Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.Exploit.343


  • This topic is locked This topic is locked

#1
WizMaster

WizMaster

    Member

  • Member
  • PipPip
  • 85 posts
My symantec has been detecting Bloodhound.Exploit.343 in my laptop for some time now. Help =)

My Log as per attached.

OTL logfile created on: 19/5/2011 3:04:48 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\acer\Desktop
Windows Vista Business Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.94 Gb Total Space | 33.26 Gb Free Space | 25.21% Space Free | Partition Type: NTFS
Drive D: | 88.17 Gb Total Space | 53.84 Gb Free Space | 61.06% Space Free | Partition Type: NTFS

Computer Name: S10061269 | User Name: acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 14:25:24 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011/05/03 14:43:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
PRC - [2011/03/05 13:43:28 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2010/11/01 16:19:00 | 002,454,256 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\Funshion.exe
PRC - [2010/11/01 16:14:28 | 001,209,072 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
PRC - [2010/04/07 21:00:04 | 005,758,976 | ---- | M] (http://www.emule-project.net) -- C:\Program Files\eMule\emule.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\ppstream\PPSAP.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/17 10:56:18 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\acer\Program Files\DNA\btdna.exe
PRC - [2009/05/13 10:22:18 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009/05/11 10:04:34 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/02/18 11:06:49 | 001,282,048 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
PRC - [2009/02/18 11:05:13 | 000,163,840 | ---- | M] (Altiris, Inc.) -- C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
PRC - [2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/12 14:01:56 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/09/12 14:01:56 | 000,993,792 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciBrowser.exe
PRC - [2008/05/22 18:55:52 | 001,001,472 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SmartFix\McciTrayApp.exe
PRC - [2008/04/22 14:14:20 | 000,802,816 | R--- | M] (Honeywell International Inc.) -- C:\Program Files\Common Files\Honeywell\SimStation\SimStation.exe
PRC - [2007/12/17 11:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/10 10:23:02 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/12/06 01:25:58 | 000,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007/10/30 18:45:48 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/10/19 16:15:50 | 000,842,248 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007/09/07 11:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/31 09:52:19 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/06/11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007/04/25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2007/02/09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/01/19 19:51:16 | 000,711,472 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:28 | 000,075,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:04 | 000,424,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DWHWizrd.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/11/02 17:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
PRC - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2005/03/23 16:12:30 | 003,604,480 | R--- | M] (AspenTech) -- C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 14:43:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
MOD - [2006/11/02 17:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (bgsvcgen)
SRV - [2010/07/23 00:39:58 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/11 10:04:34 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/02/18 11:06:49 | 001,282,048 | ---- | M] (Altiris, Inc.) [Auto | Running] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2008/04/22 14:14:20 | 000,802,816 | R--- | M] (Honeywell International Inc.) [Auto | Running] -- C:\Program Files\Common Files\Honeywell\SimStation\SimStation.exe -- (SimStation)
SRV - [2008/04/11 14:51:46 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/10 10:23:02 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/30 18:45:48 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/07/31 09:52:19 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/03/22 15:51:33 | 000,900,248 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/10/05 10:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Running] -- -- (pctEFA)
DRV - File not found [Kernel | Disabled | Running] -- -- (pctDS)
DRV - [2011/05/18 16:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110518.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 16:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110518.006\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/13 16:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/13 16:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 15:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/05/11 10:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\dddsk.sys -- (ElRawDisk)
DRV - [2008/06/02 21:06:10 | 000,026,056 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/29 13:08:43 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/01/30 16:15:36 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\mremp50.sys -- (MREMP50)
DRV - [2008/01/30 16:15:36 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\mresp50.sys -- (MRESP50)
DRV - [2007/11/30 15:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007/10/31 10:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/07/27 23:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/12 10:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007/04/02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007/03/09 12:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/31 17:10:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2007/01/31 17:10:10 | 000,061,952 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007/01/31 17:10:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.sg.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.sg.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch_sb =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_sb =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://sg.rd.yahoo.c...://sg.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = filter.singnet.com.sg:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/01/31 02:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/20 00:21:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 12:03:46 | 000,000,000 | ---D | M]

[2008/12/18 23:22:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Extensions
[2010/07/20 20:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\8w1vck4n.default\extensions
[2010/07/10 01:04:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acer\AppData\Roaming\mozilla\Firefox\Profiles\8w1vck4n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 00:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 00:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/19 14:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ACER\PROGRAM FILES\DNA
[2008/01/08 08:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)
O4 - HKLM..\Run: [aspenONE Toolbar] C:\Program Files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe (AspenTech)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [PLFSetL] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [singtelRV_McciTrayApp] C:\Program Files\SmartFix\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\acer\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [PPS Accelerator] D:\ppstream\PPSAP.exe (PPStream Inc)
O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\风行.lnk = C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/23 00:23:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\##b463#al\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\##b463#al\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\{10307d60-12c1-11dd-b822-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{10307d60-12c1-11dd-b822-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{10307e32-12c1-11dd-b822-821723a2b750}\Shell - "" = AutoRun
O33 - MountPoints2\{10307e32-12c1-11dd-b822-821723a2b750}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5f0f6cb0-5d2d-11dd-8beb-001d72217af2}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0f6cb0-5d2d-11dd-8beb-001d72217af2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{64efeda4-4472-11e0-baa3-001de063528b}\Shell - "" = AutoRun
O33 - MountPoints2\{64efeda4-4472-11e0-baa3-001de063528b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6c626c1f-1882-11de-a1a4-001d72217af2}\Shell - "" = AutoRun
O33 - MountPoints2\{6c626c1f-1882-11de-a1a4-001d72217af2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cabfbee4-0d8f-11de-95d2-001d72217af2}\Shell - "" = AutoRun
O33 - MountPoints2\{cabfbee4-0d8f-11de-95d2-001d72217af2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d29bd2d6-00d4-11df-9178-001d72217af2}\Shell - "" = AutoRun
O33 - MountPoints2\{d29bd2d6-00d4-11df-9178-001d72217af2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e7b87c1e-12e0-11dd-8303-001de063528b}\Shell - "" = AutoRun
O33 - MountPoints2\{e7b87c1e-12e0-11dd-8303-001de063528b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e7b87c20-12e0-11dd-8303-d9288d5bc581}\Shell - "" = AutoRun
O33 - MountPoints2\{e7b87c20-12e0-11dd-8303-d9288d5bc581}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f45e8d53-a010-11dd-9a2b-001de063528b}\Shell - "" = AutoRun
O33 - MountPoints2\{f45e8d53-a010-11dd-9a2b-001de063528b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 14:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/19 14:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/12 00:00:05 | 000,000,000 | ---D | C] -- C:\Users\acer\AppData\Local\Unity
[2011/05/03 14:43:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2008/03/04 12:25:53 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2008/03/04 11:42:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008/02/28 10:37:49 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008/02/28 10:30:23 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/07/31 08:59:43 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll

========== Files - Modified Within 30 Days ==========

[2011/05/19 14:52:56 | 001,834,496 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/19 14:16:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2536221580-2695972253-4106603175-1003UA.job
[2011/05/19 14:12:06 | 000,002,438 | ---- | M] () -- C:\Users\acer\funshion.ini
[2011/05/19 14:09:08 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 14:09:08 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/19 14:08:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/19 02:24:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/18 23:16:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2536221580-2695972253-4106603175-1003Core.job
[2011/05/13 15:23:53 | 000,000,188 | ---- | M] () -- C:\Users\acer\Desktop\The Little Teochew Singapore Homecooking.url
[2011/05/13 15:20:01 | 000,000,225 | ---- | M] () -- C:\Users\acer\Desktop\Baking Mum Steamed Moist Chocolate Cake.url
[2011/05/10 00:58:28 | 000,247,808 | ---- | M] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 22:30:18 | 000,000,120 | ---- | M] () -- C:\Users\acer\Desktop\Thelovelybones.url
[2011/05/06 16:10:57 | 000,113,439 | ---- | M] () -- C:\Users\acer\Desktop\Itinerary2.pdf
[2011/05/06 16:10:30 | 000,232,242 | ---- | M] () -- C:\Users\acer\Desktop\F4D3DR.pdf
[2011/05/06 16:10:16 | 000,114,051 | ---- | M] () -- C:\Users\acer\Desktop\Itinerary.pdf
[2011/05/05 16:08:49 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 16:08:49 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/03 14:43:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\acer\Desktop\OTL.exe
[2011/05/02 23:38:35 | 000,008,192 | -H-- | M] () -- C:\Users\acer\Desktop\photothumb.db

========== Files Created - No Company Name ==========

[2011/05/19 14:52:27 | 001,834,496 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/05/10 23:38:59 | 000,000,225 | ---- | C] () -- C:\Users\acer\Desktop\Baking Mum Steamed Moist Chocolate Cake.url
[2011/05/10 23:38:51 | 000,000,188 | ---- | C] () -- C:\Users\acer\Desktop\The Little Teochew Singapore Homecooking.url
[2011/05/07 22:30:18 | 000,000,120 | ---- | C] () -- C:\Users\acer\Desktop\Thelovelybones.url
[2011/05/06 16:10:57 | 000,113,439 | ---- | C] () -- C:\Users\acer\Desktop\Itinerary2.pdf
[2011/05/06 16:10:27 | 000,232,242 | ---- | C] () -- C:\Users\acer\Desktop\F4D3DR.pdf
[2011/05/06 16:10:15 | 000,114,051 | ---- | C] () -- C:\Users\acer\Desktop\Itinerary.pdf
[2010/11/09 16:46:52 | 000,001,054 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2010/09/21 14:48:17 | 000,004,096 | -H-- | C] () -- C:\Users\acer\AppData\Local\keyfile3.drm
[2009/12/09 22:39:40 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/12/09 22:39:40 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/12/09 22:39:40 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/12/09 22:39:40 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/12/09 22:39:40 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/12/09 22:39:40 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/12/09 22:39:40 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/12/09 22:39:40 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/12/09 22:39:40 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/12/09 22:39:40 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/12/09 22:39:40 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/12/09 22:39:40 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/12/09 22:39:40 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/12/09 22:39:40 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/12/09 22:39:40 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/12/09 22:39:40 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/12/09 22:39:40 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/12/09 22:39:40 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/12/09 22:39:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/22 22:11:11 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/15 00:51:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/06/15 00:51:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/01/15 18:30:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008/09/20 05:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/22 18:27:51 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/22 18:27:51 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008/05/27 20:07:50 | 000,247,808 | ---- | C] () -- C:\Users\acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/18 21:09:07 | 000,001,160 | ---- | C] () -- C:\Windows\mozver.dat
[2008/04/11 14:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2008/04/11 14:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2008/04/11 14:57:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2008/04/11 14:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008/04/11 14:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008/04/11 14:57:38 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008/04/11 14:57:38 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008/04/11 14:57:38 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008/03/04 12:25:49 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2008/03/04 11:59:35 | 000,000,796 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/04 11:59:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/03/04 11:24:13 | 000,001,356 | ---- | C] () -- C:\Users\acer\AppData\Local\d3d9caps.dat
[2008/02/29 18:19:29 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
[2008/02/28 10:37:49 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/02/28 10:30:23 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008/02/28 10:30:23 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008/02/28 10:30:23 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008/02/28 10:30:23 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2008/02/27 16:28:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/02/27 16:28:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/27 16:28:37 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/02/27 16:28:17 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/22 01:21:26 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/02/22 01:21:25 | 000,000,094 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/02/22 00:27:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/01 01:44:39 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/07/31 10:26:00 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/07/31 09:38:06 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2007/07/31 09:30:01 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007/07/31 09:00:06 | 000,000,134 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/07/31 09:00:03 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/07/31 09:00:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/07/31 08:59:44 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/01/19 19:11:16 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 20:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:43 | 000,461,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:36:36 | 000,063,488 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2006/11/02 18:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 15:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 15:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/12/27 07:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 14:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 07:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 13:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/07/23 00:36:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Autodesk
[2011/05/14 20:14:45 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\BitTorrent
[2009/10/22 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\DNA
[2009/10/22 14:58:14 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Honeywell
[2010/01/30 01:12:03 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Panasonic
[2009/06/15 00:55:23 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PC Suite
[2011/04/10 20:59:50 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PhotoScape
[2011/05/04 23:34:27 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\PPStream
[2009/06/15 00:51:43 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\Samsung
[2008/10/19 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WebCam Recorder
[2010/01/23 00:09:04 | 000,000,000 | ---D | M] -- C:\Users\acer\AppData\Roaming\WinFF
[2011/05/19 02:24:12 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :unsure:
:yes: . My name is Michael and I am here to help you fix your computer. :)
If you have already received help elsewhere please inform me so that this topic can be closed.
If you haven't, please keep reading:
Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read.
  • Save or print these instructions as a part of the fix will be in safe mode where you will not be able to access the internet.
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Sorry for the late reply. Do you still need help? If yes, continue:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello =) Thank you for your reply!

Can i ask which program i need to disable?
  • 0

#4
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Symantec AntiVirus and Windows Defender
  • 0

#5
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
hello.

i do not know how to disable my anti virus.

Thanks
  • 0

#6
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
You'll find here how to disable your Symantec AntiVirus and Windows Defender :)
  • 0

#7
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
hello!

I tried.. but still failed to deactivate the symantec antivirus.

When i right click on the logo, the auto protect is blanked out. means i cannot uncheck it at all.

Please advice.
  • 0

#8
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
If you can see other options when you right click it, like exit/quit/deactivate etc... select them.
Otherwise follow the instructions with the antivirus on, and we'll see if that's OK
  • 0

#9
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
hello!

i tried doing it with e anti virus on.

When i launch combofix. it scans well untill like file 50+ it gives me a blue screen.

Please advice.
  • 0

#10
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Can you please uninstall Symantec AntiVirus? It may be interfering with the scans. You can re-install it at the end of the log.
Please try not to use your computer to do any other things you're not instructed to do here, as you may get more infections.


Next:
Go in safe mode. You can read here how to do this.

Then run Combo-Fix as instructed. If you get the same blue screen, can you please tell me what it tells?
If combofix finishes, post the log
  • 0

Advertisements


#11
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
hmmm...i cant uninstall it...there isnt any button to uninstall. This anti virus system is actually loaded into my computer from my school.

I tried accessing the folder but there isnt any uninstall button anywhere. Please advice.
  • 0

#12
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
To uninstall a program:

  • Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Find Symantec Antivirus, and then click Uninstall. Follow the wizard and it shall uninstall your antiviurs

  • 0

#13
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ComboFix 11-05-28.01 - acer 6/2011 Fri 20:55:24.2.2 - x86 MINIMAL
执行位置: c:\users\acer\Desktop\ComboFix.exe
.
- 降低功能模式 -
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Funshion Online
c:\program files\Funshion Online\Funshion\cook.dll
c:\program files\Funshion Online\Funshion\CoreAAC.ax
c:\program files\Funshion Online\Funshion\coreavc.ax
c:\program files\Funshion Online\Funshion\CrashReport.exe
c:\program files\Funshion Online\Funshion\dbghelp.dll
c:\program files\Funshion Online\Funshion\drvc.dll
c:\program files\Funshion Online\Funshion\Dump.dll
c:\program files\Funshion Online\Funshion\Encrypt.dll
c:\program files\Funshion Online\Funshion\fpsrv.dll
c:\program files\Funshion Online\Funshion\fptassrv.dll
c:\program files\Funshion Online\Funshion\Funshion-install.ico
c:\program files\Funshion Online\Funshion\Funshion.exe
c:\program files\Funshion Online\Funshion\funshion.ini
c:\program files\Funshion Online\Funshion\FunshionGame2.ico
c:\program files\Funshion Online\Funshion\funshionplugin2.dll
c:\program files\Funshion Online\Funshion\FunshionService.diagnose
c:\program files\Funshion Online\Funshion\FunshionService.exe
c:\program files\Funshion Online\Funshion\FunshionUpgrade.exe
c:\program files\Funshion Online\Funshion\Funshop2.ico
c:\program files\Funshion Online\Funshion\GetMACAddress.dll
c:\program files\Funshion Online\Funshion\LangResEnAmerican.dll
c:\program files\Funshion Online\Funshion\nicdescr.dat
c:\program files\Funshion Online\Funshion\pncrt.dll
c:\program files\Funshion Online\Funshion\pndx5016.dll
c:\program files\Funshion Online\Funshion\pndx5032.dll
c:\program files\Funshion Online\Funshion\quality.dll
c:\program files\Funshion Online\Funshion\rmoc3260.dll
c:\program files\Funshion Online\Funshion\RouterSetting.dll
c:\program files\Funshion Online\Funshion\skin\0.bmp
c:\program files\Funshion Online\Funshion\skin\1.bmp
c:\program files\Funshion Online\Funshion\skin\2.bmp
c:\program files\Funshion Online\Funshion\skin\3.bmp
c:\program files\Funshion Online\Funshion\skin\4.bmp
c:\program files\Funshion Online\Funshion\skin\5.bmp
c:\program files\Funshion Online\Funshion\skin\6.bmp
c:\program files\Funshion Online\Funshion\skin\7.bmp
c:\program files\Funshion Online\Funshion\skin\8.bmp
c:\program files\Funshion Online\Funshion\skin\9.bmp
c:\program files\Funshion Online\Funshion\skin\Buffering.gif
c:\program files\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionMenuF.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionMenuFEn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionMinBtn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionText.bmp
c:\program files\Funshion Online\Funshion\skin\CaptionTextEn.bmp
c:\program files\Funshion Online\Funshion\skin\ChangeModeBtn.bmp
c:\program files\Funshion Online\Funshion\skin\CheckBox_Box.bmp
c:\program files\Funshion Online\Funshion\skin\CheckBox_Check.bmp
c:\program files\Funshion Online\Funshion\skin\DiskWarnning.bmp
c:\program files\Funshion Online\Funshion\skin\DragCorner.bmp
c:\program files\Funshion Online\Funshion\skin\HidePlayInfoBtn.bmp
c:\program files\Funshion Online\Funshion\skin\IErrorReshBtn.bmp
c:\program files\Funshion Online\Funshion\skin\IErrorWarning.bmp
c:\program files\Funshion Online\Funshion\skin\IErrorWndBk.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarBack.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarForward.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp
c:\program files\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp
c:\program files\Funshion Online\Funshion\skin\IntergrateModeBtn.bmp
c:\program files\Funshion Online\Funshion\skin\L.bmp
c:\program files\Funshion Online\Funshion\skin\OptionText.bmp
c:\program files\Funshion Online\Funshion\skin\OptionTextEn.bmp
c:\program files\Funshion Online\Funshion\skin\p.bmp
c:\program files\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\PauseFlickerBtn.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarSplidRgn.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRightSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumbSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp
c:\program files\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnMuteSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnNextSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnNonTop.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPauseSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPlaySmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnPreSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnSimple.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnTop.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerBarBtnVolumeSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerHideBtn.bmp
c:\program files\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\PlayFlickerBtn.bmp
c:\program files\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp
c:\program files\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp
c:\program files\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp
c:\program files\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp
c:\program files\Funshion Online\Funshion\skin\PlayListAddBtn.bmp
c:\program files\Funshion Online\Funshion\skin\PlayListRemove.bmp
c:\program files\Funshion Online\Funshion\skin\PlayListVerSplid.bmp
c:\program files\Funshion Online\Funshion\skin\PlayListVerSplidMark.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarBeforeSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarBkgndSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarDownloadSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarHeadSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarThumbSmall.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp
c:\program files\Funshion Online\Funshion\skin\PlaySplidBarTrailSmall.bmp
c:\program files\Funshion Online\Funshion\skin\R.bmp
c:\program files\Funshion Online\Funshion\skin\RadioBtnBox.bmp
c:\program files\Funshion Online\Funshion\skin\RadioBtnPt.bmp
c:\program files\Funshion Online\Funshion\skin\RpcLoading.gif
c:\program files\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarDownArrowL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarUpArrowL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerBkgndL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgndL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHeadL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMidL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrailL.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp
c:\program files\Funshion Online\Funshion\skin\SettingDlgIcon.bmp
c:\program files\Funshion Online\Funshion\skin\ShowPlayInfoBtn.bmp
c:\program files\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\SplidBarMark.bmp
c:\program files\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\StatusBarLeft.bmp
c:\program files\Funshion Online\Funshion\skin\StatusBarRight.bmp
c:\program files\Funshion Online\Funshion\skin\StatusBarSplid.bmp
c:\program files\Funshion Online\Funshion\skin\TabModeBtn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskBarBtnIcon.bmp
c:\program files\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp
c:\program files\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp
c:\program files\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp
c:\program files\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp
c:\program files\Funshion Online\Funshion\skin\taskdown.ico
c:\program files\Funshion Online\Funshion\skin\TaskListBtnHide.bmp
c:\program files\Funshion Online\Funshion\skin\TaskListBtnShow.bmp
c:\program files\Funshion Online\Funshion\skin\TaskListStatIcons.bmp
c:\program files\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp
c:\program files\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnBarList.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp
c:\program files\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp
c:\program files\Funshion Online\Funshion\skin\taskpause.ico
c:\program files\Funshion Online\Funshion\skin\taskplaying.ico
c:\program files\Funshion Online\Funshion\skin\taskstop.ico
c:\program files\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\TaskText.bmp
c:\program files\Funshion Online\Funshion\skin\TaskTextEn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarPlay.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarStop.bmp
c:\program files\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp
c:\program files\Funshion Online\Funshion\skin\taskupload.ico
c:\program files\Funshion Online\Funshion\skin\TextBtnBk.bmp
c:\program files\Funshion Online\Funshion\skin\TipBottomArrow.bmp
c:\program files\Funshion Online\Funshion\skin\TipRightArrow.bmp
c:\program files\Funshion Online\Funshion\skin\TipTopArrow.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateBtmBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateBtmCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateBtmIgoreBtn.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateBtmUpdateBtn.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateCapBkgnd.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateCapCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateCaption.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateIconFail.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateIconInit.bmp
c:\program files\Funshion Online\Funshion\skin\UpdateIconSuc.bmp
c:\program files\Funshion Online\Funshion\skin\vodPlay.gif
c:\program files\Funshion Online\Funshion\skin\vodPlayEn.gif
c:\program files\Funshion Online\Funshion\skin\vodWeb.gif
c:\program files\Funshion Online\Funshion\skin\vodWebEn.gif
c:\program files\Funshion Online\Funshion\skin\WebCloseBtn.bmp
c:\program files\Funshion Online\Funshion\skin\WebCloseBtnRgn.bmp
c:\program files\Funshion Online\Funshion\skin\x.bmp
c:\program files\Funshion Online\Funshion\Uninstall.exe
c:\program files\Funshion Online\Funshion\upnp.dll
c:\users\acer\Funshion
c:\users\acer\Funshion\cache\Cacheflash\blankFs.swf
c:\users\acer\Funshion\cache\Cacheflash\donghuanew_18.swf
c:\users\acer\Funshion\cache\flash\980EF71B_C41B_511C_2591_1C44D72C2CEC.swf
c:\users\acer\Funshion\cache\flashNew\0582C6F8_3670_7D16_7B8E_A0AFA121608A.date1306685789.swf
c:\users\acer\Funshion\cache\flashNew\0592F407_3D4C_CAF9_54B8_9DF51E45793C.date1304577004.swf
c:\users\acer\Funshion\cache\flashNew\066BFA23_9783_739F_2459_BA891EA66D34.date1304768914.swf
c:\users\acer\Funshion\cache\flashNew\09BFA07C_9C47_2C78_6F3B_F03378EC4CB6.date1306938559.flv
c:\users\acer\Funshion\cache\flashNew\0A549C41_C5A1_B905_7F4C_ADE5472837E4.swf
c:\users\acer\Funshion\cache\flashNew\159EBDB8_A8E8_61AE_E265_F9DCE2E34E92.date1306466659.swf
c:\users\acer\Funshion\cache\flashNew\16E5D77B_86BE_F63D_FA05_BEA1DCDCC006.date1307076789.swf
c:\users\acer\Funshion\cache\flashNew\19037F00_64B6_855B_BCB5_DE37F6538F97.date1305374000.swf
c:\users\acer\Funshion\cache\flashNew\1E035502_89DA_3C1B_2E7D_39CAB9FB7307.date1305374000.swf
c:\users\acer\Funshion\cache\flashNew\202F3106_3D86_3E00_5B50_9D97A900BA03.date1306685789.swf
c:\users\acer\Funshion\cache\flashNew\22AB450A_67FB_7034_B005_68D02AD158B0.swf
c:\users\acer\Funshion\cache\flashNew\27EEF950_63C1_F602_186E_72D88AB56360.date1306135985.swf
c:\users\acer\Funshion\cache\flashNew\2D4F5764_0B7A_46CC_F442_AF5021DCD227.date1304664649.swf
c:\users\acer\Funshion\cache\flashNew\2E05AED6_1584_56EA_EA08_A175ADDC80E0.date1305027701.swf
c:\users\acer\Funshion\cache\flashNew\35FD07A9_3462_FAB1_78F0_85C07123D022.date1307076789.swf
c:\users\acer\Funshion\cache\flashNew\3BD9DA56_D8A5_D6CF_AFBC_C8812CB4CDEA.date1305691620.flv
c:\users\acer\Funshion\cache\flashNew\4249D162_F51E_13C7_75A5_E2499CAA065C.swf
c:\users\acer\Funshion\cache\flashNew\48FAC2B0_8DC0_C6E9_CC75_ABC16264C818.date1305641132.swf
c:\users\acer\Funshion\cache\flashNew\4EC75E06_1CF2_6653_233B_DB5B33289591.date1306938559.swf
c:\users\acer\Funshion\cache\flashNew\4FB870E3_6A2A_AD04_0E3C_B29AC08D244A.flv
c:\users\acer\Funshion\cache\flashNew\5063A532_ED17_A8EA_443D_DBB695E989FF.date1305785536.swf
c:\users\acer\Funshion\cache\flashNew\51DEFD57_8076_EAD7_E781_0E00837FE39D.date1306504237.swf
c:\users\acer\Funshion\cache\flashNew\5399D719_1E56_BDBD_8B26_B87123013D57.date1305464827.swf
c:\users\acer\Funshion\cache\flashNew\563DC959_EC3E_01FF_85EF_90F0C4AE9690.date1305270548.swf
c:\users\acer\Funshion\cache\flashNew\577FBBE0_6B57_AE58_740B_4A351C6108DC.date1305691620.swf
c:\users\acer\Funshion\cache\flashNew\59CDD6ED_6A9A_B933_AFF3_109F2644974F.swf
c:\users\acer\Funshion\cache\flashNew\5DC8DB1F_9514_8B49_9423_B5200A7F639A.date1306938559.swf
c:\users\acer\Funshion\cache\flashNew\5F0875AC_463A_DCD4_C54E_D8BD9C112F4A.swf
c:\users\acer\Funshion\cache\flashNew\61510264_071F_A9C7_BD54_7A0509E6F48B.swf
c:\users\acer\Funshion\cache\flashNew\6601537D_9AD3_AD5A_ABE1_21FDD3FA1126.date1306135985.swf
c:\users\acer\Funshion\cache\flashNew\6625E401_5223_60DD_1D48_CF4F2AF4BFC9.date1305785535.swf
c:\users\acer\Funshion\cache\flashNew\689833AB_668C_A2E7_DA4C_365D90069F9A.date1305181660.swf
c:\users\acer\Funshion\cache\flashNew\693FE51B_3610_13F5_FA5C_B9D60472DEB0.date1307076789.swf
c:\users\acer\Funshion\cache\flashNew\69C3B9E1_1F9D_7DF3_AA96_1F17C510B7CF.date1307076789.swf
c:\users\acer\Funshion\cache\flashNew\69E3FDC8_EE85_245F_185D_1E112D29CDFE.date1306938559.swf
c:\users\acer\Funshion\cache\flashNew\6DA894EB_EBD3_FD6B_E80A_6A8B038F14B6.date1306135985.swf
c:\users\acer\Funshion\cache\flashNew\73991FD0_EBDA_D973_CB58_C5037DC4B9AF.date1306135985.swf
c:\users\acer\Funshion\cache\flashNew\75DE27E8_D33F_DC61_A715_B944BAE4B2DD.date1306418759.swf
c:\users\acer\Funshion\cache\flashNew\7820E516_40C7_18C6_08DF_6196E516F666.date1304768913.swf
c:\users\acer\Funshion\cache\flashNew\7936CDC1_21E8_D648_23EB_10089FDF258A.date1304512008.swf
c:\users\acer\Funshion\cache\flashNew\8355B1E5_1E71_38AB_19DB_B78D7CFEF3EF.date1305691619.swf
c:\users\acer\Funshion\cache\flashNew\84DBF53E_D681_ADD4_4CC6_F8E1EDB8DDE7.date1306938559.swf
c:\users\acer\Funshion\cache\flashNew\84DE0843_65AC_810E_365A_67EF5CC4F69E.date1306135985.swf
c:\users\acer\Funshion\cache\flashNew\8C630F53_D8D5_9038_DCF5_A2535B80C421.date1307076789.swf
c:\users\acer\Funshion\cache\flashNew\92D1921F_0618_6F08_780A_2074764E9922.date1305270547.swf
c:\users\acer\Funshion\cache\flashNew\95680CCD_205A_C9D9_EDAA_DA7192F5C3CE.swf
c:\users\acer\Funshion\cache\flashNew\9B1F9DFE_2B01_A8CA_1A3E_0C0C37593E04.date1305641132.swf
c:\users\acer\Funshion\cache\flashNew\A0EE6889_0A7E_429B_03EB_775619512F74.date1305373998.swf
c:\users\acer\Funshion\cache\flashNew\A15D237E_2034_8F86_BADE_5C6F73F19321.date1306843321.swf
c:\users\acer\Funshion\cache\flashNew\A39FA084_0D47_1C6D_BFF1_4A2D9BC5ADA1.date1304835638.swf
c:\users\acer\Funshion\cache\flashNew\A6F48BA7_5022_151A_5DFB_697AD488D978.swf
c:\users\acer\Funshion\cache\flashNew\A984887B_4B95_6C06_5507_9C417174458B.date1304664649.swf
c:\users\acer\Funshion\cache\flashNew\AC9795F4_46BA_4DA7_4C98_69B0EAF029B6.date1305300891.swf
c:\users\acer\Funshion\cache\flashNew\B2AD7BB2_18B3_7D1B_5B96_5B436F9D7BCB.swf
c:\users\acer\Funshion\cache\flashNew\B310E90C_4A27_6DDB_840E_37F9B336B7F2.date1304940057.swf
c:\users\acer\Funshion\cache\flashNew\B67FB7F0_E565_8503_A3A8_5941771E9BE6.date1305181660.swf
c:\users\acer\Funshion\cache\flashNew\BB79ADF3_C2BB_6B1C_D4DB_3B3B788C9D77.date1306731478.flv
c:\users\acer\Funshion\cache\flashNew\BF942CB3_C527_1146_78F8_8F22B38A04AC.date1305181660.flv
c:\users\acer\Funshion\cache\flashNew\C355C0B8_4929_98D2_4E80_4FC7D20C6503.swf
c:\users\acer\Funshion\cache\flashNew\C3691D3A_C235_9FF9_4ABB_D967D0EFC0B5.date1305270547.swf
c:\users\acer\Funshion\cache\flashNew\C476BF0C_8A8E_8439_868A_C6D569CF52DF.date1305641132.swf
c:\users\acer\Funshion\cache\flashNew\CD6C30BC_187D_88EC_B292_97C93D341E11.date1306418759.swf
c:\users\acer\Funshion\cache\flashNew\CF6C9342_FFF5_1B58_405A_404728BB52EB.date1305785535.swf
c:\users\acer\Funshion\cache\flashNew\CF84D5C3_15F6_7F06_A9BE_8AE64D0E45A1.date1304921411.swf
c:\users\acer\Funshion\cache\flashNew\D0F9A3B9_8BEC_7D30_13B6_E61CEA6F2F7E.date1306843321.swf
c:\users\acer\Funshion\cache\flashNew\D53C1BF6_60B6_6655_F9E7_9D3C850192DA.date1306769760.swf
c:\users\acer\Funshion\cache\flashNew\D783F4F4_FF1D_DAC6_0EB8_5D59D968EC05.date1305464826.swf
c:\users\acer\Funshion\cache\flashNew\D8E7BC85_854F_8755_A36B_79EBA2A99612.date1304768913.swf
c:\users\acer\Funshion\cache\flashNew\DB333118_CF35_10FA_B579_FC5EA733989B.date1306251237.swf
c:\users\acer\Funshion\cache\flashNew\E22429AA_7F06_CD23_5C26_E0A5DB396642.date1305738572.flv
c:\users\acer\Funshion\cache\flashNew\E3C61CF8_E5DB_8244_0413_DA5351D8F69D.date1304512008.swf
c:\users\acer\Funshion\cache\flashNew\E474895D_8874_0B72_7937_D2B8D808F5B0.date1305181660.swf
c:\users\acer\Funshion\cache\flashNew\EA9D1E83_D793_E233_B57D_633299A825C0.date1304768913.swf
c:\users\acer\Funshion\cache\flashNew\EDE2B6BE_33A9_139F_DE84_A9981770B2D5.date1306251237.swf
c:\users\acer\Funshion\cache\flashNew\EF512DBD_C49F_4F4D_4617_176841D3E079.date1306466658.swf
c:\users\acer\Funshion\cache\flashNew\F2D9789A_7515_8793_A350_98C47E71C444.date1304512008.swf
c:\users\acer\Funshion\cache\flashNew\F511AD8D_3FA4_5095_932A_BE225B2DC91B.date1306685789.swf
c:\users\acer\Funshion\cache\flashNew\F5FF9A31_84E9_F8B5_FB10_8A623B7F4EBB.swf
c:\users\acer\Funshion\cache\flashNew\F7CF4BE2_0544_936A_AC0A_81D1EC9D2F68.date1306843321.swf
c:\users\acer\Funshion\cache\flashNew\F8EA1151_8CA4_59A5_CB11_C38BD9EE26C9.date1304512008.swf
c:\users\acer\Funshion\cache\flashNew\FA299F1A_9904_C753_9B6D_7AC3F2663354.swf
c:\users\acer\Funshion\cache\flashNew\FA6301E2_6062_90F8_ADC0_DE03F70BF33F.date1306685789.swf
c:\users\acer\Funshion\cache\flashNew\FC1623DD_A473_192B_FE9E_3C7CCCBD4799.swf
c:\users\acer\Funshion\cache\flashNew\FC767A9D_B93B_3953_E9DB_30B908B0BB14.date1304835637.swf
c:\users\acer\Funshion\cache\flashStamp\4A09DE59_E6C7_9C1C_A734_78161EFFB51C.swf
c:\users\acer\Funshion\cache\flashStamp\blank.gif
c:\users\acer\Funshion\control\1299073909_18277256_1288606676_212.dat
c:\users\acer\Funshion\control\1299073909_18277256_1288606676_212.fsp
c:\users\acer\Funshion\control\1305738330_18524595_1303440033_657.dat
c:\users\acer\Funshion\control\1305738330_18524595_1303440033_657.fsp
c:\users\acer\Funshion\control\1306850714_23811438_1305597882_360.dat
c:\users\acer\Funshion\control\1306850714_23811438_1305597882_360.fsp
c:\users\acer\Funshion\historyTorrent\前度-MP4.fsp
c:\users\acer\Funshion\historyTorrent\女子大乱斗-MP4.fsp
c:\users\acer\Funshion\historyTorrent\惊声尖笑3.fsp
c:\users\acer\Funshion\historyTorrent\花花世界花家姐(国语版)-第1集.fsp
c:\users\acer\Funshion\historyTorrent\超级全能住宅改造王-20110517.fsp
c:\users\acer\Funshion\historyTorrent\食品公司-MP4.fsp
c:\users\acer\Funshion\ini\httpfile.ini
c:\users\acer\Funshion\install.ini
c:\users\acer\Funshion\S10061269_info.ini
c:\users\acer\Funshion\Seed\18277256_1297853049_836.fsp
c:\users\acer\Funshion\Seed\19716789_1298100912_966.fsp
c:\users\acer\Funshion\update\ad_define.fai
c:\users\acer\Funshion\update\ad_material.fax
c:\users\acer\Funshion\update\AdLinkParamFile.fax
c:\users\acer\Funshion\update\flashParam.txt
c:\users\acer\Funshion\update\localad.fax
.
.
((((((((((((((((((((((((( 2011-05-03 至 2011-06-03 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-06-03 12:57 . 2011-06-03 12:57 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-06-03 12:57 . 2011-06-03 12:57 -------- d-----w- c:\users\TEMP.S10061269.000\AppData\Local\temp
2011-06-03 12:57 . 2011-06-03 12:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-31 12:02 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114858C8-EFD1-45F8-B282-F42C26FF329B}\mpengine.dll
2011-05-19 06:48 . 2011-05-19 07:04 -------- d-----w- c:\programdata\PC Tools
2011-05-11 16:00 . 2011-05-11 16:00 -------- d-----w- c:\users\acer\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-28 1232896]
"BitTorrent DNA"="c:\users\acer\Program Files\DNA\btdna.exe" [2009-10-17 323392]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-05-13 102400]
"PPS Accelerator"="d:\ppstream\ppsap.exe" [2010-02-24 214408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-19 842248]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2009-04-30 153416]
"aspenONE Toolbar"="c:\program files\Common Files\AspenTech Shared\Toolbar\aspenONEtoolbar.exe" [2005-03-23 3604480]
"singtelRV_McciTrayApp"="c:\program files\SmartFix\McciTrayApp.exe" [2008-05-22 1001472]
"SingTel_McciTrayApp"="c:\program files\SingTel\McciTrayApp.exe" [2008-09-12 1453568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-02 151552]
.
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
风行.lnk - c:\program files\Funshion Online\Funshion\Funshion.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-1-19 711472]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-31 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^风行.lnk]
path=c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\风行.lnk
backup=c:\windows\pss\风行.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2010-02-24 03:25 214408 ----a-w- d:\ppstream\PPSAP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddsk.sys [2009-02-12 22312]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-05-11 233472]
R2 SimStation;Sim Station;c:\program files\Common Files\Honeywell\SimStation\SimStation.exe [2008-04-22 802816]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-11 36608]
R3 GarenaPEngine;GarenaPEngine;c:\users\acer\AppData\Local\Temp\AMY38AE.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
‘计划任务’ 文件夹 里的内容
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2536221580-2695972253-4106603175-1003Core.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 18:14]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2536221580-2695972253-4106603175-1003UA.job
- c:\users\acer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-04 18:14]
.
.
------- 而外的扫描 -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.sg.acer.yahoo.com
uInternet Settings,ProxyServer = filter.singnet.com.sg:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ycomp/defaults/su/*http://sg.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: Interfaces\{DD437D5F-5A84-4A2F-9F0C-217FC6A4E720}: NameServer = 165.21.83.88,165.21.100.88
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\8w1vck4n.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- 文件类型 -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NPSStartup - (no file)
Notify-AWinNotifyVitaKey MC3000 - (no file)
AddRemove-Funshion - c:\program files\Funshion Online\Funshion\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 20:57
Windows 6.0.6000 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\acer\AppData\Local\Temp\AMY38AE.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
完成时间: 2011-06-03 21:00:27
ComboFix-quarantined-files.txt 2011-06-03 13:00
.
Pre-Run: 41,338,826,752 bytes free
Post-Run: 41,199,755,264 bytes free
.
- - End Of File - - F09C56D31EAA7BEFC7CC065631B90530
  • 0

#14
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,


  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2010/11/01 16:19:00 | 002,454,256 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\Funshion.exe
    PRC - [2010/11/01 16:14:28 | 001,209,072 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files\Funshion Online\Funshion\FunshionService.exe
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch_sb =
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = filter.singnet.com.sg:8080
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
    O4 - Startup: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\风行.lnk = C:\Program Files\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
    O33 - MountPoints2\##b463#al\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    O33 - MountPoints2\##b463#al\Shell\Open(&0)\command - "" = Recycled\ctfmon.exe
    O33 - MountPoints2\{10307d60-12c1-11dd-b822-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{10307d60-12c1-11dd-b822-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{10307e32-12c1-11dd-b822-821723a2b750}\Shell - "" = AutoRun
    O33 - MountPoints2\{10307e32-12c1-11dd-b822-821723a2b750}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{5f0f6cb0-5d2d-11dd-8beb-001d72217af2}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f0f6cb0-5d2d-11dd-8beb-001d72217af2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{64efeda4-4472-11e0-baa3-001de063528b}\Shell - "" = AutoRun
    O33 - MountPoints2\{64efeda4-4472-11e0-baa3-001de063528b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6c626c1f-1882-11de-a1a4-001d72217af2}\Shell - "" = AutoRun
    O33 - MountPoints2\{6c626c1f-1882-11de-a1a4-001d72217af2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{cabfbee4-0d8f-11de-95d2-001d72217af2}\Shell - "" = AutoRun
    O33 - MountPoints2\{cabfbee4-0d8f-11de-95d2-001d72217af2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{d29bd2d6-00d4-11df-9178-001d72217af2}\Shell - "" = AutoRun
    O33 - MountPoints2\{d29bd2d6-00d4-11df-9178-001d72217af2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{e7b87c1e-12e0-11dd-8303-001de063528b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e7b87c1e-12e0-11dd-8303-001de063528b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e7b87c20-12e0-11dd-8303-d9288d5bc581}\Shell - "" = AutoRun
    O33 - MountPoints2\{e7b87c20-12e0-11dd-8303-d9288d5bc581}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f45e8d53-a010-11dd-9a2b-001de063528b}\Shell - "" = AutoRun
    O33 - MountPoints2\{f45e8d53-a010-11dd-9a2b-001de063528b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    [2011/05/19 14:12:06 | 000,002,438 | ---- | M] () -- C:\Users\acer\funshion.ini
    [2011/05/19 02:24:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Extra Registry, select Use SafeList
  • Click the Run Scan button. Post the two logs it produces in your next reply.



Next:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\acer\AppData\Local\Temp\AMY38AE.tmp
Folder::

Registry::

Driver::
GarenaPEngine


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#15
WizMaster

WizMaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
hello!

i have downloaded flash drive disinfect but there isnt any prompt or anything. isit normal or is it not installed properly?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP