Author Topic: I think I am infected  (Read 37988 times)

0 Members and 1 Guest are viewing this topic.

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #30 on: July 29, 2008, 02:14:55 AM »
Hello, Corrine.
OK, I will be waiting for your next reply. Thank you.

To winchester73, I installed SuperKiller.exe about 3 weeks ago. It's from 360safe and used to clean Trojan horse.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I think I am infected
« Reply #31 on: July 29, 2008, 10:40:50 AM »
Hi, Silvia. 

I was tied up dealing with issues at another site last evening so did not have an opportunity to reply and it is just as well that I was delayed.

We have permission from the developer to use his tool but I am about to start work now so getting together the instructions will have to wait until this evening. 

In addition, although a half-dozen of us have been behind the scenes reviewing your logs, the developer pointed out additional problems in your logs.  We may be able to help further, but the entire exercise will be a waste of your and our time if you continue using P2P and dangerous software programs.  Security forums are beginning to institute a "no P2P policy".  Their policy is that help will not be provided until all P2P software is removed.  If the person returns infected because of continued use of P2P software, help will be refused.

The following software needs to be uninstalled from your computer if you expect to use it as intended instead of spending your time running anti-virus and anti-malware tools:

SuperKiller (Edit note:  This was removed by MBAM)
360safe
Tencent
Foxy
Thunder Network
Clubbox


Someplace in this thread is information regarding your Norton package being out of date and most likely expired.  Please follow through with those instructions and get a current anti-virus software and firewall.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I think I am infected
« Reply #32 on: July 29, 2008, 10:40:48 PM »
Hi, Silvia.

Please download USB_Blocker by Bobby from here and save it to your Desktop.

  • First disconnect all USB/flash drives, including your MP3 player, from your computer.
  • Launch USB_Blocker
  • Select the Auto Block option on the first tab (Monitor).
  • Now insert your MP3 player.
  • Select the drive letter for your MP3 player in the "Removable drives:" box in the upper left corner
  • Click the "Scan" button
  • After the scan finishes, right-click on log/report, and select "Save log"
  • The log will be open in Notepad, and also saved on Desktop as USB_blocker.txt
  • Please post the contents of this file into your next reply.


The strong advice to uninstall the programs in my previous post remains unchanged along with the need for you to get current anti-virus software and firewall.  Aside from that, our kind developer spotted something else in your log that we have all missed, the removal of which will help.  I will add that ComboFix instructions.

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: [Select]
File::
C:\WINDOWS\system32\98811f6.dll
C:\WINDOWS\system32\fd4a49.dll
C:\Program Files\INSTALL.LOG
C:\Program Files\NamiRobot
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



   
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
       
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #33 on: July 30, 2008, 05:48:40 PM »
Hello, Corrine.

I have uninstalled all the programs you listed and Norton Internet Security. And then I installed Avira AntiVir and PC Tools for antivirus and firewall.

For USB_Blocker, I am sorry that the log could not be saved becuase the path is not suitable for me. The word "desktop" is in Chinese character for my computer. So I upload the screen shoot of the log for you.
http://www.fileden.com/files/2007/1/13/634997/usb.JPG

Here's the combofix log.
ComboFix 08-07-21.1 - user 2008-07-31  2:18:13.18 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.1.1028.18.221 [GMT 8:00]
執行位置: C:\Documents and Settings\user\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\桌面\CFScript.txt
 * 已建立新的還原點

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\INSTALL.LOG
C:\Program Files\NamiRobot
C:\WINDOWS\system32\98811f6.dll
C:\WINDOWS\system32\fd4a49.dll
.

((((((((((((((((((((((((((((((((((((((   其他遭刪除的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\98811f6.dll
C:\WINDOWS\system32\fd4a49.dll

.
((((((((((((((((((((((((((((   2008-06-28 - 2008-07-30 之間建立的檔案  )))))))))))))))))))))))))))))))))
.

2008-07-31 02:06 . 2008-07-31 02:06   <DIR>   d--------   C:\Documents and Settings\user\Application Data\PCToolsFirewallPlus
2008-07-31 02:04 . 2008-07-31 02:10   <DIR>   d--------   C:\Program Files\PC Tools Firewall Plus
2008-07-31 02:04 . 2008-07-31 02:04   <DIR>   d--------   C:\Program Files\Common Files\PC Tools
2008-07-31 02:04 . 2008-03-12 08:30   159,896   --a------   C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-31 02:04 . 2008-06-24 10:26   93,440   --a------   C:\WINDOWS\system32\drivers\pctfw.sys
2008-07-31 02:04 . 2008-07-31 02:09   57,240   --a------   C:\WINDOWS\system32\drivers\FWAuthdriver.sys
2008-07-31 01:47 . 2008-07-31 01:47   <DIR>   d--------   C:\Program Files\Avira
2008-07-31 01:47 . 2008-07-31 01:47   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avira
2008-07-31 01:41 . 2008-07-31 01:41   2,560   --a------   C:\WINDOWS\_MSRSTRT.EXE
2008-07-31 00:21 . 2008-07-31 00:21   <DIR>   d--------   C:\Program Files\Alwil Software
2008-07-31 00:16 . 2008-07-31 01:41   <DIR>   d--------   C:\Program Files\Common Files\Agnitum Shared
2008-07-31 00:16 . 2008-07-31 00:16   <DIR>   d--------   C:\Program Files\Agnitum
2008-07-26 20:00 . 2008-07-26 20:00   <DIR>   d--------   C:\WINDOWS\system32\zh-cht
2008-07-26 19:59 . 2006-01-10 07:10   184,320   ---------   C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-07-26 19:59 . 2006-01-10 07:11   106,496   ---------   C:\WINDOWS\system32\mmcfxcommon.dll
2008-07-26 19:59 . 2006-01-11 09:20   32,768   ---------   C:\WINDOWS\system32\mmcperf.exe
2008-07-26 17:10 . 2008-07-26 17:10   <DIR>   d--------   C:\Deckard
2008-07-26 13:13 . 2008-07-26 19:59   <DIR>   d--h-----   C:\WINDOWS\$hf_mig$
2008-07-26 13:13 . 2008-07-26 13:13   1,374   --a------   C:\WINDOWS\imsins.BAK
2008-07-26 13:01 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-07-26 13:01 . 2007-07-30 19:18   25,976   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-07-26 12:29 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-26 01:30 . 2008-07-29 21:17   3,778   --a------   C:\WINDOWS\system32\fscflist.ini.tmp
2008-07-26 01:26 . 2008-07-26 01:28   50   --a------   C:\WINDOWS\system32\Clubbox 冖橾瞪歎婦葬濠.url
2008-07-25 21:39 . 2008-07-25 21:39   448,384   --a------   C:\WINDOWS\system32\drivers\EagleNt.sys
2008-07-25 13:03 . 2008-07-23 20:09   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-21 13:20 . 2008-07-21 13:20   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-07-10 23:31 . 2008-07-10 23:31   <DIR>   d--------   C:\Download
2008-07-03 00:48 . 2008-07-25 13:03   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 00:48 . 2008-07-03 00:48   <DIR>   d--------   C:\Documents and Settings\user\Application Data\Malwarebytes
2008-07-03 00:48 . 2008-07-03 00:48   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 00:48 . 2008-07-23 20:09   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 00:57 . 2008-06-29 00:57   <DIR>   d--------   C:\fsaua.data
2008-06-25 22:20 . 2008-06-25 22:20   <DIR>   d--------   C:\Program Files\Trend Micro
2008-06-12 01:05 . 2008-06-12 01:05   7,680   --ahs----   C:\WINDOWS\Thumbs.db
2008-06-03 19:01 . 2008-06-03 19:01   385,024   --a------   C:\WINDOWS\system32\MultiUpload.ocx

.
((((((((((((((((((((((((((((((((((((   近三個月內更動的檔案   )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 18:11   ---------   d---a-w   C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 17:35   ---------   d-----w   C:\Documents and Settings\user\Application Data\MegauploadToolbar
2008-07-30 14:57   ---------   d-----w   C:\Documents and Settings\user\Application Data\uTorrent
2008-07-30 14:56   ---------   d-----w   C:\Documents and Settings\user\Application Data\QQ
2008-07-30 14:55   ---------   d-----w   C:\Program Files\Tencent2
2008-07-30 14:19   ---------   d-----w   C:\Program Files\Foxy
2008-07-30 14:06   ---------   d-----w   C:\Program Files\360safe
2008-07-29 09:46   ---------   d-----w   C:\Program Files\eMule
2008-07-26 04:29   ---------   d-----w   C:\Program Files\Java
2008-07-22 17:59   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2008-07-22 17:58   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 11:29   ---------   d-----w   C:\Program Files\ExtraPlayer
2008-07-12 19:58   ---------   d-----w   C:\Program Files\RaySource
2008-06-17 00:13   ---------   d-----w   C:\Documents and Settings\user\Application Data\MySQL
2008-05-26 04:32   3,290   ----a-w   C:\WINDOWS\system32\PerfStringBackup.TMP
.

------- Sigcheck -------

2001-09-05 20:00  327168  e7774698bb0d14b0710a9a31e209f9b6   C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2004-08-04 14:14  359040  9f4b36614a0fc234525ba224957de55c   C:\WINDOWS\SoftwareDistribution\Download\024288edc8c4f8c963bc1fed0d7174ee\tcpip.sys
2008-06-20 18:45  360320  2a5554fc5b1e04e131230e3ce035c3f9   C:\WINDOWS\SoftwareDistribution\Download\bd142275395b2b38d513ff6a92b5d2fa\sp2gdr\tcpip.sys
2008-06-20 18:44  360960  744e57c99232201ae98c49168b918f48   C:\WINDOWS\SoftwareDistribution\Download\bd142275395b2b38d513ff6a92b5d2fa\sp2qfe\tcpip.sys
2008-06-20 19:51  361600  9aefa14bd6b182d61e3119fa5f436d3d   C:\WINDOWS\SoftwareDistribution\Download\bd142275395b2b38d513ff6a92b5d2fa\sp3gdr\tcpip.sys
2008-06-20 19:59  361600  ad978a1b783b5719720cff204b666c8e   C:\WINDOWS\SoftwareDistribution\Download\bd142275395b2b38d513ff6a92b5d2fa\sp3qfe\tcpip.sys
2004-08-03 23:14  359040  6a603809f598332dbedd535bdbce313e   C:\WINDOWS\system32\drivers\tcpip.sys

2001-09-05 20:00  13312  559f356b0a0b0bb0d663fd3ce8ef0c48   C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 00:47  15360  3bcef6b66827ec0b9923d20e62d067ba   C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 15:47  15360  3bcef6b66827ec0b9923d20e62d067ba   C:\WINDOWS\SoftwareDistribution\Download\024288edc8c4f8c963bc1fed0d7174ee\ctfmon.exe
2001-09-05 20:00  13312  559f356b0a0b0bb0d663fd3ce8ef0c48   C:\WINDOWS\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((   snapshot_2008-07-27_20.08.27.64   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-30 17:41:26   2,560   ----a-w   C:\WINDOWS\_MSRSTRT.EXE
+ 2008-07-30 17:44:16   262,144   ----a-w   C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-05-09 05:15:51   45,376   ----a-w   C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 10:11:28   22,336   ----a-w   C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 07:03:55   75,072   ----a-w   C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 02:34:22   28,352   ----a-w   C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((((((((   重要登錄檔   )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 14:43 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2001-09-05 20:00 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-01-17 10:19 7323648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2001-09-05 20:00 208949]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-07-02 16:51 2602904]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 13:48 69632 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-01-17 10:19 1519616 C:\WINDOWS\system32\nwiz.exe]
"ClubBox"="nwiz.exe" [2006-01-17 10:19 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [2001-09-05 20:00 13312]
"Shell"="C:\WINDOWS\system32\shell32.dll" [2004-08-04 00:47 8244224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 08:30]
R3 FWAuth;FWAuth Driver;C:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-07-31 02:09]
S2 自動 LiveUpdate 排程器;自動 LiveUpdate 排程器;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S3 npkycryp;npkycryp;C:\Program Files\Tencent\QQ\npkycryp.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]
S3 VM30xx86;Vimicro USB PC Camera (ZC030x);C:\WINDOWS\system32\Drivers\vm30xx86.sys [2007-01-29 19:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 02:20:09
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案: 0

**************************************************************************
.
完成時間: 2008-07-31  2:20:58
ComboFix-quarantined-files.txt  2008-07-30 18:20:55
ComboFix2.txt  2008-07-27 12:08:43
ComboFix3.txt  2008-07-25 04:59:30
ComboFix4.txt  2008-07-24 04:37:26
ComboFix5.txt  2008-07-30 18:17:49

Pre-Run: 2,388,729,856 位元組可用
Post-Run: 2,403,172,352 位元組可用

163   --- E O F ---   2008-07-26 05:13:37

Thank you very much.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I think I am infected
« Reply #34 on: July 30, 2008, 07:33:46 PM »
Image attached for easy reference

[attachment deleted by admin]


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I think I am infected
« Reply #35 on: July 31, 2008, 12:32:45 AM »
Bravo, Silvia!!!

I am so proud of you for removing those P2P files.  The good news is that your MP3 player appears to be clean.  So now, we can remove the remnants, run an updated scan and then provide instructions on removing the extra tools so you can get back to your life!!!  (You can still visit us after we are finished though.  :) )  Let's get to it!

Custom CFScript (Note:  If ComboFix does not want to run, follow the previously supplied uninstall instructions (Start > Run > Combofix /u )
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: [Select]
File::
C:\WINDOWS\system32\zh-cht
C:\WINDOWS\system32\Clubbox ???????.url
C:\WINDOWS\system32\MultiUpload.ocx
C:\Documents and Settings\user\Application Data\MegauploadToolbar
C:\Documents and Settings\user\Application Data\uTorrent
C:\Documents and Settings\user\Application Data\QQ
C:\Documents and Settings\user\Application Data\MySQL
C:\WINDOWS\system32\drivers\EagleNt.sys

Folder::
C:\Program Files\Tencent2
C:\Program Files\Foxy
C:\Program Files\360safe
C:\Program Files\Microsoft Visual Studio 8
C:\Program Files\ExtraPlayer
C:\Program Files\RaySource

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClubBox"=-

Extra::
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



   
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
       
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

scan with MBAM again:
  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file in your next reply along with the Combofix log and a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #36 on: July 31, 2008, 06:17:03 AM »
Hello, Corrine.
Thank you very much for cleaning my mp3 player. And thanks to the kind developer and other technicians here.

ComboFix 08-07-21.1 - user 2008-07-31 13:43:15.19 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.1.1028.18.245 [GMT 8:00]
執行位置: C:\Documents and Settings\user\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\桌面\CFScript.txt
 * 已建立新的還原點

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\user\Application Data\MegauploadToolbar
C:\Documents and Settings\user\Application Data\MySQL
C:\Documents and Settings\user\Application Data\QQ
C:\Documents and Settings\user\Application Data\uTorrent
C:\WINDOWS\system32\drivers\EagleNt.sys
C:\WINDOWS\system32\MultiUpload.ocx
C:\WINDOWS\system32\zh-cht
.

((((((((((((((((((((((((((((((((((((((   其他遭刪除的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\360safe
C:\Program Files\360safe\修复工具.exe
C:\Program Files\360safe\嘰?
C:\Program Files\360safe\珠䆐
C:\Program Files\ExtraPlayer
C:\Program Files\ExtraPlayer\3.2.1 版.ico
C:\Program Files\ExtraPlayer\AppCmd.ini
C:\Program Files\ExtraPlayer\bass.dll
C:\Program Files\ExtraPlayer\ExtraCPU.exe
C:\Program Files\ExtraPlayer\ExtraCPU.ini
C:\Program Files\ExtraPlayer\ExtraMidi.exe
C:\Program Files\ExtraPlayer\ExtraPlayer.chm
C:\Program Files\ExtraPlayer\ExtraPlayer.exe
C:\Program Files\ExtraPlayer\ExtraPlayer.ini
C:\Program Files\ExtraPlayer\ExtraRM.exe
C:\Program Files\ExtraPlayer\stkit432.dll
C:\Program Files\ExtraPlayer\tools\ExtraPlayer1.dll
C:\Program Files\ExtraPlayer\tools\ExtraPlayer2.dll
C:\Program Files\ExtraPlayer\tools\ogg.dll
C:\Program Files\ExtraPlayer\tools\radutil.dll
C:\Program Files\ExtraPlayer\tools\vorbis.dll
C:\Program Files\Foxy
C:\Program Files\Foxy\Conf\Addresses.cfg
C:\Program Files\Foxy\Conf\Blocked.cfg
C:\Program Files\Foxy\Conf\Foxy.cfg
C:\Program Files\Foxy\Conf\Servers.cfg
C:\Program Files\Foxy\Conf\Settings.cfg
C:\Program Files\Foxy\Conf\Shared.cfg
C:\Program Files\Foxy\Update\Foxy.1.9.8.TC.Setup.exe
C:\Program Files\Microsoft Visual Studio 8
C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express 㙉 - 羉砰いゅ\
C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express 㙉 - 羉砰いゅ\
C:\Program Files\Tencent2
C:\Program Files\Tencent2\QQ\3DShow\3DActPreView.bmp
C:\Program Files\Tencent2\QQ\3DShow\basicModel.xml
C:\Program Files\Tencent2\QQ\3DShow\boy.mtz
C:\Program Files\Tencent2\QQ\3DShow\boy_m\boy_m_client.mtz
C:\Program Files\Tencent2\QQ\3DShow\boy_s\boy_s_client.mtz
C:\Program Files\Tencent2\QQ\3DShow\bubble\l.swf
C:\Program Files\Tencent2\QQ\3DShow\bubble\r.swf
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\calf_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\chest_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\coxa_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\foot_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\forearm_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\hand_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_BM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_BM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_BS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_BS.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_GM.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_GM.mtx
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_GS.mts
C:\Program Files\Tencent2\QQ\3DShow\DefualtModel\head_0_0_GS.mtx
C:\Program Files\Tencent2\QQ\3DShow\girl.mtz
C:\Program Files\Tencent2\QQ\3DShow\girl_m\girl_m_client.mtz
C:\Program Files\Tencent2\QQ\3DShow\girl_s\girl_s_client.mtz
C:\Program Files\Tencent2\QQ\3DShow\index_resources\MTS3Interface.js
C:\Program Files\Tencent2\QQ\3DShow\index_resources\MTS3Interface_tencent.js
C:\Program Files\Tencent2\QQ\3DShow\scene.mtz
C:\Program Files\Tencent2\QQ\3DShow\Scene.xml
C:\Program Files\Tencent2\QQ\3DShow\scene\NoScene.bmp
C:\Program Files\Tencent2\QQ\3DShow\scene\NoScene.swf
C:\Program Files\Tencent2\QQ\3DShow\swf\blank.swf
C:\Program Files\Tencent2\QQ\3DShow\swf\blankB.swf
C:\Program Files\Tencent2\QQ\3DShow\swf\blankS.swf
C:\Program Files\Tencent2\QQ\3DShow\swf\loading.swf
C:\Program Files\Tencent2\QQ\3DShow\swf\loadingB.swf
C:\Program Files\Tencent2\QQ\3DShow\swf\pink_web.swf
C:\Program Files\Tencent2\QQ\3DShow\ui_swf\btn01.jpg
C:\Program Files\Tencent2\QQ\3DShow\ui_swf\btn01_mask.jpg
C:\Program Files\Tencent2\QQ\3DShow\ui_swf\btn02.jpg
C:\Program Files\Tencent2\QQ\3DShow\ui_swf\btn03.jpg
C:\Program Files\Tencent2\QQ\3DShow\ui_swf\btn09.jpg
C:\Program Files\Tencent2\QQ\3DShow\ui_swf\btn09_mask.jpg
C:\Program Files\Tencent2\QQ\3DShow\xml0\0.xml
C:\Program Files\Tencent2\QQ\431448005\Config.db
C:\Program Files\Tencent2\QQ\431448005\ewh.db
C:\Program Files\Tencent2\QQ\431448005\MsgEx.db
C:\Program Files\Tencent2\QQ\431448005\PanelData\PanelData.ini
C:\Program Files\Tencent2\QQ\431448005\QQSpaceFile\QQSpaceData.dat
C:\Program Files\Tencent2\QQ\431448005\qqstatcount.dat
C:\Program Files\Tencent2\QQ\431448005\ShareInfo.db
C:\Program Files\Tencent2\QQ\431448005\User.db
C:\Program Files\Tencent2\QQ\460889823\AddrData.dat
C:\Program Files\Tencent2\QQ\460889823\CardMgr.db
C:\Program Files\Tencent2\QQ\460889823\Config.db
C:\Program Files\Tencent2\QQ\460889823\Content_Config.ini
C:\Program Files\Tencent2\QQ\460889823\CustomFace\185004FF135F9E9CB27D133ED53707B6.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFace\185004FF135F9E9CB27D133ED53707B6fixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\2560ABD01798DCE03DD982A21F8B9A7E.jpg
C:\Program Files\Tencent2\QQ\460889823\CustomFace\2560ABD01798DCE03DD982A21F8B9A7Efixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\35EB70C088400C57FEFE004A34410DC6.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFace\35EB70C088400C57FEFE004A34410DC6fixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\5BC07C442A4E7F028EFFEC5BA07ABF6D.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFace\5BC07C442A4E7F028EFFEC5BA07ABF6Dfixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\5D62F4F0C98E5C6AB6775F5ADB00D826.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFace\5D62F4F0C98E5C6AB6775F5ADB00D826fixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\6E2214C8A1B45B38E69055AAD221BD6A.gif
C:\Program Files\Tencent2\QQ\460889823\CustomFace\6E2214C8A1B45B38E69055AAD221BD6Afixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\8A84B8B3BE4B0ABF854872501322119D.jpg
C:\Program Files\Tencent2\QQ\460889823\CustomFace\8A84B8B3BE4B0ABF854872501322119Dfixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\BDBDC9CA212A9BD3DF4545A92EE39E77.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFace\BDBDC9CA212A9BD3DF4545A92EE39E77fixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\C7F5EA88E9D5CF342839846805532BC0.jpg
C:\Program Files\Tencent2\QQ\460889823\CustomFace\C7F5EA88E9D5CF342839846805532BC0fixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\cachepage.xml
C:\Program Files\Tencent2\QQ\460889823\CustomFace\CachePage0.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\E5CFC99A0F73BD0506B0E631E73B4DF4.jpg
C:\Program Files\Tencent2\QQ\460889823\CustomFace\E5CFC99A0F73BD0506B0E631E73B4DF4fixed.bmp
C:\Program Files\Tencent2\QQ\460889823\CustomFace\face.xml
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\00DE9AE4E9F6AB723F2524B600433DF0.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\076046307177C6A18A505E3F08E1E6AA.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\09D561C01F4891E34938A468B8591406.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\0A9B19C9D180DEB321F9059F79C76358.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\0B3489D2EA40AC3A1A66DA3ED4E0F927.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\0B6020DDD8A63E1F68C0350EE295047E.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\12B4521A49628E4CD6C2056E60D34DF4.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\1381651373135B14AF12E030759D8B43.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\14C9191C18668C28AEDA05C7E13C00D9.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\185004FF135F9E9CB27D133ED53707B6.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\21208116B5572FC457F12043DC95D080.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\22FB6C91FDAAAAD2614ADA374E1059D7.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\246EC20D5560A7FD9AF672F4EC92AC97.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\2EA54E153B921F13E2DBB698E4B79D20.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\30708EF377ED13D8AC480CAD81B0979A.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\34A993F60F30863E6346B8EBF6C8CD91.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\35EB70C088400C57FEFE004A34410DC6.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\3EBACEBEEA85C30C138F660C41337336.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\3EC532A5F7B2E5BBCA91B49894666BC7.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\419CD0EF73F54A0C186ADF6574D5DB91.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\49CC64D58710C1CD39D6FC231B52158E.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\502DFD46D961CAB116565207AF0453D3.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\50FA810E7AEC5362F3B05440630AD1FB.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\5509FB9CE365B6175C3E29AB4384F83A.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\5AB8EA06C1B902D3782A8E3A06BA009C.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\5BC07C442A4E7F028EFFEC5BA07ABF6D.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\5D62F4F0C98E5C6AB6775F5ADB00D826.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\5EC85F713232CDA003DFB04D2D1F7ED2.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\5F9DA71DF33549014067DD525FA281CD.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\61491FFC021618B5EF6064570EC7CCD7.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\625B3BEC2418FE0303E6A87199D1ECFC.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\670623D84EAAE62577F4B290D2E1309F.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\68E1F278C96948440119862169C1D998.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\69A76DB163CB333621FB9CEC6003C3BB.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\6AE58B93D3DF7B7C7E768F6F55CF2E96.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\73795328E7ACC1F72282158BF2D3386F.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\764ECE2F0423CB0BF721461B404A489B.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\7CB4409E8B2E0E241EBEAC95DB832B6F.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\8066A07D2CDDBA6A082F8AFD0C39443C.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\82F37439B5BDA71BD43DD07A0493CFB8.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\832B406D7C75D9CF5E07B6481791429C.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\841D4C20D7307524C92EAAE4266FB601.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\8621309C81FA52D329D6A4708D0C6F2C.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\8A036AEED54A498955B4A13C3B00284D.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\8A84B8B3BE4B0ABF854872501322119D.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\8F3390AEB30A16E5C810FC16C10B4394.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\90AF83819A553D26780B9AF612C9469B.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\91C4F7AAE5E255F8D6E27DA4BC44E316.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\91CA438F655B4FE502A4CF8570309A70.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\9661B8E49FC5C3C005D619A3DED14063.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\9B5B24DB80CC888617A18F02F2B8B5F4.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\A4156FA74A0C017C9CC8EC9A9CEC9DC4.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\A4E90621838296F6F7C2D8A9C432D0B1.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\A626C537B5AC58A0D1C670F30AA18C36.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\AB1D8B94EEC554A0307A79FC7FC36E2A.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\AEA639E6667F9F972E9012AB63090F08.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\B7A77EB5329162568F540FAF1CA52150.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\B8CE6F042C8DCB264F634DDD0FC7BC63.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\B8ED88ED699576D988819EAB9FB6853A.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\BA61799FBAC51DABC9B1701CF631D3A0.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\BDBDC9CA212A9BD3DF4545A92EE39E77.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\C1F9A8772E19395286C4021332726D94.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\C357D6F2C1FE79C67BD31EB6A2812F23.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\C7F5EA88E9D5CF342839846805532BC0.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\CBC1144155940B48B4B16407F1258695.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\CC713C51C5BF9AE3D34DF259386E21F4.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\D1D62B1CCF81EF270B35464495C37B1D.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\D339C02B1C256E352F51427EE73D00A4.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\D644C8D3C92F20A66E68AAC59A0CC885.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\D948710701E905125AD949668AE5EC72.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\DA3E43A92F236213B52369BCF123191B.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\E5F6CEEDE6B1F93667CFA59335D65A07.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\E67A26465FE6F9A343BC444384501CD4.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\ECC5432B4623FED48C6BEBE226C7FCF8.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\F200E229ED5A81471CD5428863059AF8.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\F2CB00458F60E29DD9D0325477B81C2C.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\F5E6EFC63744CA923CF6D5275DD31210.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\FA044AE6D5B640EB7548DBC18A581BB9.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\FAE3F042770D7CC6E34B4EBA300E4957.GIF
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\FED2623FE221886D1B6458E5C7F1440E.JPG
C:\Program Files\Tencent2\QQ\460889823\CustomFaceRecv\Thumbs.db
C:\Program Files\Tencent2\QQ\460889823\ewh.db
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100425\background.GIF
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100425\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100425\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100425\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100478\background.gif
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100478\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100478\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100478\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100564\background.gif
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100564\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100564\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100564\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100567\background.gif
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100567\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100567\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100567\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100594\background.gif
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100594\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100594\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\308976908\100594\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\381260913\100617\background.gif
C:\Program Files\Tencent2\QQ\460889823\FlashScene\381260913\100617\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\381260913\100617\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\381260913\100617\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\453005587\100617\background.gif
C:\Program Files\Tencent2\QQ\460889823\FlashScene\453005587\100617\config.qqs
C:\Program Files\Tencent2\QQ\460889823\FlashScene\453005587\100617\MusicFlash.htm
C:\Program Files\Tencent2\QQ\460889823\FlashScene\453005587\100617\sample.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\a5164b7c3bf54ce0e4b347bfe44a69b3.jpg
C:\Program Files\Tencent2\QQ\460889823\FlashScene\FlashSceneConfig.dat
C:\Program Files\Tencent2\QQ\460889823\FlashScene\SceneFlash.swf
C:\Program Files\Tencent2\QQ\460889823\FlashScene\SceneList.xml
C:\Program Files\Tencent2\QQ\460889823\FlashScene\sceneplayer.js
C:\Program Files\Tencent2\QQ\460889823\Gad.dat
C:\Program Files\Tencent2\QQ\460889823\Gad_tmp.dat
C:\Program Files\Tencent2\QQ\460889823\GameInfo.dat
C:\Program Files\Tencent2\QQ\460889823\HostAlertData\AlertMain.htm
C:\Program Files\Tencent2\QQ\460889823\HostAlertData\AlertTop.htm
C:\Program Files\Tencent2\QQ\460889823\HostAlertData\ViewAlerByTime.htm
C:\Program Files\Tencent2\QQ\460889823\HostAlertData\ViewAlertByVendor.htm
C:\Program Files\Tencent2\QQ\460889823\HostAlertData\Welcome.htm
C:\Program Files\Tencent2\QQ\460889823\image\{00D52B4F-5820-41C7-B3B7-B71EC29D2D47}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{05048C7D-6426-4CFD-BAC9-113FBB02796E}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{08A912D3-45AD-48F8-846F-0A4D1033D0E9}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{09634123-7D32-4F3A-82C2-CFE9D8CD29D3}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{096BFF92-94B2-4FD2-BB53-FC27B1900EDE}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{097314F6-D989-4254-B07A-88891B03CBC5}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0A6E7A08-2967-48DC-B842-CE4B29661A7D}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0A76B18B-93D2-4F50-A313-7E1622829058}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0B6F6764-C7AB-4EC6-87F9-54098A0EC1A9}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0B958D91-53D2-48B8-883A-2755AD9DDB24}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0D2DA2C9-AB69-4FA9-B500-36F58C290F92}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0DA4459D-D34E-4D36-962B-74D2B2A7F0CB}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0DA4459D-D34E-4D36-962B-74D2B2A7F0CB}1.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0DA4459D-D34E-4D36-962B-74D2B2A7F0CB}2.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0EFD4188-25D4-41D1-A8DD-3B19CA465972}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{0FE3628C-6A44-4713-A811-574A40ECD03A}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{10BDC4E8-5A10-4D96-A7DC-9E07CF524667}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{125B1237-63B2-4834-B323-3BD73EB82A2F}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{156BB615-7964-40D6-9D23-BE1F891172F6}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{16EA0F62-B83F-46B4-AFDF-37C59345ECE0}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{172E797F-FF0B-49F7-86E3-C6A28DB78250}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1745F3BA-48DA-4FF4-9A79-F4BD6078544C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{181A0145-F638-427A-BCDC-713C6F32B5EC}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{18638995-BC41-46E6-8753-303A6D61EC27}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1992F4F6-F6AD-49E0-B4D4-82471AA89B0B}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{19B86210-AD75-4FB2-8150-2068497A87F2}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1A05A0F7-8442-4113-85F3-E2FB439322C1}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{1A981202-4229-429E-9FCC-0D700D7D47E9}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1A981202-4229-429E-9FCC-0D700D7D47E9}1.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1AB510BE-93F1-4E4B-9BD3-B77F4D3CEF2C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1B0EEE4F-0512-42E1-87D5-1FBE59D9A4A1}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1B9981B8-FA95-4ACD-A08B-C266A78288C4}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1BC1B2CE-1C82-4E99-841F-D068F01705C2}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{1D9CB923-9D92-4241-91B7-11FE05FD7A57}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{204271F7-4702-41AB-83C6-DBCF9668CB44}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{20F5BE29-732D-4EE3-A325-0FBF3D7CF262}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2198B7C3-CE88-4E67-B979-73E0E049F126}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{21AD4B88-603B-4817-9440-64282280607F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{220C6F0B-CBD3-4419-B07D-48E9C4368DC2}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{22D159FE-055B-48DA-8184-BE31FF7147B4}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2340235B-50A9-4E94-9050-FA900E7A6F88}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{25164CCD-5A0C-4EB6-9903-DE5248996A4C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{267CFC81-0C54-4AEB-B7EC-9748447277B3}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{27447DF0-5F8B-4ABD-BA2B-87D13C775C96}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2899F9A4-2D46-40DB-87C4-DBB7C78FBE9F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2923CC5C-9775-4BB1-9826-0442769245DF}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{29D5B396-A5D0-4DA8-BF52-3A9341E34538}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2A8C80A2-B7AE-4B67-9630-1C2B7CA9597D}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2B9B5191-95F3-474A-AD37-7C33E1EA778E}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{2C56CF3D-B970-4A24-B7B3-08786E12D015}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{2D69F2BF-71C5-4F5C-8499-48FDBD744211}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{2FC797F8-7761-4BDD-8A30-81819CF0034F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{30D091BF-1420-4517-914A-1B5C31E088F0}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{32524F58-302F-4F8A-B160-19CDDDF74950}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{32A6D9D6-537B-49B7-B20C-C921A3DF2617}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{337534DC-B724-4D16-A04A-19EE9FDD67D1}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{33AAA67E-5D68-4E27-904E-3EBD1DC71B3C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{3497D12E-43C0-41C8-9D39-223DA0450C32}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{360B2FD8-DA9B-477D-9F32-9439226ACC5D}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{366942C6-92EF-4D24-99D7-312BCA906AA3}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{36AB29D0-CDA8-4786-B26A-EBFB4440BA1D}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{3FE85806-69DE-415D-822F-0E59F6F8E967}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{401A54E3-BE49-4C40-B138-3468D650D4E6}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{41F35E68-8BCE-4E23-9119-C14ACFB10D39}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{42BBD0A1-FA2C-4EA5-BAA2-B5EF680F9D91}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{465CBDD3-5E84-4CB7-9D77-9FECF04D51B5}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{465CBDD3-5E84-4CB7-9D77-9FECF04D51B5}1.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{481FD54C-81CF-4AB8-8041-0A845B293C40}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{4830A39B-B7AE-4665-874E-CC338C961877}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{48382C21-19B3-4260-84A9-EE7B3867E6CC}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{49551123-857D-4803-9D56-73F7379234EB}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{4CEA7A46-D155-4568-87BE-B07981DEF666}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{515D0EDD-4BB4-4679-95C1-E4F2F8B8C776}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{51C24394-A17F-4ABA-9AE2-ACDCC7D38962}.GIF
C:\Program Files\Tencent2\QQ\460889823\image\{524FB2F7-3A52-4ADB-BE77-9BEBDF2E3776}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{528BFC7D-4C44-44FE-87EE-D8E37616E093}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{529EBFEB-E139-42CB-8FAF-411C034AF944}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{52E0C170-DB22-4A6C-BCFA-5FCBA3130CAA}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{534C4610-7E93-452E-A8AD-B47BC5CCB6BA}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{54FC36BD-DDD3-49FE-B09D-90937852BC2C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{55DA10F5-C32A-49AA-A94B-22C8AA91BCA3}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{56563A98-1F15-4083-9514-37796BC81983}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{56C7E9B3-0E62-476F-98FB-0BBDB545F3F8}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{583A80F3-786D-4401-9ED7-6CC9B10381BF}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{585765C7-634D-47A1-A7F0-60E9C6804E3F}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{589E915F-B371-4A8E-930B-535B3E39CCDA}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{58A2100A-0F33-43AB-B3C7-84EBB1832321}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{58F3B2C8-13C7-4D11-831C-E48941D2DDCA}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{59E39828-9799-42AE-A6C0-DEFFF5F06863}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{5A525BAA-513A-41FF-8B48-B91BF9A3080F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{5D7B0494-A0F4-4263-858B-349E03644BE3}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{5FD196C3-BF61-4904-8E1C-7D13F66859EF}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{607E0485-C339-43C4-BB60-6E45EB768D1A}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{61F080BE-AB00-447F-8BC3-B7CA447EBFE0}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{62813669-6A79-4529-B4C7-7F7AC683B718}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{643544E6-C9F6-40CD-B3BC-0DFE73354E08}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{64CAB791-719E-4DA4-A4DD-FB6127BFC712}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{66771436-0DC3-48E3-9D14-493B1BE0C091}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6953EC06-2EA1-46CF-8A9C-A9698C56F9E3}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6A1C884A-10ED-47A1-A117-B4002413E981}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6AE9F066-98F9-4A7E-87B6-413597ED2AA4}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{6C461719-1ED8-41F0-B96A-109458A144C3}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6C638E6D-FEBB-4836-8325-8E1871F41DD0}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6D07093B-838A-4694-B311-6FC14CEAD97E}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6D6CC4D4-2569-4FF3-B05B-A3339AEC263C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6D894497-B689-4FE5-96CD-46CEFBE7E995}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6DBD5837-098C-41BF-AF6A-4F008DFE2F28}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6E982607-C5BA-4B10-8BDB-710E5EE84890}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6EF9AB9E-BFA4-428A-B067-94974101248C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{6F1AF1BC-CA3C-4119-9C2B-5FB6A78BDD2C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{71323B4F-A840-4683-827E-E17B51E889FB}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7276356E-F068-4AD7-B7BF-09474C7FC4FA}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7290CC76-4467-4E60-8C0D-D38EEC80B4EA}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{72AE5CCA-578C-4FB0-9384-120B852557A9}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7312E412-E1D3-4A0E-88CA-A3BDE4497CCB}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{74C4DA64-9B7C-4B45-AE9D-CBD991C89377}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{76272590-A7C8-49B4-B171-42A3D87BFB17}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7A19BB4F-745A-4583-94F8-65C2B2836AC1}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{7A19BB4F-745A-4583-94F8-65C2B2836AC1}1.gif
C:\Program Files\Tencent2\QQ\460889823\image\{7A4EFA0D-17EB-4797-A01C-D2DF1A28E95E}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7DA8BED2-3298-47C9-B1E7-0E30BFAC62A1}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{7DFF4819-FA12-4E9F-98A2-8CCCA565549B}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7EE25EA5-6A4D-4D78-8C79-793401179BC0}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{7FA4EDF8-C8C5-45B9-A9E9-4E88264DB180}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{818C9166-6F78-4E77-8251-EF767A5CCC04}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{819207F2-C517-45A2-AA4B-E7EAA525E07C}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{81D5F5B4-7978-4731-8F4A-B9E632466D0D}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{8311AE28-CDB1-4B34-9B05-DE2B45C05485}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{83BF9CAF-4453-4384-A986-CD76831AA28E}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{85B5DD1B-B85E-469C-A50A-8045E339D526}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{865A33F3-F269-4C83-84DD-98C46E8B5336}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{88B233DB-5067-4C0F-8BFD-C43698353ADF}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{88C15092-2442-4D4D-A9A0-BCAD587E5D25}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{8A2E7002-1752-4132-8C23-58D52F8BB606}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{8ABCC1F3-217C-4FAE-8B23-61378F525760}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{8CA56B7D-6E06-4771-9908-187481551597}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{8F0C1675-04A7-41B7-9EB9-82DBCC13A440}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{8F16C4BD-5B76-43AC-BDB2-CAADC5262BF4}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{8FDBA46C-5F0B-4BFD-9EEC-D89C5F71B30B}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{92F0737F-5B67-453E-9A8B-BA9D7C296A56}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{93331BF7-7286-4303-BB79-80F05230F2F3}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{966D9636-9731-4D15-A3B7-54FCE81B853F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{9757EFBB-144F-489A-A1C6-5BEE5027328E}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{97E4076C-2027-48E9-B06E-A507E6EBD7F8}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{9C39FA9E-79D9-4EC3-A623-C73E8140DD06}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{9D886E87-696C-4540-BCC7-F9A2DC26AABB}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{9EBB6B01-E337-4995-9434-C86439C131DE}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{9ECFA588-016E-419A-A30A-9307DC322596}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{9F124201-7C88-40C3-9C10-48185BCC34EF}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{9F1BE22F-15A9-456F-8B53-6380A3B87247}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{A03503EB-F25B-445C-B465-C670D58C2E6E}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{A1D8404D-5C00-4CA2-B462-3F152D40C609}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{A547800A-DED2-4894-99DB-3AE2B162BFA2}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{A7D4C80D-4FD7-4401-978C-9A3FADC0021B}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{A83C04B9-CED5-4156-A699-7992D8E3C8AD}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{A8B6098A-160D-421B-965D-1D7A0944DCE1}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{A9377D23-87CD-47FE-81A3-21A5F9C763F0}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{AACD0830-22D6-4312-90EE-DA2DA7D8083F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{AAF6AA28-3F10-4B35-B1D4-437384F73A15}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{ABB756C2-50B5-4B76-B497-6A3E2E3D2F27}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{AC668D0E-2C9D-41B2-8B83-54698E3F77E3}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{AC970430-F039-46D4-862D-15B91CBD8088}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{ACE2EBEF-5236-4480-A408-289CC8AF4823}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{AE35E01B-C3C0-4192-B786-78FF6154A922}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{AF3BEA90-2F9D-4772-9CB1-88F06CA5CDEB}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{B2089101-4502-4F2C-A34E-B55C68D333D9}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{B256E128-9B9D-4D73-AF81-151615E9EB6F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{B41AAED7-55B6-4FC4-97C8-E82B6C28EBD7}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{B49BA768-3568-4DE2-81F5-3657F572B399}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{B914E186-663B-46D6-98B8-8FB354F51F65}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{BBD856CB-9D3C-4AA8-81B3-B2AD69CD2D24}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{BEABCCB8-D3A0-4E96-8761-1DD03C95BD53}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{BF914B88-46C5-4CCF-864D-AC888BBF4451}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{C172319D-964B-414B-A4F6-5A53B1FE0868}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{C1824D2D-3E6C-4F28-82A2-5B0B56DEC53C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{C2DF4A3C-E7FC-43E9-8B35-D43999CC3288}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{C587C0DD-3BB1-44B9-9DBB-F0BD5B77EC39}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{C7CFF2D8-AC60-4DE6-915F-402A6F8770C5}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{C8D64C88-AF72-4F7C-974C-9148543B1F8C}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{CA4C941D-FF0B-44CB-9CAD-24636938BB7F}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{CB0B4030-37D7-494E-B1D1-5511B56D2279}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{CB6EB8AD-ED03-4EBD-BF60-C8ACCABFB547}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{D0464E5C-CEBA-4897-97EF-82BBA635AD6E}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{D2B80140-C3B3-45B2-8A3E-C43C3BC4CB57}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{D54378C9-7181-473B-8178-8D18C5CC4A2A}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{D953776B-7A89-4A0B-BF56-ACA2C1303AB1}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{DC0DB4BE-0FD3-4AC1-95D6-485A206AFFD8}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{DF2F7A29-8366-47B7-B324-84E982239555}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{E23F6961-E8F7-41D5-A41A-1247A4B31934}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{E28C3B02-E326-424F-8A05-4FE1295457C2}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{E3B55B2F-6598-4F74-831B-66B17901F952}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{E45C2FC0-5BA9-47EF-ABD0-5020459DE888}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{E486277A-4754-4959-AF6E-E1ECE17176E1}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{E7A5DA76-69EE-4106-AF8C-BB71AA51019B}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{EA9C2864-3672-436B-9CE8-024C71942CB4}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{EACEC100-6EB0-4592-9AB2-6120EDDB55E1}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{EB7D3529-77DD-4CB8-AD5A-00861B966282}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{EC8C5E16-7C6D-4935-86A0-C1ED8B0FAFC4}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{F230E274-0AA6-4244-88B2-CF2D276AB998}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{F238B907-D257-4A60-8575-271B58CFBB49}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{F250C982-096C-4E1D-BFC2-B71653FA519D}0.gif
C:\Program Files\Tencent2\QQ\460889823\image\{F2836B4A-4CF2-450A-BAC5-93E65B3BADF6}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{F345648F-9CA2-4FA9-BD4C-1B1C33679027}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{F34DE21D-983A-4D91-8560-74AADC966901}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{F53B35B2-C7CA-4767-B90B-0EFA5108CE7F}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{F58142D5-9663-4455-BD6B-9E5773BC852D}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{F65156EB-62AD-4C3A-9944-FD4E0775EA23}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{F6C89B7A-3354-4B7B-8241-252D8CFE4240}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{F7FACBC6-B21C-4D08-BAEF-6F8D90C48CC5}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{F8B011CF-56EC-4C3A-8F18-6F7757D03085}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\{FA82785F-F5A4-4991-BFA6-C512807C45EC}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{FD0325E7-F661-403B-BA4E-BD17BFBD5E65}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{FDF22DB9-5B9D-4C34-8EF2-22F4B82D4695}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{FE369BFC-7CAB-44E5-BFA2-E7CFCDACB5D7}0.jpg
C:\Program Files\Tencent2\QQ\460889823\image\{FF503EBF-DFEE-4B77-9B94-88BC0DC661EA}.JPG
C:\Program Files\Tencent2\QQ\460889823\image\BB3D99D2152CDCD5676971AB1CA7F638.GIF
C:\Program Files\Tencent2\QQ\460889823\image\Thumbs.db
C:\Program Files\Tencent2\QQ\460889823\message.cfg
C:\Program Files\Tencent2\QQ\460889823\MsgEx.db
C:\Program Files\Tencent2\QQ\460889823\naccountservice.dat
C:\Program Files\Tencent2\QQ\460889823\notes.db
C:\Program Files\Tencent2\QQ\460889823\NQRT.dat
C:\Program Files\Tencent2\QQ\460889823\one4.0
C:\Program Files\Tencent2\QQ\460889823\PanelData\PanelData.ini
C:\Program Files\Tencent2\QQ\460889823\PanelData\portalwarning.xml
C:\Program Files\Tencent2\QQ\460889823\QQAddrCfg.ini
C:\Program Files\Tencent2\QQ\460889823\QQDisk.dat
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\671D1A1066000100.gif
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\9A55BC1F66000100.gif
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\CBD8803066000100.gif
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\E010A71866000100.gif
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\E06CC00E66000100.gif
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\F68DBE1666000100.gif
C:\Program Files\Tencent2\QQ\460889823\QQPetFile\pet.dat
C:\Program Files\Tencent2\QQ\460889823\QQPlayerSvr.dat
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\QQSpaceData.dat
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\Thumbs.db
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp104653012.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp108792117.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp115542279.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp117738004.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp125452931.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp200677020.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp247491808.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp248808342.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp250234989.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp270146919.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp294669666.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp308976908.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp310389024.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp317351527.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp326470223.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp344378958.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp357665607.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp362573760.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp369290636.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp381260913.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp381586934.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp38406412.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp385862942.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp411340680.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp419664680.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp447237891.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp452502218.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp460889823.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp494239236.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp499235010.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp502689984.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp504080628.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp517183952.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp524514035.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp529766872.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp532436378.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp540322448.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp544209810.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp641935923.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp659148594.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp774115629.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp77453938.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp813750475.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp83228768.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp93329918.jpg
C:\Program Files\Tencent2\QQ\460889823\QQSpaceFile\TipBmp94168212.jpg
C:\Program Files\Tencent2\QQ\460889823\qqstatcount.dat
C:\Program Files\Tencent2\QQ\460889823\qqstatcountex.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\270146919.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\270146919.gif
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\317351527.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\317351527.gif
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\381586934.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\381586934.gif
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\38406412.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\38406412.gif
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\413602016.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\413602016.gif
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\94168212.dat
C:\Program Files\Tencent2\QQ\460889823\QQTangFace\94168212.gif
C:\Program Files\Tencent2\QQ\460889823\qquhdata.dat
C:\Program Files\Tencent2\QQ\460889823\QRT.dat
C:\Program Files\Tencent2\QQ\460889823\ShareInfo.db
C:\Program Files\Tencent2\QQ\460889823\User.db
C:\Program Files\Tencent2\QQ\460889823\UserHead\015BD781C6CE01B09550F8749F9FD8B6.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\015BD781C6CE01B09550F8749F9FD8B6_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0166F91C8006CB6749F8010550A129B4.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0166F91C8006CB6749F8010550A129B4_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\02C527B5F6534BD7AFD42D1E37C30840.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\02C527B5F6534BD7AFD42D1E37C30840_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\03E91CE3DEF4FF25358984F746EB3D85.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\03E91CE3DEF4FF25358984F746EB3D85_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\04C5E9D16C0F32F92BEDF6082126E5B9.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\04C5E9D16C0F32F92BEDF6082126E5B9_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\057F4403B202DF341423C929D3BBC3F5.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\057F4403B202DF341423C929D3BBC3F5_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\06D2397CF1A04087AAA5D952D02E2D11.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\06D2397CF1A04087AAA5D952D02E2D11_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\073746F23960DE001C62BAC4537EAB1F.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\073746F23960DE001C62BAC4537EAB1F_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\07939CA8E849E88B079AEC452D7984DE.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\07939CA8E849E88B079AEC452D7984DE_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0A44CB0A1337AF2EE118CC3CCFAE4772.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0A44CB0A1337AF2EE118CC3CCFAE4772_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0A5876B5291EA174365F80CADE6BEFA7.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0A5876B5291EA174365F80CADE6BEFA7_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0A5BCC9D7854135C6B81AB961AB2CA3F.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0A5BCC9D7854135C6B81AB961AB2CA3F_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0B7D0B22F49BD6E4D39699889BE9C4DE.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0B7D0B22F49BD6E4D39699889BE9C4DE_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0C6478A82FA8C0392981AE9438FFB0C7.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0C6478A82FA8C0392981AE9438FFB0C7_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0D08DC3FF0D4848063147CD120DA8ADC.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0D08DC3FF0D4848063147CD120DA8ADC_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0D35FE4D8B324BAD86C2E4D04ACF1157.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0D35FE4D8B324BAD86C2E4D04ACF1157_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0D948045ABCF46D2E2C75C83E1E8E05E.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0D948045ABCF46D2E2C75C83E1E8E05E_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0DFA2BBBC6BF94A878C37EFD46879BA2.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\0DFA2BBBC6BF94A878C37EFD46879BA2_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\13E630D9AE2E1CCE8B1FEA55B055A2E1.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\13E630D9AE2E1CCE8B1FEA55B055A2E1_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\14108AA8449BB4EB2627660407204165.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\14108AA8449BB4EB2627660407204165_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\171D7F86DFCD22156848D66A41A3A8F2.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\171D7F86DFCD22156848D66A41A3A8F2_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1745FD08697C239C173A30CB392A569B.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1745FD08697C239C173A30CB392A569B_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\18E0424321571D5E864856F62AA40652.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\18E0424321571D5E864856F62AA40652_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\18F1284AF975EEC34E90AD53E4712CC5.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\18F1284AF975EEC34E90AD53E4712CC5_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1A0F791D5381B1C1402C2009709915B5.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1A0F791D5381B1C1402C2009709915B5_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1AC022D00C8D44EE14E3C42F970BB783.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1AC022D00C8D44EE14E3C42F970BB783_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1ADA23318AD624F37E8F5D332F798BD6.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1ADA23318AD624F37E8F5D332F798BD6_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1CF68D6D356456FD01E841EB666CFE0F.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1CF68D6D356456FD01E841EB666CFE0F_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1D5898D9BD7CB6EA477A5367BD2A145B.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\1D5898D9BD7CB6EA477A5367BD2A145B_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\22842C8BAC32B3FD4CF123CE9FAC5E8D.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\22842C8BAC32B3FD4CF123CE9FAC5E8D_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\231A94977EC20DB954EE2807F89A9C53.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\231A94977EC20DB954EE2807F89A9C53_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2419ACACC9573A2BFD8FDA31DD9804C2.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2419ACACC9573A2BFD8FDA31DD9804C2_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\25CB7519B89A582DAA763A8BD5CD9499.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\25CB7519B89A582DAA763A8BD5CD9499_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\26720E31B34FD67ECB4EE1C1A9A53E12.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\26720E31B34FD67ECB4EE1C1A9A53E12_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\271D7F17B0EE248368526FC9D329271A.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\271D7F17B0EE248368526FC9D329271A_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\284021660925603F7B267DC53994FABD.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\284021660925603F7B267DC53994FABD_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\29D336C5BF54B4033FE370E819F30712.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\29D336C5BF54B4033FE370E819F30712_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\29D73F756E24DBC8B2E116B691F93395.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\29D73F756E24DBC8B2E116B691F93395_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2A4150DF6DFE1CABB8391D61820BC0E8.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2A4150DF6DFE1CABB8391D61820BC0E8_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2AA02D8F626A68173CC75ADA735BB482.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2AA02D8F626A68173CC75ADA735BB482_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2B28FDB88CBF9C65A153B4D0196E9F41.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2B28FDB88CBF9C65A153B4D0196E9F41_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2B4D3CFE7EFAD0FAC885E97DBBE5BC4B.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2B4D3CFE7EFAD0FAC885E97DBBE5BC4B_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2D3FC9A4B36491F90D8BC118BDC5BF64.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2D3FC9A4B36491F90D8BC118BDC5BF64_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2E30370CEA67838977EF14CAE33750B8.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2E30370CEA67838977EF14CAE33750B8_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2E7145C3BB506C4863FB05A0488DC484.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2E7145C3BB506C4863FB05A0488DC484_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2EDB32A751121E5967BE1EB702CD6B14.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2EDB32A751121E5967BE1EB702CD6B14_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2FA8A6258299AA97755ED41A1C4B5F0E.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\2FA8A6258299AA97755ED41A1C4B5F0E_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\31482DE9D77ADA0DE85911C3AF852EE7.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\31482DE9D77ADA0DE85911C3AF852EE7_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\32D5DA28154A7B8FCB0754FAEDB9A054.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\32D5DA28154A7B8FCB0754FAEDB9A054_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3418208EC0D39B7A1B5EE7786C1228C3.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3418208EC0D39B7A1B5EE7786C1228C3_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\352AA63615B3E01D93674562ADBE863C.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\352AA63615B3E01D93674562ADBE863C_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\35782F0A492D19B20131B1BBEFDF1139.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\35782F0A492D19B20131B1BBEFDF1139_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\35A24708C288067285325D9BDC729536.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\35A24708C288067285325D9BDC729536_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\36A92D0A1D54E9E20884E6C196096545.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\36A92D0A1D54E9E20884E6C196096545_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3711422985FE2582732D3F980A8D50B3.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3711422985FE2582732D3F980A8D50B3_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\378CD0CCD0DEE3C0477AF03CDD8E8809.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\378CD0CCD0DEE3C0477AF03CDD8E8809_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\380ED5034BC68FE24BFEF2536F661C31.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\380ED5034BC68FE24BFEF2536F661C31_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\38E59C67428022C5A755477DA56FD0C7.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\38E59C67428022C5A755477DA56FD0C7_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\39289C10B6775928C69EE54274C53D57.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\39289C10B6775928C69EE54274C53D57_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3B587A9173E6D05C9FCB4813B76EC073.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3B587A9173E6D05C9FCB4813B76EC073_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3C2A841E0083BD488FA42A48A923F627.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3C2A841E0083BD488FA42A48A923F627_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3D39E65CA16ED3AB3C971C7993A8894F.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3D39E65CA16ED3AB3C971C7993A8894F_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3D7BBC7A12DC7187EFBD6974D68AE921.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3D7BBC7A12DC7187EFBD6974D68AE921_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3E0B72372991CB5458FCA5544C0873C6.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3E0B72372991CB5458FCA5544C0873C6_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3F8A025F2EF4197C205D3F5844F9C2BC.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3F8A025F2EF4197C205D3F5844F9C2BC_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3FA39AB71590D70191E89C4A22BB4D17.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3FA39AB71590D70191E89C4A22BB4D17_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3FB251718F0FFF5C81663015FED77F45.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3FB251718F0FFF5C81663015FED77F45_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3FD42311EE3011A8EF7B36A2A5D59B51.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\3FD42311EE3011A8EF7B36A2A5D59B51_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\40F93292014FBE490AD8C43485EBE53B.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\40F93292014FBE490AD8C43485EBE53B_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\41154A5AF4DBD632055216BEC523E0A3.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\41154A5AF4DBD632055216BEC523E0A3_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\444AE12EF3D079960219D4A81D20DFA8.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\444AE12EF3D079960219D4A81D20DFA8_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\44A3212E1E50BED249E4B66C8ECD33D2.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\44A3212E1E50BED249E4B66C8ECD33D2_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\452A7D931256BD8CDD6DCAE6987E0A76.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\452A7D931256BD8CDD6DCAE6987E0A76_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\454375A68B81C03A8B7D216A5D3B5E6B.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\454375A68B81C03A8B7D216A5D3B5E6B_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4644A16FCBA2B6887947BC8036296EF0.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4644A16FCBA2B6887947BC8036296EF0_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4766ECA04B81A823D199E5A3E3D6EDB0.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4766ECA04B81A823D199E5A3E3D6EDB0_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\48F388AA0DC2D4053EDC228EFC4FDB64.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\48F388AA0DC2D4053EDC228EFC4FDB64_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4A362D7558F240EFD98274CD7F1298BD.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4A362D7558F240EFD98274CD7F1298BD_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4B2280290AFBBE9611243CBC9FED165D.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4B2280290AFBBE9611243CBC9FED165D_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4B648B06C86C14AA65A7270166A6F17B.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4B648B06C86C14AA65A7270166A6F17B_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4C0D3265EC9C0AC196602B62CEF0E0DD.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4C0D3265EC9C0AC196602B62CEF0E0DD_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4DED20429E454B89DF5B4C50AAB4E41F.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4DED20429E454B89DF5B4C50AAB4E41F_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4E3922A0733D789AB2B49DE86CBA3236.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4E3922A0733D789AB2B49DE86CBA3236_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4F2794B047D43ACFCD4767B8D42E70A0.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4F2794B047D43ACFCD4767B8D42E70A0_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4F5C25DAD3E85B661610E441DDD38606.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\4F5C25DAD3E85B661610E441DDD38606_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\5031C0D18E82B94E658032223F6878DD.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\5031C0D18E82B94E658032223F6878DD_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\52AC795955D6A8F9D52E398B5C4EE255.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\52AC795955D6A8F9D52E398B5C4EE255_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\54DB67D4E37FD2B1EC9F5BC56460F89E.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\54DB67D4E37FD2B1EC9F5BC56460F89E_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\55B3B1632CCA79E5357AFFE728F2B966.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\55B3B1632CCA79E5357AFFE728F2B966_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\5690990046B14A14613AB4A0CC4C1BFF.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\5690990046B14A14613AB4A0CC4C1BFF_m.bmp
C:\Program Files\Tencent2\QQ\460889823\UserHead\58DB46AEDC843E35A47C7634BEF6A097.bmp

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #37 on: July 31, 2008, 06:24:09 AM »
Combofix log is very long so I attach the text file here.
MBAM & hijackthis log:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

下午 02:43:43 2008/7/31
mbam-log-7-31-2008 (14-43-43).txt

Scan type: Full Scan (C:\|D:\|G:\|H:\|)
Objects scanned: 123489
Time elapsed: 39 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{825c19d3-35ce-428f-876b-88e080466689} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0409743c-e5e3-4bdd-9ec7-eff622530282} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/nowstarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40722371-e24c-4b36-8e76-010bb6c7185b} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f553c18-15e6-4e5e-8f44-add50de754ed} (Adware.CWS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nowstarter.nowstarterctrl.1 (Adware.CWS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\NowStarter.ocx (Adware.CWS) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\360safe\修复工具.exe.vir     (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3EED5431-4801-4D56-B5FF-A45F2F17E549}\RP81\A0019787.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\install (Rogue.Multiple) -> Delete on reb

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 03:04:34, on 2008/7/31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &U妏蚚馨譙儂け狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html
O8 - Extra context menu item: Foxy 更 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent2\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent2\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent2\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent2\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent2\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent2\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent2\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217048583890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217048096875
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: 自動 LiveUpdate 排程器 - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

--
End of file - 7685 bytes


Thanks.

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #38 on: July 31, 2008, 06:33:32 AM »
I am sorry.
Here's the combofix log.

[attachment deleted by admin]

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I think I am infected
« Reply #39 on: August 01, 2008, 12:18:25 AM »
Hi, Silvia. 

Edit:  My apology.  I just realized that I misread Bobby's suggestion.  I need to locate the download site for the correct tool that he suggested.

Here you go: 

Please download GMER from http://www.gmer.net/files.php

-- Unzip it to your desktop
-- Go to Rootkit/Malware tab > right-click in the middle of the form > Select Options > check Only non-Microsoft files

When it has finished press copy and post the log here.

Thank you!

Don't fix anything with it


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #40 on: August 01, 2008, 12:52:46 PM »
Hello, Corrine.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-01 21:48:09
Windows 5.1.2600 Service Pack 2


---- Modules - GMER 1.0.14 ----

Module   viaidexp.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.)                                                                      F8A3A000-F8A3C000 (8192 bytes)
Module   viamraid.sys (VIA RAID DRIVER FOR WIN 2000/XP/2003IA32/VIA Technologies inc,.ltd)                                                         F8466000-F8479000 (77824 bytes)
Module   viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.)                                                                                    F87C6000-F87CD000 (28672 bytes)
Module   \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.65 /NVIDIA Corporation)             F7FA6000-F8311000 (3584000 bytes)
Module   \SystemRoot\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.)                                   F7E8A000-F7F24000 (630784 bytes)
Module   \SystemRoot\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura)                                                         F7E04000-F7E66000 (401408 bytes)
Module   \SystemRoot\System32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc.              )                                   F8816000-F881D000 (28672 bytes)
Module   \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                    F887E000-F8883000 (20480 bytes)
Module   \SystemRoot\system32\DRIVERS\pctfw.sys (PC Tools NDIS Driver/PC Tools)                                                                    F7D58000-F7D6F000 (94208 bytes)
Module   \SystemRoot\System32\Drivers\vulfntr.sys (VIA USB Roothub Lower Filter Driver/VIA Technologies, Inc.)                                     F7F6E000-F7F71000 (12288 bytes)
Module   \??\C:\WINDOWS\system32\drivers\pctfw2.sys (PC Tools TDI Driver/PC Tools)                                                                 F5A83000-F5AA9000 (155648 bytes)
Module   \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                F88FE000-F8904000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                   F596C000-F597D000 (69632 bytes)
Module   \??\C:\Program_Files\Avira\AntiVir_PersonalEdition_Classic\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                    F8A62000-F8A64000 (8192 bytes)
Module   \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 82.65 /NVIDIA Corporation)                      BF9D3000-BFD90000 (3919872 bytes)
Module   \??\C:\Program_Files\Tencent\QQ\npkcrypt.sys (nProtect KeyCrypt Driver/INCA Internet Co., Ltd.)                                           F8906000-F890C000 (24576 bytes)
Module   \??\C:\Program_Files\Avira\AntiVir_PersonalEdition_Classic\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                              B959F000-B95B3000 (81920 bytes)
Module   \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation)                                               F880E000-F8814000 (24576 bytes)
Module   \??\C:\WINDOWS\system32\drivers\FWAuthDriver.sys (PC Tools Authorization Driver/PC Tools)                                                 F8786000-F8793000 (53248 bytes)
Module   \SystemRoot\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER)                                                              B7C95000-B7CAA000 (86016 bytes)

---- Processes - GMER 1.0.14 ----

Process  C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)                                                                          228
Library  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.)                                0x02020000
Library  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT (PDF Shell Extension/Adobe Systems, Inc.)                                0x02080000
Library  C:\Program Files\WinRAR\rarext.dll                                                                                                        0x02100000
Library  C:\Program Files\TextPad 4\System\shellext.dll (TextPad shell extension DLL/Helios Software Solutions)                                    0x10000000
Library  C:\Program Files\Power MP3 WMA Converter\shellext.dll (Power MP3 WMA Converter Shell Extension./CooolSoft)                                0x02790000
Library  C:\Program Files\7-Zip\7-zip.dll (7-Zip Shell Extension/Igor Pavlov)                                                                      0x02EA0000
Library  C:\Program Files\Unlocker\UnlockerCOM.dll                                                                                                 0x02FC0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll (ShlExt.dll/Avira GmbH)                                                 0x02FE0000
Library  C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation)                             0x03070000

Process  C:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.)                                                               388
Library  C:\WINDOWS\SOUNDMAN.EXE (Realtek Sound Manager/Realtek Semiconductor Corp.)                                                               0x00400000

Process  C:\Program Files\QuickTime\QTTask.exe (QuickTime Task/Apple Inc.)                                                                         396
Library  C:\Program Files\QuickTime\QTTask.exe (QuickTime Task/Apple Inc.)                                                                         0x00400000

Process  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Antivirus On-Access Service/Avira GmbH)                               456
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Antivirus On-Access Service/Avira GmbH)                               0x00400000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll (Event Logger/Avira GmbH)                                             0x10000000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll (AntiVir Guard Messages (Deutsch)/Avira GmbH)                         0x003E0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll                                                                        0x00C10000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                 0x00D70000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                   0x00D80000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL (On-access scan support/Avira GmbH)                                      0x01190000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                          0x013D0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                           0x01410000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                        0x01440000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                           0x014A0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                           0x014D0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                          0x01550000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll                                                                        0x015C0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                        0x01640000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                          0x01690000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                          0x017F0000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                           0x01820000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                           0x01880000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                            0x01900000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll (AVIRA IPC Library/Avira GmbH)                                           0x01AB0000

Process  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.)                                    484
Library  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.)                                    0x00400000

Process  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                  492
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                  0x00400000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll (Antivirus Control Center Common Library/Avira GmbH)                     0x10000000
Library  c:\program files\avira\antivir personaledition classic\ccgen.dll (Control Center General Plugin/Avira GmbH)                               0x00C60000
Library  c:\program files\avira\antivir personaledition classic\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                   0x00CB0000
Library  c:\program files\avira\antivir personaledition classic\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                               0x00CC0000
Library  c:\program files\avira\antivir personaledition classic\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                     0x00D00000
Library  c:\program files\avira\antivir personaledition classic\avipc.dll (AVIRA IPC Library/Avira GmbH)                                           0x00D10000
Library  c:\program files\avira\antivir personaledition classic\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                            0x00D40000
Library  c:\program files\avira\antivir personaledition classic\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                   0x00D60000
Library  c:\program files\avira\antivir personaledition classic\cclic.dll (Control Center License Plugin/Avira GmbH)                               0x00D70000
Library  c:\program files\avira\antivir personaledition classic\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                   0x00D80000
Library  c:\program files\avira\antivir personaledition classic\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                               0x00D90000

Process  C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 82.65/NVIDIA Corporation)                                          572
Library  C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 82.65/NVIDIA Corporation)                                          0x00400000

Process  C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools Firewall GUI/PC Tools)                                                  580
Library  C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools Firewall GUI/PC Tools)                                                  0x00400000
Library  C:\Program Files\PC Tools Firewall Plus\Objects.dll (PC Tools Firewall common objects/PC Tools)                                           0x10000000
Library  C:\Program Files\PC Tools Firewall Plus\Comms.dll (PC Tools Coomunication library/PC Tools)                                               0x010F0000
Library  C:\Program Files\PC Tools Firewall Plus\FirewallPlugin.dll (PC Tools Firewall GUI plugin/PC Tools)                                        0x012D0000

Process  C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools Firewall Plus service/PC Tools)                                           648
Library  C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools Firewall Plus service/PC Tools)                                           0x00400000
Library  C:\Program Files\PC Tools Firewall Plus\FirewallWrapper.dll (PC Tools Firewall engine/PC Tools)                                           0x10000000
Library  C:\Program Files\PC Tools Firewall Plus\Objects.dll (PC Tools Firewall common objects/PC Tools)                                           0x00A70000
Library  C:\Program Files\PC Tools Firewall Plus\Comms.dll (PC Tools Coomunication library/PC Tools)                                               0x00C50000
Library  C:\Program Files\PC Tools Firewall Plus\PCTWSC.dll (PCTWSC Dynamic Link Library/PC Tools)                                                 0x00E90000
Library  C:\Program Files\PC Tools Firewall Plus\FWAuth.dll (PC Tools Firewall Autherization engine/PC Tools)                                      0x01FC0000

Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                             1888
Library  C:\WINDOWS\system32\E_FLM9BP.DLL (EPSON Bi-directional Monitor/SEIKO EPSON CORPORATION)                                                   0x50400000

Process  C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Antivirus Scheduler/Avira GmbH)                                         1976
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Antivirus Scheduler/Avira GmbH)                                         0x00400000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                               0x10000000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll (Event Logger/Avira GmbH)                                             0x00B90000
Library  C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll                                                                        0x00CB0000

Process  C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation)                                                 2252
Library  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated)  0x10000000
Library  C:\PROGRA~1\SPYBOT~1\SDHelper.dll (SBSD IE Protection/Safer Networking Limited)                                                           0x011F0000
Library  C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.)                                        0x6D7C0000
Library  C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (GoogleToolbarNotifier/Google Inc.)                                   0x01700000
Library  C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Net Transport IE Helper Module/Xi)                                                     0x017E0000
Library  C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx (Adobe Flash Player 9.0  r124/Adobe Systems, Inc.)                                         0x30000000

Process  C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation)                                                 2708
Library  C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated)  0x10000000
Library  C:\PROGRA~1\SPYBOT~1\SDHelper.dll (SBSD IE Protection/Safer Networking Limited)                                                           0x011F0000
Library  C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Java(TM) Platform SE binary/Sun Microsystems, Inc.)                                        0x6D7C0000
Library  C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (GoogleToolbarNotifier/Google Inc.)                                   0x01700000
Library  C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll (Net Transport IE Helper Module/Xi)                                                     0x01900000
Library  C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx (Adobe Flash Player 9.0  r124/Adobe Systems, Inc.)                                         0x30000000

Process  C:\Program Files\Xi\NetTransport 2\NetTransport.exe (Net Transport Download Manager/Xi)                                                   3460
Library  C:\Program Files\Xi\NetTransport 2\NetTransport.exe (Net Transport Download Manager/Xi)                                                   0x00400000
Library  C:\Program Files\Xi\NetTransport 2\libssl.dll (Net Transport SSL Public/Xi)                                                               0x10000000
Library  C:\Program Files\Xi\NetTransport 2\libssh.dll (Net Transport SSH/Xi)                                                                      0x00D30000

Process  C:\Documents and Settings\user\桌面\gmer.exe                                                                                              3612
Library  C:\Documents and Settings\user\桌面\gmer.exe                                                                                              0x00400000
Library  C:\WINDOWS\gmer.dll                                                                                                                       0x72000000

---- Services - GMER 1.0.14 ----

Service  C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura WDM 3D Audio Driver/Sensaura)                                                          [MANUAL] ALCXSENS
Service  C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek AC'97 Audio Driver (WDM)/Realtek Semiconductor Corp.)                                    [MANUAL] ALCXWDM
Service  C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Antivirus Scheduler/Avira GmbH)                                         [AUTO] AntiVirScheduler
Service  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Antivirus On-Access Service/Avira GmbH)                               [AUTO] AntiVirService
Service                                                                                                                                            aswTdi
Service  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                        [SYSTEM] avgio
Service  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                  [MANUAL] avgntflt
Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                    [SYSTEM] avipbb
Service  C:\WINDOWS\System32\drivers\EagleNT.sys                                                                                                   [MANUAL] EagleNT
Service  C:\WINDOWS\System32\DRIVERS\fetnd5.sys (NDIS 5.0 miniport driver/VIA Technologies, Inc.              )                                    [MANUAL] FETNDIS
Service  C:\WINDOWS\system32\drivers\FWAuthDriver.sys (PC Tools Authorization Driver/PC Tools)                                                     [MANUAL] FWAuth
Service  C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER)                                                               [MANUAL] gmer
Service  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google)                                                     [MANUAL] gusvc
Service  C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia USB Phone Bus Driver/Nokia)                                                                  [MANUAL] nmwcd
Service  C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia USB Phone Generic Client/Nokia)                                                             [MANUAL] nmwcdc
Service  C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia USB Phone Modem Client/Nokia)                                                              [MANUAL] nmwcdcj
Service  C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia USB Phone Modem Client/Nokia)                                                              [MANUAL] nmwcdcm
Service  C:\Program Files\Tencent\QQ\npkcrypt.sys (nProtect KeyCrypt Driver/INCA Internet Co., Ltd.)                                               [AUTO] npkcrypt
Service  C:\Program Files\Tencent\QQ\npkycryp.sys                                                                                                  [MANUAL] npkycryp
Service  C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.65 /NVIDIA Corporation)              [MANUAL] nv
Service  C:\WINDOWS\System32\DRIVERS\nv4.sys (NVIDIA Compatible Windows XP Miniport Driver, Version 12.40.20 /NVIDIA Corporation)                  [MANUAL] nv4
Service  C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 82.65/NVIDIA Corporation)                                          [AUTO] NVSvc
Service                                                                                                                                            Outlook
Service  C:\WINDOWS\system32\drivers\pctfw2.sys (PC Tools TDI Driver/PC Tools)                                                                     [SYSTEM] pctfw2
Service  C:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools Firewall Plus service/PC Tools)                                           [AUTO] PCToolsFirewallPlus
Service  C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                     [MANUAL] Ptilink
Service  C:\WINDOWS\system32\DRIVERS\s816bus.sys (Sony Ericsson Device 816/MCCI Corporation)                                                       [MANUAL] s816bus
Service  C:\WINDOWS\system32\DRIVERS\s816mdfl.sys (Sony Ericsson Device 816 USB WMC Modem Filter Driver/MCCI Corporation)                          [MANUAL] s816mdfl
Service  C:\WINDOWS\system32\DRIVERS\s816mdm.sys (Sony Ericsson Device 816 USB WMC Modem WDM Driver/MCCI Corporation)                              [MANUAL] s816mdm
Service  C:\WINDOWS\system32\DRIVERS\s816mgmt.sys (Sony Ericsson Device 816 USB WMC Device Management Driver/MCCI Corporation)                     [MANUAL] s816mgmt
Service  C:\WINDOWS\system32\DRIVERS\s816nd5.sys (Sony Ericsson Device 916 USB Ethernet Emulation (NDIS 5 Miniport)/MCCI Corporation)              [MANUAL] s816nd5
Service  C:\WINDOWS\system32\DRIVERS\s816obex.sys (Sony Ericsson Device 816 USB WMC OBEX Interface Device Driver/MCCI Corporation)                 [MANUAL] s816obex
Service  C:\WINDOWS\system32\DRIVERS\s816unic.sys (Sony Ericsson Device 816 USB Ethernet Emulation/MCCI)                                           [MANUAL] s816unic
Service  C:\WINDOWS\System32\DRIVERS\secdrv.sys                                                                                                    [MANUAL] Secdrv
Service  C:\WINDOWS\system32\DRIVERS\pctfw.sys (PC Tools NDIS Driver/PC Tools)                                                                     [MANUAL] SFilter
Service  system32\DRIVERS\snpstd.sys                                                                                                               [MANUAL] snpstd
Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                 [SYSTEM] ssmdrv
Service  C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation)                                                   [AUTO] symlcbrd
Service  C:\Program Files\Unlocker\UnlockerDriver5.sys                                                                                             UnlockerDriver5
Service  System32\DRIVERS\lgusbbus.sys                                                                                                             [MANUAL] usbbus
Service  System32\DRIVERS\lgusbmodem.sys                                                                                                           [MANUAL] USBModem
Service  C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA NT AGP Filter/VIA Technologies, Inc.)                                                        [BOOT] viaagp1
Service  C:\WINDOWS\System32\DRIVERS\viaidexp.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.)                                          [BOOT] ViaIde
Service  C:\WINDOWS\system32\DRIVERS\viamraid.sys (VIA RAID DRIVER FOR WIN 2000/XP/2003IA32/VIA Technologies inc,.ltd)                             [BOOT] viamraid
Service  C:\WINDOWS\System32\Drivers\vm30xx86.sys (Vimicro 301 AVStream driver /Vimicro Corporation)                                               [MANUAL] VM30xx86
Service  C:\WINDOWS\System32\Drivers\vulfnth.sys (VIA USB Host Controller Lower Filter Driver/VIA Technologies, Inc.)                              [MANUAL] vulfnths
Service  C:\WINDOWS\System32\Drivers\vulfntr.sys (VIA USB Roothub Lower Filter Driver/VIA Technologies, Inc.)                                      [MANUAL] vulfntrs
Service  C:\Program Files\Windows Live\installer\WLSetupSvc.exe                                                                                    [MANUAL] WLSetupSvc
Service  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe                                                                                  [AUTO] 自動 LiveUpdate 排程器

---- EOF - GMER 1.0.14 ----


Thank you.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19557
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I think I am infected
« Reply #41 on: August 02, 2008, 12:25:51 AM »
Hi, Silvia.

The file that Bobby was concerned about checked out just fine!  The only thing he noticed in the log was the leftover from Norton which will interfere with your current anti-virus.  Please run the Norton Removal.  It will remove all the Norton orphan files, services and drivers:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Let's tidy things up.

Please delete the SDFix file if it is still on your computer.  Next, please do the following
  • Click START then RUN
  • Now type Combofix /u in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.


You have a current anti-virus software, so please keep it updated.  You've seen how well MBAM works so continue scanning with it regularly, checking for updates first.

Seeing as how you have re-downloaded Clubbox, there isn't much more we can do for you here.  I wish you the best.  :rose:

Corrine


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Silvia

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
Re: I think I am infected
« Reply #42 on: August 02, 2008, 04:21:23 AM »
Hello, Corrine.
Thank you so much for your help and effort. And thanks to other developers here.
Thank you.