26:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/11/10 14:26:06 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/11/10 14:26:06 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/10 14:26:06 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/11/10 14:26:06 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/11/10 14:26:06 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/11/10 14:26:06 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/11/10 14:26:06 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/11/10 14:26:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/10 14:26:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/10 14:26:06 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/11/10 14:26:06 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/11/10 14:26:06 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/11/10 14:26:06 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/11/10 14:26:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/10 14:26:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/11/10 14:26:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/11/10 14:26:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/11/10 14:26:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/11/10 14:26:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/11/10 14:26:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/11/10 12:56:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/10 08:12:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011/11/10 08:12:30 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2011/11/10 04:36:39 | 000,000,000 | ---D | C] -- C:\Something5072S
[2011/11/10 04:35:09 | 004,287,205 | R--- | C] (Swearware) -- C:\Users\User\Desktop\Something.exe
[2011/11/10 04:30:24 | 000,000,000 | ---D | C] -- C:\Something2238S
[2011/11/10 04:28:08 | 000,000,000 | ---D | C] -- C:\Something
[2011/11/10 04:16:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/10 04:15:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/10 04:12:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/09 22:52:34 | 000,000,000 | ---D | C] -- C:\Howareyou
[2011/11/09 22:44:46 | 000,000,000 | ---D | C] -- C:\Combofix2
[2011/11/09 19:08:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DDFF378D-1ED7-4A1B-8A16-5C25558643DF}
[2011/11/09 19:08:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{72472307-6C85-4FA2-A53C-97FB1BDCA7E0}
[2011/02/26 16:28:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2011/02/26 16:28:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2011/02/26 16:28:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2011/02/26 16:28:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2011/02/26 16:28:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2011/02/26 16:28:50 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2011/02/26 16:28:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2011/02/26 16:28:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2011/02/26 16:28:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2011/02/26 16:28:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2011/02/26 16:28:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2011/02/26 16:28:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2011/02/26 16:28:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2011/02/26 16:28:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2011/02/26 16:28:48 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe

========== Files - Modified Within 1 Day ==========

[2011/11/10 15:27:01 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011/11/10 14:48:49 | 000,407,881 | ---- | M] () -- C:\Users\User\Desktop\ScreenHunter_01 Nov. 10 14.48.jpg
[2011/11/10 14:46:05 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 14:46:05 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 14:37:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 14:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 14:37:05 | 523,833,343 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 14:30:49 | 000,001,441 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/10 14:30:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 14:26:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/11/10 14:26:14 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/10 14:26:14 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/11/10 14:26:14 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/11/10 14:26:14 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/11/10 14:26:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/11/10 14:26:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/10 14:26:13 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/11/10 14:26:13 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/11/10 14:26:13 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/11/10 14:26:13 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/11/10 14:26:12 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/11/10 14:26:12 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/11/10 14:26:11 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/11/10 14:26:11 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/11/10 14:26:11 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/10 14:26:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/11/10 14:26:11 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/11/10 14:26:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/10 14:26:11 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/11/10 14:26:10 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/11/10 14:26:10 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/11/10 14:26:10 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/11/10 14:26:10 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/11/10 14:26:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/11/10 14:26:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/11/10 14:26:09 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/10 14:26:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/11/10 14:26:08 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/11/10 14:26:08 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/11/10 14:26:08 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/11/10 14:26:07 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/10 14:26:07 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/10 14:26:07 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/11/10 14:26:07 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/11/10 14:26:07 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/11/10 14:26:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/11/10 14:26:07 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/11/10 14:26:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/11/10 14:26:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/11/10 14:26:07 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/11/10 14:26:07 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/11/10 14:26:07 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/11/10 14:26:07 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/11/10 14:26:07 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/11/10 14:26:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/11/10 14:26:07 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/11/10 14:26:07 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/11/10 14:26:07 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/11/10 14:26:07 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/11/10 14:26:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/11/10 14:26:07 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/11/10 14:26:07 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/11/10 14:26:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/11/10 14:26:06 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/11/10 14:26:06 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/11/10 14:26:06 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/11/10 14:26:06 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/11/10 14:26:06 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/11/10 14:26:06 | 000,448,512 | ---- | M] (Microsoft Co

#28 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 10 November 2011 - 01:19 PM

Your original problem was

Previously my bytes sent/received are very active and running fast though im in idle. (I din load any webpage or download things or software updates)
After that my bytes received is more than bytes sent, and the bytes thingy still running fast when im in idle.


This is natural

I watched 3-4 few minutes youtube and download 1 song, it takes me 81mb. I think the problem still exists..


Are you still seeing massive download activity when you are in idle?

Note that bytes received will almost always be more than bytes sent. Your browser sends a few short requests to the web site and in return receives a whole page including any graphics that are on the page.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#29 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 10 November 2011 - 05:47 PM

Dear cnm,

Hmm, I noticed that no massive download activity when im in idle already.
Thank you so much!!!

#30 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 10 November 2011 - 05:54 PM

By the way, do you have an easier way to check whether any computer is having this problem too?
I wonder my friend's lappy got this problem or not. We share the internet quota....

#31 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 10 November 2011 - 06:46 PM

First of all, the thing to worry about is lots of mysterious outgoing traffic (lot of bytes sent), which could mean that you have a worm or have been made part of a botnet.

You have the idea of monitoring traffic and then looking for a fix if anything is strange. A far better approach is preventing it from happening.

My advice:

Update your Thunderbird.

Windows 7 has a first-rate firewall built in. Get rid of Sygate Personal Firewall and enable the Windows firewall.

Avira is fine, but the free version of Avast is much more powerful. It has 8 real-time shields and very frequent updates.

Watch what you click. Sometimes you think you are downloading something but there is a much larger download button to trick you into downloading something else. Watch what boxes you check when installing or updating a program.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Somehow we have to get the ComboFix uninstalled. I also want to remove sites from your Trusted Zone. Ideally you would have nothing in Trusted Zone. Sometimes you do need to put something like a bank there but not things like Facebook. After I think about this some more I will be posting more directions.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#32 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 12:20 AM

Thank you so much.
Now what's im doing now is:

1. Update my Thunderbird (Owh, though I don't use it).
2. Download and install Filehippo Update Checker
3. Uninstall Sygate Personal Firewall and enable windows firewall
4. Uninstall Avira Antivir and Install Avast (is that the FREE, first link? not PRO Avast?)



I've read the article, the firewall mentioned, should i install one of them?

Three good free ones are PCTools Online Armor and Outpost. The trial version of Sunbelt Kerio Personal Firewall will also work in "free mode" after the trial period expires. Private Firewall is compatible with 64bit systems.


There're more programmes suggested to be install in PC, should I follow it?
*Looks like it s pretty complicated to have all of them in my PC. LOL.


By the way, can I delete all the OTL TDSSKILLER etc on my desktop?
And I got CCLEANER installed in my PC, I clean it and fix registry. Does this software good for my PC?

One more thing to go, before i approached to this website, I read from internet and install COMODO INTERNET SECURITY. Can I remove it? It's irritating. LOL.




Thanks in advanced! :rolleyes:

#33 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 12:48 AM

Those firewalls were recommended by us for Windows XP which had a very inadequate firewall that did not stop outgoing traffic. Windows 7 has an excellent firewall and no other is needed.

What I recommend for you is the Windows Firewall and Avast (the free version is all you need), plus occasional scans with MBAM or an online scan such as ESET. There is no need to install anything else.

SpywareBlaster and the MVPS hosts file are not active programs and are a useful kind of passive protection.

CCleaner's File tool is good for tidying up temp files when they start taking up too much room. CCleaner's Registry tool is as good as any but we do NOT recommend using any Registry tool.

Yes, delete TDSSKiller from your Desktop and also any logs found in C:\.

I'll have more for you tomorrow. We'll be using OTL some more.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#34 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 03:01 PM

Please try this.
Start > Run, and enter 'something.exe /uninstall'. Let me know if that succeeds.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#35 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 07:22 PM

Windows cannot find 'something.exe'. Make sure you typed the name correctly and then try again.


It doesnt work...

#36 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 08:37 PM

Bring up OTL (don't run it just yet).

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
[2011/03/16 21:48:28 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\searchplugins\mywebsearch.xml
[2011/08/30 18:24:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/06/08 14:51:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/11/10 04:28:08 | 000,000,000 | ---D | C] -- C:\Something
[2011/11/10 04:16:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/10 04:15:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/09 22:52:34 | 000,000,000 | ---D | C] -- C:\Howareyou
[2011/11/09 22:44:46 | 000,000,000 | ---D | C] -- C:\Combofix2
2011/08/21 18:44:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/21 18:44:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/21 18:44:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/21 18:44:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:Files
:Commands
[EMPTYTEMP]
[EMPTYFLASH]

Close other windows.
Then click the red 'Run Fix' button (not the Run Scan).

Post the log OTL.TXT in your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#37 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 09:10 PM

All processes killed
========== OTL ==========
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\searchplugins\mywebsearch.xml moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Something\en-US folder moved successfully.
C:\Something\en-MY folder moved successfully.
C:\Something folder moved successfully.
C:\ComboFix\en-US folder moved successfully.
C:\ComboFix folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
C:\Howareyou\en-US folder moved successfully.
C:\Howareyou\en-MY folder moved successfully.
C:\Howareyou folder moved successfully.
C:\Combofix2\en-US folder moved successfully.
C:\Combofix2\en-MY folder moved successfully.
C:\Combofix2 folder moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 6730179 bytes
->Temporary Internet Files folder emptied: 3368476 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12626241 bytes
->Google Chrome cache emptied: 290654986 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3145 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21968 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 374075 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 390791 bytes

Total Files Cleaned = 300.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11122011_100136

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIQNW9UC\create-account[1].htm scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMC6O8S9\cot_bgf0[1].gif scheduled to be moved on reboot.

Registry entries deleted on Reboot...









By the way, can I remove Comodo Internet Security?

#38 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 09:20 PM

If you enable Windows Firewall.

Please download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also please delete the folder C:\Qoobox.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#39 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 09:31 PM

I enabled my firewall already.
When go to the line "Preparing", there is an AutoIt Error.

Line -1:
Error: Variable must be of type "Object".

But then Checkup.txt is called.

Results of screen317's Security Check version 0.99.26
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 7
Java™ SE Development Kit 7
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.1)
Mozilla Firefox (8.0.)
Mozilla Thunderbird (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


I tried to delete C:\Qoobox, but it says i need permission to perform this. Require permission from Administrators? (Folder access denied)

#40 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 09:36 PM

Are you logged in as Administrator? You need to be.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#41 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 09:50 PM

Uninstall your ESET.


After that:
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan (or allow special installer).
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#42 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 09:51 PM

:O
I only have one user in my pc, that's me!
I checked it from Control panel>User Accounts and Family Safety>User Accounts.
Under my name is Administrator.

I'm logged in as Administrator.........

#43 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 09:54 PM

Posted Image

Just got my ESET unistalled.

#44 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 11 November 2011 - 10:12 PM

There is an uninstaller tool if you need it http://download.eset...Uninstaller.exe

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#45 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 11 November 2011 - 10:47 PM

Hello. I already uninstalled ESET.
Now scanning....

#46 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 12 November 2011 - 04:12 AM

The scan process stuck at 3%. It doesnt move anymore for 50minutes...
I close the window and go to ESET page using IE again. The scan still, stopped at 3%.

(whoa, and whole pc is so slow while scanning) :O

#47 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 12 November 2011 - 12:30 PM

I honestly do not know what is wrong with your PC. It is very difficult to form any conclusions when the tools don't work. Your original ComboFix log indicated that you had run it several times previously on your own. This was a bad idea. ComboFix is a very powerful program and dangerous to use without the guidance of an expert in its use who can help you fix any damage that it inadvertently does.

If you have a System Restore point from before you started worrying about the internet traffic, restoring could be your best option.
Do Start, System Restore. Click 'Next'. Check 'Show more restore points'. What restore points are available?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#48 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 12 November 2011 - 01:48 PM

System restore point:

Windows Update,
Avast! Free Antivirus Setup
Removed Sygate Personal Firewall
Windows Update
OTL Restore Point
Windows Modules Installer
ComboFix Created restore point
Installed Microsoft Network Monitor: Network Monitor Parsers 3.4
Installed Microsoft Network Monitor 3.4


That's all.

#49 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,253 posts

Posted 12 November 2011 - 01:59 PM

What dates are they from?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#50 superxc3

superxc3

    Member

  • Full Member
  • Pip
  • 78 posts

Posted 12 November 2011 - 08:19 PM

http://img715.images...03nov130917.jpg


But my data no overload now. No massive data transfer. If restore it back to the restore point, the problem will come back?




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button