hilow321
2010-07-02, 07:19
I don't know why this is happening since I am only doing my normal activities with my computer, but this had been occurring often during starting from like this week.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:58:27.48 on 2010/07/01 四
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15
AV: 360杀毒 *On-access scanning enabled* (Updated) {D737F2DE-FA43-4036-AF5B-911612E2D674}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\360safe\deepscan\zhudongfangyu.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\360sd\360rp.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\360sd\360sd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\QQ2009\QQ\Bin\QQ.exe
C:\Program Files\QQ2009\QQ\Bin\TXPlatform.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Owner\Desktop\zooomer\NO$Zoomer2\NO$PMP&WTT_ver_035\NO$WTT.exe
C:\Program Files\360\360se3\360SE.exe
C:\Program Files\360\360se3\360SE.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
mURLSearchHooks: H - No File
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: DetectAddin Class: {2d90d33c-de76-42d0-9040-e4466ddc24ac} - c:\program files\thunder network\thunder\program\EmbedDetectNow.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\飞速tudou\tudouDetector.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
BHO: SafeMon Class: {b69f34dd-f0f9-42dc-9edd-957187da688d} - c:\program files\360safe\safemon\safemon.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [360sd] "c:\program files\360sd\360sd.exe" /autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; 360SE)" -"http://www.explorelearning.com/index.cfm?method=cResource.dspView&ResourceID=154&ClassID=1212803"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [360Safetray] "c:\program files\360safe\safemon\360Tray.exe" /start
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &U使用米人下载并收藏 - c:\program files\namirobot\data\du.html
IE: Download by easyMule - c:\program files\easymule\IE2EM.htm
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 使用迅雷查看图片 - c:\program files\thunder network\thunder\program\repairimage.htm
IE: {548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files\thunder network\thunder\program\repairimage.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %systemroot%\system32\GameLink.dll
Trusted Zone: arad.jp\www
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67}
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26.cab
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://updateglobal.ahnlab.com/aos/plugin/aosmgr.cab
DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMStarter.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} - hxxps://www.opinionsquare.com/Config/packages/op/opsetup.cab
DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMSystemInformer.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251681458023
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E9089E1-0461-4F60-8150-1E334629ABB7} - hxxp://webdown2.nexon.co.jp/arad/real/installer/arad_dis.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdf8305.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D1F81895-5BB4-49C4-A886-58A5708F4250} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNetmarbleDownloader.cab
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tuw1bdb0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(869).dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMFFUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tuw1bdb0.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2009-7-11 56320]
R0 QKeyService;QKeyServiceDisplay;c:\windows\system32\KeyCrypt.sys [2008-6-14 11648]
R1 360netmon;360netmon;c:\windows\system32\drivers\360netmon.sys [2010-3-9 25856]
R1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2009-7-11 109312]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2010-2-11 66688]
R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\EfiMon.sys [2010-3-9 19200]
R1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2009-9-21 89344]
R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2009-10-13 27776]
R1 SafeBoxKrnl;SafeBoxKrnl;c:\windows\system32\drivers\SafeboxKrnl.sys [2010-2-3 58248]
R2 360rp;360 杀毒实时防护服务;c:\program files\360sd\360rp.exe [2010-5-5 1000968]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-1 1153368]
R2 ZhuDongFangYu;主动防御;c:\program files\360safe\deepscan\ZhuDongFangYu.exe [2010-4-29 214536]
R3 kpxim;Easy2Game Proxy Service;c:\windows\system32\drivers\kpxim.sys [2009-11-27 21760]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
S2 TSUSVC;Tencent Software Update Service;"c:\program files\tencent\qqsoftmgr\1.0.338.203\tencentupdatesvc.exe" -run --> c:\program files\tencent\qqsoftmgr\1.0.338.203\TencentUpdateSvc.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-8-27 132608]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-8-27 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SUNTX;SUNTX;C:\xxTx.sys [2010-3-13 7936]
S3 TesDrvPt;TesDrvPt;c:\windows\system32\TesDrvPt.sys [2009-4-5 15432]
S3 TesSafe;TesSafe;c:\windows\system32\TesSafe.sys [2009-8-5 14336]
============== File Associations ===============
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
txtfile=c:\windows\notepad.exe %1
=============== Created Last 30 ================
2010-06-25 13:10:20 993136 ----a-w- c:\windows\system32\SogouPy.ime
2010-06-25 05:40:32 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 05:40:32 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 05:40:32 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 05:40:32 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 05:40:32 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-25 04:14:53 0 d-----w- c:\users\owner\appdata\roaming\Tencent
2010-06-23 21:44:17 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 21:44:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 23:45:34 0 d-----w- C:\ppsvodcache
2010-06-20 21:22:50 0 d-----w- c:\users\owner\appdata\roaming\PPStream
2010-06-20 21:21:44 0 d-----w- C:\PPS.tv
2010-06-20 15:37:33 1940 ----a-w- c:\windows\Sandboxie.ini
2010-06-20 15:37:29 0 d-----w- c:\program files\Sandboxie
2010-06-20 01:59:44 0 d-----w- c:\programdata\AIM
2010-06-20 01:59:12 0 d-----w- c:\program files\AIM
2010-06-20 01:59:07 0 d-----w- c:\program files\common files\Software Update Utility
2010-06-16 14:48:46 0 d-----w- c:\users\owner\appdata\roaming\DFO Control Panel
2010-06-12 04:50:09 261 ----a-w- c:\windows\uu1°3 VER 2.INI
2010-06-10 06:13:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 06:13:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 06:12:44 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 06:10:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 05:36:00 0 d-----w- c:\program files\exrpg.com
2010-06-10 04:13:01 0 d-----r- C:\Sandbox
2010-06-03 19:33:18 0 d-----w- c:\programdata\360SD
==================== Find3M ====================
2010-06-11 22:55:44 109312 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys
2010-05-29 03:34:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-29 03:34:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 11:27:00 308600 ----a-w- c:\windows\system32\MMInstaller.dll
2010-05-25 23:20:16 89344 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2010-05-25 00:50:30 56320 ----a-w- c:\windows\system32\drivers\hookport.sys
2010-05-18 01:44:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-16 18:18:38 66688 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS
2010-05-07 04:27:54 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-25 16:05:46 41 ----a-w- c:\users\owner\jagex_runescape_preferences.dat
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-15 06:01:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-20 01:44:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-14 05:02:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-14 05:02:05 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-14 05:02:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-14 05:02:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-02 01:00:41 16384 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2009-01-26 04:42:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012520090126\index.dat
2009-01-26 17:02:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012620090127\index.dat
2009-01-31 04:32:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009013020090131\index.dat
2009-02-03 03:27:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009020220090203\index.dat
2009-02-10 06:49:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009020920090210\index.dat
2009-02-12 00:56:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021120090212\index.dat
2009-02-14 03:33:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021320090214\index.dat
2009-02-14 22:49:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021420090215\index.dat
2009-02-18 04:24:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021720090218\index.dat
2009-02-24 01:44:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022320090224\index.dat
2009-02-26 00:56:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022520090226\index.dat
2009-02-27 05:11:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022620090227\index.dat
2009-02-28 15:27:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022820090301\index.dat
2009-03-01 19:29:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030120090302\index.dat
2009-03-05 06:17:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-07 03:13:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030620090307\index.dat
2009-03-07 20:32:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030720090308\index.dat
2009-03-10 00:51:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030920090310\index.dat
2009-03-11 02:14:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031020090311\index.dat
2009-03-12 00:12:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031120090312\index.dat
2009-03-22 03:54:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032120090322\index.dat
2009-03-24 04:23:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032320090324\index.dat
2009-03-28 01:07:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032720090328\index.dat
2009-03-28 15:05:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032820090329\index.dat
2009-03-31 23:01:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009033120090401\index.dat
2009-04-04 14:37:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040420090405\index.dat
2009-04-06 04:58:14 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040520090406\index.dat
2009-04-08 00:43:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040720090408\index.dat
2009-04-08 17:12:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040820090409\index.dat
2009-04-11 00:55:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041020090411\index.dat
2009-04-11 18:07:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041120090412\index.dat
2009-04-13 23:37:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041320090414\index.dat
2009-04-15 02:55:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041420090415\index.dat
2009-08-13 02:19:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081220090813\index.dat
============= FINISH: 21:00:36.22 ===============
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 20:58:27.48 on 2010/07/01 四
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15
AV: 360杀毒 *On-access scanning enabled* (Updated) {D737F2DE-FA43-4036-AF5B-911612E2D674}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\360safe\deepscan\zhudongfangyu.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\360sd\360rp.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\360sd\360sd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\QQ2009\QQ\Bin\QQ.exe
C:\Program Files\QQ2009\QQ\Bin\TXPlatform.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\Owner\Desktop\zooomer\NO$Zoomer2\NO$PMP&WTT_ver_035\NO$WTT.exe
C:\Program Files\360\360se3\360SE.exe
C:\Program Files\360\360se3\360SE.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
mURLSearchHooks: H - No File
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - c:\program files\easymule\modules\IE2EM.dll
BHO: DetectAddin Class: {2d90d33c-de76-42d0-9040-e4466ddc24ac} - c:\program files\thunder network\thunder\program\EmbedDetectNow.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\飞速tudou\tudouDetector.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
BHO: SafeMon Class: {b69f34dd-f0f9-42dc-9edd-957187da688d} - c:\program files\360safe\safemon\safemon.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [360sd] "c:\program files\360sd\360sd.exe" /autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; 360SE)" -"http://www.explorelearning.com/index.cfm?method=cResource.dspView&ResourceID=154&ClassID=1212803"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [360Safetray] "c:\program files\360safe\safemon\360Tray.exe" /start
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoFileAssociate = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: RestrictWelcomeCenter = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoSMMyPictures = 0 (0x0)
mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &U使用米人下载并收藏 - c:\program files\namirobot\data\du.html
IE: Download by easyMule - c:\program files\easymule\IE2EM.htm
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 使用迅雷查看图片 - c:\program files\thunder network\thunder\program\repairimage.htm
IE: {548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files\thunder network\thunder\program\repairimage.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %systemroot%\system32\GameLink.dll
Trusted Zone: arad.jp\www
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67}
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26.cab
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://updateglobal.ahnlab.com/aos/plugin/aosmgr.cab
DPF: {10365E63-8510-444A-87F9-AECEE4B50A8A} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMStarter.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} - hxxps://www.opinionsquare.com/Config/packages/op/opsetup.cab
DPF: {5267557D-D090-44EA-BCAA-8576A24810C5} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMSystemInformer.cab
DPF: {5C1B293E-DA77-4AFF-8B52-63DEF8C8A071} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/NMAutoUpdateX.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251681458023
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {89F434A7-4A49-4394-AC02-007480331AE2} - hxxp://download.netmarble.net/ActiveX/NMAutoUpdateX/SystemIDInfo/NMSystemIDInfo_1.0.0.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8E9089E1-0461-4F60-8150-1E334629ABB7} - hxxp://webdown2.nexon.co.jp/arad/real/installer/arad_dis.cab
DPF: {9B1BD804-DDCE-4042-9F19-A771F2921992} - hxxp://tgun.gamengame.com/eng/activex/NPHgeLauncher.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdf8305.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {BCBE34D4-BCCD-4326-9957-C809324D15DD} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNMWebMessenger.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D1F81895-5BB4-49C4-A886-58A5708F4250} - hxxp://nmweb.cdn.global.netmarble.com/Messaging/GlbNetmarbleDownloader.cab
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tuw1bdb0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(869).dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMFFUpdater.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMNetmarbleDownload.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMStarter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMSystemInformer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGlbNMWebMessengerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGPPlugin.dll
FF - plugin: c:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\tuw1bdb0.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2009-7-11 56320]
R0 QKeyService;QKeyServiceDisplay;c:\windows\system32\KeyCrypt.sys [2008-6-14 11648]
R1 360netmon;360netmon;c:\windows\system32\drivers\360netmon.sys [2010-3-9 25856]
R1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2009-7-11 109312]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2010-2-11 66688]
R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\EfiMon.sys [2010-3-9 19200]
R1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2009-9-21 89344]
R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2009-10-13 27776]
R1 SafeBoxKrnl;SafeBoxKrnl;c:\windows\system32\drivers\SafeboxKrnl.sys [2010-2-3 58248]
R2 360rp;360 杀毒实时防护服务;c:\program files\360sd\360rp.exe [2010-5-5 1000968]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-1 1153368]
R2 ZhuDongFangYu;主动防御;c:\program files\360safe\deepscan\ZhuDongFangYu.exe [2010-4-29 214536]
R3 kpxim;Easy2Game Proxy Service;c:\windows\system32\drivers\kpxim.sys [2009-11-27 21760]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
S2 TSUSVC;Tencent Software Update Service;"c:\program files\tencent\qqsoftmgr\1.0.338.203\tencentupdatesvc.exe" -run --> c:\program files\tencent\qqsoftmgr\1.0.338.203\TencentUpdateSvc.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-8-27 132608]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-8-27 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SUNTX;SUNTX;C:\xxTx.sys [2010-3-13 7936]
S3 TesDrvPt;TesDrvPt;c:\windows\system32\TesDrvPt.sys [2009-4-5 15432]
S3 TesSafe;TesSafe;c:\windows\system32\TesSafe.sys [2009-8-5 14336]
============== File Associations ===============
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
txtfile=c:\windows\notepad.exe %1
=============== Created Last 30 ================
2010-06-25 13:10:20 993136 ----a-w- c:\windows\system32\SogouPy.ime
2010-06-25 05:40:32 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 05:40:32 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 05:40:32 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 05:40:32 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 05:40:32 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-25 04:14:53 0 d-----w- c:\users\owner\appdata\roaming\Tencent
2010-06-23 21:44:17 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 21:44:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 23:45:34 0 d-----w- C:\ppsvodcache
2010-06-20 21:22:50 0 d-----w- c:\users\owner\appdata\roaming\PPStream
2010-06-20 21:21:44 0 d-----w- C:\PPS.tv
2010-06-20 15:37:33 1940 ----a-w- c:\windows\Sandboxie.ini
2010-06-20 15:37:29 0 d-----w- c:\program files\Sandboxie
2010-06-20 01:59:44 0 d-----w- c:\programdata\AIM
2010-06-20 01:59:12 0 d-----w- c:\program files\AIM
2010-06-20 01:59:07 0 d-----w- c:\program files\common files\Software Update Utility
2010-06-16 14:48:46 0 d-----w- c:\users\owner\appdata\roaming\DFO Control Panel
2010-06-12 04:50:09 261 ----a-w- c:\windows\uu1°3 VER 2.INI
2010-06-10 06:13:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-10 06:13:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-10 06:12:44 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-10 06:10:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 05:36:00 0 d-----w- c:\program files\exrpg.com
2010-06-10 04:13:01 0 d-----r- C:\Sandbox
2010-06-03 19:33:18 0 d-----w- c:\programdata\360SD
==================== Find3M ====================
2010-06-11 22:55:44 109312 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys
2010-05-29 03:34:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-29 03:34:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 11:27:00 308600 ----a-w- c:\windows\system32\MMInstaller.dll
2010-05-25 23:20:16 89344 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2010-05-25 00:50:30 56320 ----a-w- c:\windows\system32\drivers\hookport.sys
2010-05-18 01:44:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-16 18:18:38 66688 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS
2010-05-07 04:27:54 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-25 16:05:46 41 ----a-w- c:\users\owner\jagex_runescape_preferences.dat
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-15 06:01:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-20 01:44:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-14 05:02:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-14 05:02:05 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-14 05:02:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-14 05:02:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-02 01:00:41 16384 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2009-01-26 04:42:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012520090126\index.dat
2009-01-26 17:02:54 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012620090127\index.dat
2009-01-31 04:32:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009013020090131\index.dat
2009-02-03 03:27:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009020220090203\index.dat
2009-02-10 06:49:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009020920090210\index.dat
2009-02-12 00:56:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021120090212\index.dat
2009-02-14 03:33:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021320090214\index.dat
2009-02-14 22:49:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021420090215\index.dat
2009-02-18 04:24:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021720090218\index.dat
2009-02-24 01:44:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022320090224\index.dat
2009-02-26 00:56:29 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022520090226\index.dat
2009-02-27 05:11:40 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022620090227\index.dat
2009-02-28 15:27:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009022820090301\index.dat
2009-03-01 19:29:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030120090302\index.dat
2009-03-05 06:17:21 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030420090305\index.dat
2009-03-07 03:13:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030620090307\index.dat
2009-03-07 20:32:30 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030720090308\index.dat
2009-03-10 00:51:53 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009030920090310\index.dat
2009-03-11 02:14:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031020090311\index.dat
2009-03-12 00:12:36 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009031120090312\index.dat
2009-03-22 03:54:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032120090322\index.dat
2009-03-24 04:23:56 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032320090324\index.dat
2009-03-28 01:07:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032720090328\index.dat
2009-03-28 15:05:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009032820090329\index.dat
2009-03-31 23:01:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009033120090401\index.dat
2009-04-04 14:37:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040420090405\index.dat
2009-04-06 04:58:14 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040520090406\index.dat
2009-04-08 00:43:25 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040720090408\index.dat
2009-04-08 17:12:19 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009040820090409\index.dat
2009-04-11 00:55:22 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041020090411\index.dat
2009-04-11 18:07:50 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041120090412\index.dat
2009-04-13 23:37:59 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041320090414\index.dat
2009-04-15 02:55:06 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009041420090415\index.dat
2009-08-13 02:19:42 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009081220090813\index.dat
============= FINISH: 21:00:36.22 ===============