Jump to content

justniice

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Everything posted by justniice

  1. Thank you for your time and effort in it. In a fit of frustration, I have removed every plugin and extension. That seems to have solved the problem. Thank you very much for your kind attention, and have a nice day!
  2. The shortcut target line is where I have installed the chrome application. The problem now is that after I have disabled all the extensions, and the plugins, I still cannot use my default search engine, which I have set to Google. Whenever I search anything in the omnibox, it would make use of the Delta Search engine, which is not found in the list of plugins or extensions or search engines that Chrome provided me with. In other words, this Delta Search has hijacked my chrome, and refused to allow me to remove it. I suspect that another software present in my computer might have downloaded this malicious software into my computer.
  3. Here is addition.txt Thanks again! Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2013Ran by dou dou at 2013-10-24 22:34:01Running from C:\Users\dou dou\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: 360安全卫士 (Enabled - Up to date) {D41B8AC6-0533-735E-95C9-EA6832918CB1}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== «Prison Architect» - Alpha 12 (x32)360安全卫士 (x32 Version: 9.2.0.2001)360电脑专家 8.3.6.0 (x32 Version: 8.3.6.0)³õÈý»¯Ñ§ÉÏ(A) (x32)Adobe AIR (x32 Version: 3.9.0.1030)Adobe CS6 Design and Web Premium (x32 Version: 6)Adobe Download Assistant (x32 Version: 1.2.2)Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)Adobe Reader XI (11.0.03) - Chinese Simplified (x32 Version: 11.0.03)Apple Mobile Device Support (Version: 7.0.0.117)Apple Software Update (x32 Version: 2.1.3.127)Apple 应用程序支持 (x32 Version: 2.3.6)AVerMedia MiniCard Hybrid TV Tuner 1.1.64.56 (x32 Version: 1.1.64.56)AVG 2014 (Version: 14.0.3614)AVG 2014 (Version: 14.0.4158)AVG 2014 (Version: 2014.0.4158)Battlefield Play4Free (x32)Blacklight Retribution (x32)Bluetooth by hp (Version: 6.3.0.8200)Bonjour (Version: 3.0.0.10)Borderlands 2 (x32)CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294)CyberLink YouCam (x32 Version: 3.5.0.4417)D3DX10 (x32 Version: 15.4.2368.0902)Deep Fritz 12 DL (x32 Version: 12 DL)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)DivX Setup (x32 Version: 2.6.1.44)Dota 2 (x32)DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412)Fritz 12 (x32 Version: 12.0.0)Garena - BlackShot (x32 Version: 2.187)Google Chrome (HKCU Version: 30.0.1599.101)Google Talk Plugin (x32 Version: 3.19.1.13088)Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)Hotspot Shield 3.17 (x32 Version: 3.17)HP Auto (Version: 1.0.12935.3667)HP Calendar (x32 Version: 5.1.4245.23508)HP Client Services (Version: 1.1.12938.3539)HP Clock (x32 Version: 5.1.4244.16367)HP Customer Experience Enhancements (x32 Version: 6.0.1.8)HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)HP Deskjet 1050 J410 series Help (x32 Version: 140.0.66.66)HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)HP LinkUp (x32 Version: 2.01.029)HP Magic Canvas (x32 Version: 5.1.15.0)HP Music (x32 Version: 4.2.5707)HP My Display TouchSmart Edition (x32 Version: 1.07.003)HP Notes (x32 Version: 5.1.4274.30382)HP Odometer (x32 Version: 2.10.0000)HP Photo (x32 Version: 4.2.5605)HP Photo Canvas (x32 Version: 5.1.4267.27011)HP Photo Creations (x32 Version: 1.0.0.3781)HP Remote Solution (x32 Version: 1.1.14.0)HP RSS (x32 Version: 5.1.4301.21494)HP Setup (x32 Version: 9.0.15076.3891)HP Setup Manager (x32 Version: 1.2.14901.3869)HP Support Information (x32 Version: 11.00.0001)HP Touch Browser (x32 Version: 5.1.4227.17815)HP TouchSmart Twitter (x32 Version: 3.0.4276.30236)HP Update (x32 Version: 5.003.001.001)HP Vision Hardware Diagnostics (Version: 2.12.1.0)IDT Audio (x32 Version: 1.0.6370.0)iFunbox (v2.6.2375.747), iFunbox DevTeam (x32 Version: v2.6.2375.747)Intel® Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)Intel® Management Engine Components (x32 Version: 7.0.0.1144)iShowen (x32 Version: 1.22.0000)iTunes (Version: 10.6.1.7)iTunes (Version: 11.1.0.126)Java 7 Update 25 (64-bit) (Version: 7.0.250)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)JavaFX 2.1.1 (x32 Version: 2.1.1)Junk Mail filter update (x32 Version: 15.4.3502.0922)KeePass Password Safe 2.23 (x32)LogMeIn Hamachi (x32 Version: 2.2.0.58)Macromedia Extension Manager (x32 Version: 1.7.277)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Mesh Runtime (x32 Version: 15.4.5722.2)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)Microsoft Mathematics (x32 Version: 4.0)Microsoft Office 2010 Service Pack 1 (SP1) (x32)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)Microsoft Office 校对工具 2013 - 简体中文 (Version: 15.0.4420.1017)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Touch Pack for Windows 7 (x32 Version: 1.0.40517.00)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft XNA Framework Redistributable 3.0 (x32 Version: 3.0.11010.0)Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412)Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)MSVCRT (x32 Version: 15.4.2862.0708)MSVCRT_amd64 (x32 Version: 15.4.2862.0708)MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)Mumble 1.2.4 (x32 Version: 1.2.4)No-IP DUC (x32 Version: 3.0.4)Notepad++ (x32 Version: 6.5)NVIDIA Control Panel 296.19 (Version: 296.19)NVIDIA Graphics Driver 296.19 (Version: 296.19)NVIDIA Install Application (Version: 2.1002.62.312)NVIDIA PhysX (x32 Version: 9.12.0213)NVIDIA Update 1.7.12 (Version: 1.7.12)NVIDIA Update Components (Version: 1.7.12)opensource (x32 Version: 1.0.14960.3876)PDF Settings CS6 (x32 Version: 11.0)PlayReady PC Runtime amd64 (Version: 1.3.0)Power2Go (x32 Version: 6.1.5705)PunkBuster Services (x32 Version: 0.990)Python 2.7.5 (x32 Version: 2.7.5150)QuickTime (x32 Version: 7.74.80.86)Realtek PCIE Card Reader (x32 Version: 6.1.7601.82)Recovery Manager (x32 Version: 5.5.0.4424)SDK (x32 Version: 2.28.007)Simple Port Forwarding (x32 Version: 3.2.9)Skype 6.6 (x32 Version: 6.6.14)Soldier Front 2 (x32)Star Conflict (x32)Steam (x32 Version: 1.0.0.0)Team Fortress 2 (x32)Terraria v1.2.0.2 cracked-KEBAB (x32 Version: 1.2.0.2)The Stanley Parable Demo (x32)TSHostedAppLauncher (x32 Version: 5.1.15.0)Tunngle beta (x32)Unity Web Player (HKCU Version: )Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)Update for Microsoft Office 2010 (KB2553065) (x32)Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2566458) (x32)Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)Video (x32 Version: 4.2.5622)Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)Windows Live Communications Platform (x32 Version: 15.4.3502.0922)Windows Live Essentials (x32 Version: 15.4.3502.0922)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (x32 Version: 15.4.3502.0922)Windows Live Language Selector (Version: 15.4.3555.0308)Windows Live Mail (x32 Version: 15.4.3502.0922)Windows Live Mesh (x32 Version: 15.4.3502.0922)Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (x32 Version: 15.4.3502.0922)Windows Live Photo Common (x32 Version: 15.4.3502.0922)Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)Windows Live Remote Client (Version: 15.4.5722.2)Windows Live Remote Client Resources (Version: 15.4.5722.2)Windows Live Remote Service (Version: 15.4.5722.2)Windows Live Remote Service Resources (Version: 15.4.5722.2)Windows Live SOXE (x32 Version: 15.4.3502.0922)Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)Windows Live UX Platform (x32 Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)Windows Live Writer (x32 Version: 15.4.3502.0922)Windows Live Writer Resources (x32 Version: 15.4.3502.0922)Windows Live 软件包 (x32 Version: 15.4.3502.0922)Windows Live 软件包 (x32 Version: 15.4.3555.0308)Windows Live 照片库 (x32 Version: 15.4.3502.0922)WinRAR 5.00 beta 5 (64 位) (Version: 5.00.5)Zinio Reader 4 (x32 Version: 4.2.4164)暴风影音5 (x32 Version: 5.29.0926.1111)国际象棋弗里茨 12 (x32)几何画板 5.0最强中文版 (x32 Version: 5.0.0.0)搜狗拼音输入法 6.7正式版 (x32 Version: 6.7.0.0499)侠盗猎车4 (x32)迅雷7 (x32)用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2)自动优化工具 1.0.0.53 (x32 Version: 1.0.0.53) ==================== Restore Points ========================= 12-10-2013 09:00:15 Removed AVG PC TuneUp 201412-10-2013 09:01:30 Removed AVG PC TuneUp 2014 (en-US)12-10-2013 15:49:21 Device Driver Package Install: Anchorfree Inc Network Service12-10-2013 15:50:30 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters ==================== Hosts content: ========================== 2009-07-14 10:34 - 2013-07-05 23:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0259328C-15F5-4C7C-A9E2-03BECC0FEBE5} - System32\Tasks\{CC07E125-D445-460B-B2C2-CD374239C15E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-08-01] (Skype Technologies S.A.)Task: {0794F27C-30E3-4A5F-84F7-77F8DA7EB220} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)Task: {15A6A689-63CE-4DD9-9F99-3FF8385596E4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core1cdf098e1994741 => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)Task: {26375F09-8A89-437A-BB50-8C1BA258A981} - \360SuperKiller\360SuperKiller No Task FileTask: {2FC701C5-EEF1-4928-9037-9189904115F5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)Task: {341E369F-FA3B-4F77-9A6F-1F816DB938B2} - \KwRunAsStdUser Task10371 No Task FileTask: {366A8C39-EE6D-401E-AEB5-2E2B99DC5AF4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Tune-up Postponed => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {4C3A0BDB-6408-45A7-9409-CDB6A407A003} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA1cdf098e2774e71 => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)Task: {567AF0EA-B08F-4B6B-A796-F4C2F4A44B18} - System32\Tasks\gg_uac_daemon_dou dou => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-07-10] ()Task: {57BFBFCD-17A3-4F41-9E26-603D5A56730D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-09-27] (Hewlett-Packard Company)Task: {6BB8EF39-46BA-433C-A2D7-E62CD5B1C8F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)Task: {7823EF97-705F-440E-A7CF-8E5C71725E23} - \KwRunAsStdUser Task2732 No Task FileTask: {8C337C11-C076-4EE9-8EE2-C26B5FF17FD5} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-29] ()Task: {90B5D0FE-9ECC-4CAF-A186-11D64BDB50AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {AAE15F66-C005-4BEB-83AC-D92D62E60660} - System32\Tasks\HPCeeScheduleFordou dou => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {C1457059-84A6-4B2E-B14A-CE26B08DEB6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2013-09-17] (Hewlett-Packard)Task: {C85F8972-67FF-463F-8CBF-8EC36244B09F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated)Task: {E029FA60-1F64-4B4C-9681-6DCB0E34F066} - System32\Tasks\SogouImeMgr => D:\Program Files\SogouInput\SogouExe\SogouExe.exe [2013-09-12] (Sogou.com Inc.)Task: {E44DDB39-2FAC-4C5A-8B3E-17CA79D1D1CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {EC1D8B5E-5D4A-45D0-B015-5A618DFDF986} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {F0353363-C6F7-4F52-9DC3-5E75A95F04BE} - \WpsUpdateTask_dou dou No Task FileTask: {F090A98F-CA30-4A9C-8039-011315BB2582} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core => C:\Users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04] (Google Inc.)Task: {F36FBC19-14AD-4931-AC37-C92E719FDA8A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)Task: {FAFAA26E-4B25-4E1A-81D2-28E96CD497F4} - \Apple\AppleSoftwareUpdate No Task FileTask: C:\Windows\Tasks\HPCeeScheduleFordou dou.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-11-18 15:51 - 2011-02-16 03:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll2013-05-09 12:38 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll2013-05-09 12:38 - 2013-10-18 18:26 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL2013-05-09 12:38 - 2013-05-09 12:38 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll2013-05-09 12:38 - 2013-07-26 14:18 - 00957232 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll2013-05-09 12:38 - 2013-10-10 19:15 - 00868656 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll2013-05-09 12:38 - 2013-05-09 12:38 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll2013-05-09 12:38 - 2013-07-15 22:29 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll2013-05-09 12:38 - 2013-09-20 19:12 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00147248 _____ () C:\Program Files (x86)\Garena Plus\xIM.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00590128 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00460592 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll2013-05-09 12:38 - 2013-05-09 12:38 - 00194864 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll2013-05-09 12:38 - 2013-06-19 11:39 - 00098608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll2013-05-09 12:38 - 2013-08-06 19:01 - 00236848 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll2013-05-09 12:38 - 2013-09-20 19:11 - 00397104 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll2013-05-09 12:38 - 2013-08-06 19:01 - 00287024 _____ () C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll2013-05-09 12:38 - 2013-06-19 11:39 - 00133936 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dll2013-10-19 15:33 - 2013-09-05 17:12 - 00215856 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll2011-10-18 09:54 - 2011-10-18 09:54 - 00097792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll2011-10-18 09:54 - 2011-10-18 09:54 - 00056832 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll2013-01-24 16:15 - 2013-06-28 16:29 - 00033072 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll2013-02-21 14:46 - 2013-10-10 18:31 - 00382256 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll2013-06-30 10:18 - 2013-10-18 17:38 - 00799024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll2013-05-02 19:34 - 2013-10-18 17:38 - 00022832 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll2010-10-11 13:56 - 2010-10-11 13:56 - 00441705 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll2013-04-30 18:56 - 2013-10-18 17:38 - 02271024 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll2013-04-30 18:55 - 2013-09-05 17:01 - 00108848 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll2011-11-21 13:18 - 2011-11-21 13:18 - 00023552 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll2012-02-22 16:52 - 2012-02-22 16:52 - 00418304 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll2013-02-21 14:46 - 2013-08-06 18:27 - 00077104 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll2013-02-21 14:46 - 2013-06-28 16:29 - 00053040 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll2013-03-12 11:20 - 2013-06-28 16:29 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll2013-02-21 14:47 - 2013-09-05 17:01 - 00046896 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll2013-02-21 14:47 - 2013-09-05 17:01 - 00066864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll2012-12-21 00:55 - 2013-06-28 16:29 - 00041776 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll2013-01-17 19:35 - 2013-06-28 16:29 - 00055600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll2012-12-26 15:13 - 2013-08-23 16:24 - 00089904 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll2013-01-17 19:35 - 2013-07-10 19:17 - 00134960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll2011-10-18 09:54 - 2011-10-18 09:54 - 00024064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll2011-10-18 09:54 - 2011-10-18 09:54 - 00231936 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL2013-02-21 14:47 - 2013-06-28 16:29 - 00056112 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll2012-03-21 17:38 - 2012-03-21 17:38 - 00092672 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll2013-04-26 19:34 - 2013-06-28 16:29 - 00127792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll2013-03-12 15:14 - 2013-05-15 15:02 - 00137520 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll2013-04-26 19:33 - 2013-09-05 17:01 - 00110384 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll2013-05-02 16:49 - 2013-10-18 17:38 - 00849200 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll2013-02-21 14:46 - 2013-08-06 18:27 - 00055600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll2013-10-24 21:35 - 2013-10-09 08:01 - 00698832 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll2013-10-24 21:35 - 2013-10-09 08:01 - 00099792 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll2013-10-24 21:35 - 2013-10-09 08:02 - 04055504 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll2013-10-24 21:35 - 2013-10-09 08:02 - 00415184 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll2013-10-24 21:35 - 2013-10-09 08:01 - 01604560 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll2013-10-24 21:35 - 2013-10-09 08:02 - 13584336 _____ () C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll2013-10-15 11:11 - 2013-10-15 11:11 - 02248704 _____ () C:\Program Files (x86)\Garena Plus\Apps\BlackShot\BlackShot\system\multiplay_sg.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VAGP ATX Chipset => ""="Driver Group"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VAGP ATX Chipset => ""="Driver Group" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7550 Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 7550 Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6552 Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6552 Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5553 Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 5553 Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2013 09:49:01 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4555 System errors:=============Error: (10/24/2013 10:31:51 PM) (Source: NetBT) (User: )Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 25.189.153.13.The computer with the IP address 25.79.12.131 did not allow the name to be claimed bythis computer. Error: (10/24/2013 08:57:21 PM) (Source: Service Control Manager) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. Microsoft Office Sessions:=========================Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 7550 Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 7550 Error: (10/24/2013 09:49:04 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6552 Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 6552 Error: (10/24/2013 09:49:03 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 5553 Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 5553 Error: (10/24/2013 09:49:02 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/24/2013 09:49:01 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4555 CodeIntegrity Errors:=================================== Date: 2013-07-05 23:02:54.286 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 23:02:54.239 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 23:02:54.208 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 23:02:54.161 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 19:37:42.660 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 19:37:42.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 19:37:42.582 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-05 19:37:42.535 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-07 21:12:16.962 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-07 21:12:16.926 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 30%Total physical RAM: 8172.31 MBAvailable physical RAM: 5669.69 MBTotal Pagefile: 16342.8 MBAvailable Pagefile: 12573.67 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:912.05 GB) (Free:668.4 GB) NTFSDrive d: (HP_RECOVERY) (Fixed) (Total:19.37 GB) (Free:1.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ==================== End Of Log ============================
  4. Hi. Here is the FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013Ran by dou dou (administrator) on DOUDOU-HP on 24-10-2013 22:32:55Running from C:\Users\dou dou\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(360.cn) C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(360.cn) D:\360\360jishi\360js.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Windows\SysWOW64\PnkBstrB.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Sogou.com Inc.) D:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1233\SGImeGuard.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe(360.cn) C:\Program Files (x86)\360\360safe\safemon\360tray.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(360.cn) C:\Program Files (x86)\360\360safe\SoftMgr\SML\SoftMgrLite.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe() C:\Program Files (x86)\Garena Plus\ggdllhost.exe() C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\system32\mspaint.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-11-05] (Hewlett-Packard )HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-11-05] (IDT, Inc.)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)HKCU\...\Run: [imeGuardCom] - D:\Program Files\SogouInput\Components\AddressSearch\1.0.0.1233\SGImeGuard.exe [347256 2013-10-17] (Sogou.com Inc.)HKCU\...\Policies\system: [LogonHoursAction] 2HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKCU\...\Policies\Explorer: [NolowDiskSpaceChecks] 1HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-09-16] (Portrait Displays, Inc.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [systray] - C:\Windows\syswow64\systray.exe [8192 2009-07-14] (Microsoft Corporation)HKLM-x32\...\Run: [360Safetray] - C:\Program Files (x86)\360\360safe\safemon\360Tray.exe [884144 2013-09-05] (360.cn)HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cn.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3F6C63D0E77BCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-CNStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope value is missing.BHO: 迅雷下载支持 - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.6.4500.dll (深圳市迅雷网络技术有限公司)BHO: EyeOnIE Class - {20E1725C-7237-41A9-954A-04DCCB1FD16C} - C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll (北京暴风科技股份有限公司)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: 迅雷下载支持 - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.6.4500.dll (深圳市迅雷网络技术有限公司)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.0.50 FireFox:========FF ProfilePath: C:\Users\dou dou\AppData\Roaming\Mozilla\Firefox\Profiles\h2de69z9.defaultFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - c:\Program Files (x86)\Virtual Earth 3D\ No FileFF Plugin-x32: @360.cn/npnpsosalbum;version=1.0 - D:\360\360jishi\np360album.dll (360.cn)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @baofeng.com/npWebStorm - C:\Program Files (x86)\Baofeng\StormPlayer\webplayer\npWebStrom.dll (Beijing Baofeng Inc.)FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF Plugin-x32: @xunlei.com/npaplayer - C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll (ShenZhen Thunder Networking Technologies, LTD)FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll No FileFF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @360.cn/360MMPlugin - C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll (360.cn)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll No FileFF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.comFF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextensionFF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\dou dou\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Battlefield Play4Free Updater) - C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\npBP4FUpdater.dll (EA Digital Illusions CE AB)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (360MMPlugin) - C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll (360.cn)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Baofeng StormPlayer 5) - C:\Program Files (x86)\Baofeng\StormPlayer\webplayer\npWebStrom.dll (Beijing Baofeng Inc.)CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Garena Talk Plugin) - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (XunLei Plugin) - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (APlayer ActiveX hosting plugin) - C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll (ShenZhen Thunder Networking Technologies, LTD)CHR Plugin: (Unity Player) - C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)CHR Plugin: (Google Update) - C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Google Talk Plugin) - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (npsosalbum Module) - D:\360\360jishi\np360album.dll (360.cn)CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Google Drive) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (Tampermonkey) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.66_0CHR Extension: (AdBlock) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0CHR Extension: (Thunder Download Extension for Chrome) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0CHR Extension: (Chrome In-App Payments service) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0CHR Extension: (Skip video ads on Youtube) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanobjfgoogmilhpmlciifoaflmojigf\0.1.2_0CHR Extension: (Battlefield Play4Free) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0CHR Extension: (Gmail) - C:\Users\DOUDOU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0CHR HKLM-x32\...\Chrome\Extension: [hmbifdmobcbjlhplmlnbjbofnnoolink] - C:\Program Files (x86)\Thunder Network\Thunder\BHO\xl_plugin_chrome.crxCHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crxCHR HKLM-x32\...\Chrome\Extension: [pppagaglfkmlpgobnlenhknilehpmcbo] - D:\360\360Safe\safemon\360webshield.crx ==================== Services (Whitelisted) ================= R2 360js; D:\360\360jishi\360js.exe [239024 2013-07-04] (360.cn)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-16] (Portrait Displays, Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5635016 2013-06-25] (INCA Internet Co., Ltd.)R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-09-14] ()R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2013-09-14] ()S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-11-18] (Microsoft Corporation)S3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-07-09] (ShenZhen Xunlei Networking Technologies,LTD)R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe [224192 2013-09-23] (360.cn) ==================== Drivers (Whitelisted) ==================== R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [70336 2013-08-23] (360.cn)R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305336 2013-08-30] (360.cn)R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40120 2013-07-11] (360.cn)R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [227000 2013-10-08] (360.cn)R2 360LanProtect; C:\Windows\System32\DRIVERS\360LanProtect.sys [39112 2013-07-12] (360.cn)R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [62144 2013-05-23] (360.cn)R3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-11] (AVerMedia TECHNOLOGIES, Inc.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)R1 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV64.SYS [191672 2013-09-12] (360.cn)R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-09-18] (AnchorFree Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NWVoltron; C:\Windows\System32\DRIVERS\NWVoltron.sys [28920 2013-02-04] ()S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-24] (n/a)S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-18] ()R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-18] (Anchorfree Inc.)S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39608 2013-06-18] (The OpenVPN Project)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [x]U2 TMAgent; S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-24 22:32 - 2013-10-24 22:32 - 01955412 _____ (Farbar) C:\Users\dou dou\Downloads\FRST64.exe2013-10-24 22:32 - 2013-10-24 22:32 - 00000000 ____D C:\FRST2013-10-24 21:30 - 2013-10-24 21:30 - 00002243 _____ C:\Users\Public\Desktop\BlackShot Launcher.lnk2013-10-24 21:30 - 2013-10-24 21:30 - 00001993 _____ C:\Users\Public\Desktop\BlackShot Garena Plus Launch.lnk2013-10-24 21:30 - 2013-10-24 21:30 - 00001065 _____ C:\Users\Public\Desktop\Garena Plus.lnk2013-10-24 21:08 - 2013-10-24 21:08 - 00000000 ____D C:\GarenaDownload2013-10-24 20:53 - 2013-10-24 20:53 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner (1).exe2013-10-24 20:37 - 2013-10-24 20:51 - 1448268920 _____ C:\Users\dou dou\Downloads\BlackShot_GarenaPlus_Install_2_187.exe2013-10-24 20:36 - 2013-10-24 20:36 - 02751024 _____ C:\Users\dou dou\Downloads\Blackshot_GarenaPlus_Installer.exe2013-10-24 19:46 - 2013-10-24 19:46 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT (1).exe2013-10-24 19:45 - 2013-10-24 20:58 - 00003878 _____ C:\Windows\PFRO.log2013-10-24 19:45 - 2013-10-24 20:58 - 00000112 _____ C:\Windows\setupact.log2013-10-24 19:45 - 2013-10-24 19:45 - 06753536 _____ C:\Windows\system32\FNTCACHE.DAT2013-10-24 19:45 - 2013-10-24 19:45 - 00000000 _____ C:\Windows\setuperr.log2013-10-24 19:42 - 2013-10-24 20:55 - 00000000 ____D C:\AdwCleaner2013-10-24 19:18 - 2013-10-24 19:18 - 00013937 _____ C:\Users\dou dou\Desktop\JRT.txt2013-10-24 19:04 - 2013-10-24 19:04 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner.exe2013-10-24 19:04 - 2013-10-24 19:04 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT.exe2013-10-24 19:00 - 2013-10-24 19:00 - 00030149 _____ C:\Users\dou dou\Desktop\dds.txt2013-10-24 19:00 - 2013-10-24 19:00 - 00011363 _____ C:\Users\dou dou\Desktop\attach.txt2013-10-24 18:58 - 2013-10-24 18:58 - 00094408 _____ C:\Users\dou dou\AppData\Local\GDIPFONTCACHEV1.DAT2013-10-24 18:55 - 2013-10-24 18:56 - 00000000 __SHD C:\Users\dou dou\AppData\Roaming\360Quarant2013-10-24 18:55 - 2013-10-24 18:55 - 00000000 __SHD C:\$360Section2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 ____R (Swearware) C:\Users\dou dou\Downloads\dds.com2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 _____ (Swearware) C:\Users\dou dou\Downloads\dds (1).com2013-10-24 18:36 - 2013-10-24 18:36 - 00003136 _____ C:\Windows\System32\Tasks\{16C98054-64E8-47BB-B688-6855F9598B54}2013-10-24 18:30 - 2013-10-24 18:30 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\dou dou\Downloads\rkill.exe2013-10-24 18:25 - 2013-10-24 18:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Expert2013-10-24 18:23 - 2013-10-24 18:23 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-24 18:23 - 2013-10-24 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-24 18:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-10-24 18:21 - 2013-10-24 18:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\dou dou\Downloads\mbam-setup-1.75.0.1300.exe2013-10-24 18:18 - 2013-10-24 18:18 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Aiyoyo_45490202013-10-24 12:58 - 2013-10-24 12:58 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\sfe2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Garena2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\ProgramData\Garena2013-10-21 21:06 - 2013-10-21 21:06 - 39401336 _____ (Apple Inc.) C:\Users\dou dou\Downloads\QuickTimeInstaller.exe2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731.user.js2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731 (1).user.js2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software2013-10-17 20:33 - 2013-10-17 20:33 - 00085370 _____ C:\Users\dou dou\Downloads\xliveless-0.999b7.rar2013-10-13 12:41 - 2013-10-13 12:41 - 01111552 _____ C:\Users\dou dou\Downloads\TerrariViewer.exe2013-10-13 12:28 - 2013-10-13 12:28 - 00000000 ____D C:\ProgramData\RELOADED2013-10-13 12:26 - 2013-10-10 08:02 - 00000000 ____D C:\Users\dou dou\Desktop\Terrariacrack2013-10-13 12:24 - 2013-10-13 12:25 - 39882755 _____ C:\Users\dou dou\Downloads\terraria 1.2.0.3.1.rar2013-10-13 11:55 - 2013-10-13 11:55 - 00018473 _____ C:\Users\dou dou\Downloads\[rutracker.org].t4141528.torrent2013-10-13 11:54 - 2013-10-13 11:54 - 00012980 _____ C:\Users\dou dou\Downloads\Terraria.1.2.0.3.1.torrent2013-10-13 11:53 - 2013-10-13 11:53 - 00012980 _____ C:\Users\dou dou\Downloads\[kickass.to]terraria.1.2.0.3.1-title=[kickass.to]terraria.1.2.0.3.1.torrent2013-10-13 11:53 - 2013-10-13 11:53 - 00012896 _____ C:\Users\dou dou\Downloads\[isoHunt] 4930299.torrent2013-10-13 00:09 - 2013-10-13 00:09 - 00000406 _____ C:\Users\dou dou\Downloads\proxy.pac2013-10-12 23:50 - 2013-10-12 23:50 - 00001122 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-10-12 23:49 - 2013-09-18 04:31 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-10-12 23:48 - 2013-10-12 23:48 - 00000000 ____D C:\Users\dou dou\AppData\Local\TNT22013-10-12 23:47 - 2013-10-12 23:47 - 00583584 _____ C:\Users\dou dou\Downloads\hotspotshield-setup.exe2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\ProgramData\LogMeIn2013-10-10 22:37 - 2013-10-10 22:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-10-10 21:39 - 2013-10-10 21:39 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria2013-10-10 21:32 - 2013-10-10 21:32 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG2013-10-10 21:31 - 2013-10-10 21:48 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}2013-10-10 21:31 - 2013-10-10 21:33 - 00000000 ____D C:\ProgramData\AVG2013-10-10 21:30 - 2013-10-10 21:31 - 78411688 _____ (AVG) C:\Users\dou dou\Downloads\avg_tuh_stf_all_2014_174_24c28.exe2013-10-10 21:25 - 2013-10-19 10:03 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk2013-10-10 21:25 - 2013-10-10 21:25 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\TuneUp Software2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG20142013-10-10 21:24 - 2013-10-12 17:01 - 00000000 ____D C:\Program Files (x86)\AVG2013-10-10 21:24 - 2013-10-10 21:25 - 00000000 ____D C:\ProgramData\AVG20142013-10-10 21:24 - 2013-10-10 21:24 - 00000000 ___HD C:\$AVG2013-10-10 21:20 - 2013-10-24 17:21 - 00000000 ____D C:\ProgramData\MFAData2013-10-10 21:20 - 2013-10-10 21:37 - 00000000 ____D C:\Users\dou dou\AppData\Local\Avg20142013-10-10 21:20 - 2013-10-10 21:20 - 04425448 _____ (AVG Technologies) C:\Users\dou dou\Downloads\avg_free_stb_all_2014_4116_cnet.exe2013-10-10 21:20 - 2013-10-10 21:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\MFAData2013-10-10 21:11 - 2013-10-10 21:11 - 00485905 _____ C:\Users\dou dou\Desktop\terraria-server.zip2013-10-10 17:28 - 2013-09-14 09:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2013-10-10 17:28 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-10-10 17:28 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll2013-10-10 17:28 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll2013-10-10 17:28 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-10-10 17:28 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-10-10 17:28 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll2013-10-10 17:28 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-10-10 17:28 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2013-10-10 17:28 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-10-10 17:28 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-10-10 17:28 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-10-10 17:28 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2013-10-10 17:28 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-10-10 17:28 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2013-10-10 17:28 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-10-10 17:28 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-10-10 17:28 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-10-10 17:28 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-10-10 17:18 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-10 17:18 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2013-10-09 17:39 - 2013-08-28 09:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-10-09 17:34 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2013-10-09 17:29 - 2013-07-12 18:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys2013-10-09 17:29 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys2013-10-09 17:24 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2013-10-09 17:19 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2013-10-09 17:19 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll2013-10-09 17:14 - 2013-07-03 12:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys2013-10-09 17:14 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys2013-10-09 17:14 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys2013-10-09 17:09 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2013-10-09 17:09 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2013-10-09 17:09 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2013-10-09 17:09 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2013-10-09 17:09 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2013-10-09 17:09 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2013-10-09 17:09 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2013-10-09 17:04 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll2013-10-09 17:04 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll2013-10-09 17:04 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll2013-10-09 17:04 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll2013-10-09 17:04 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll2013-10-09 17:04 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2013-10-09 17:04 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2013-10-09 17:04 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2013-10-09 17:04 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2013-10-09 17:04 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2013-10-09 17:04 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll2013-10-09 17:04 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll2013-10-09 17:04 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll2013-10-09 17:04 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2013-10-09 17:04 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2013-10-09 17:04 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2013-10-09 16:55 - 2013-09-23 07:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-10-09 16:55 - 2013-09-23 07:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-10-09 16:55 - 2013-09-23 07:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-10-09 16:55 - 2013-09-23 07:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-10-09 16:55 - 2013-09-23 07:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-10-09 16:55 - 2013-09-23 07:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-10-09 16:55 - 2013-09-23 07:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-10-09 16:55 - 2013-09-23 06:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-10-09 16:55 - 2013-09-23 06:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-10-09 16:55 - 2013-09-23 06:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-10-09 16:55 - 2013-09-23 06:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-10-09 16:55 - 2013-09-23 06:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-10-09 16:55 - 2013-09-23 06:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-10-09 16:55 - 2013-09-23 06:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-10-09 16:55 - 2013-09-23 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-10-09 16:55 - 2013-09-21 11:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-10-09 16:55 - 2013-09-21 11:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-10-09 16:55 - 2013-09-21 10:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-10-09 16:55 - 2013-09-21 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-10-08 21:03 - 2013-10-08 21:06 - 23117731 _____ C:\Users\dou dou\Downloads\Brain Music - STUDY FOCUS CONCENTRATE - HELP YOU WORK FAST.m4a2013-10-07 22:22 - 2013-10-07 22:22 - 00066493 _____ C:\Users\dou dou\Downloads\X-RayMod_v043.zip2013-10-06 22:00 - 2013-10-06 22:00 - 00648240 _____ (Unity Technologies ApS) C:\Users\dou dou\Downloads\UnityWebPlayer.exe2013-10-04 17:41 - 2013-10-04 17:41 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\No Company Name2013-10-04 16:22 - 2013-10-04 16:22 - 00491533 _____ C:\Users\dou dou\Downloads\list4.txt2013-10-04 16:14 - 2013-10-04 16:14 - 00000000 ____D C:\Windows\SysWOW64\Storm2013-10-04 16:14 - 2013-09-04 10:51 - 00827728 _____ (Microsoft Corporation) C:\Windows\msvcr100.dll2013-10-04 16:14 - 2013-09-04 10:51 - 00607568 _____ (Microsoft Corporation) C:\Windows\msvcp100.dll2013-10-04 16:13 - 2013-10-04 18:16 - 00003298 _____ C:\Windows\System32\Tasks\SogouImeMgr2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\SysWOW64\nsn64BE.tmp2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\system32\nsn64BF.tmp2013-10-01 18:05 - 2013-10-01 18:05 - 02534110 _____ () C:\Users\dou dou\Downloads\liteloader-installer-1.6.4-00.exe2013-10-01 17:33 - 2013-10-01 17:33 - 00128817 _____ C:\Users\dou dou\Downloads\AutoFishing Mod v1.2.zip2013-09-30 03:14 - 2013-09-30 22:36 - 00000000 ____D C:\Users\dou dou\Desktop\Sci PT2013-09-30 01:32 - 2013-09-30 01:32 - 00000004 _____ C:\Users\dou dou\Downloads\Tense_ThemeBattle_Begins.mp42013-09-30 00:01 - 2013-09-30 00:01 - 00763789 _____ C:\Users\dou dou\Documents\Untitled.wma2013-09-29 19:57 - 2013-09-29 20:02 - 27119770 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).mp42013-09-29 18:14 - 2013-09-29 18:21 - 49831192 _____ C:\Users\dou dou\Downloads\Effects of a nuclear bomb 2013 HD.mp42013-09-29 18:08 - 2013-09-29 18:13 - 39277944 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).flv2013-09-29 18:07 - 2013-09-29 18:07 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\PDAppFlex2013-09-29 14:43 - 2013-09-29 14:48 - 60965342 _____ C:\Users\dou dou\Downloads\AFTER EFFECTS OF THE ATOMIC BOMB ON HIROSHIMA AND NAGASAKI.mp42013-09-28 15:10 - 2013-09-28 15:10 - 00000000 ____D C:\Users\dou dou\Documents\NewBlueFX2013-09-28 15:09 - 2013-09-28 15:09 - 00000000 ____D C:\Users\dou dou\Documents\Adobe2013-09-28 14:54 - 2013-09-28 14:56 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\MOVAVI2013-09-28 14:37 - 2013-09-28 14:43 - 102149720 _____ (Movavi) C:\Users\dou dou\Downloads\MovaviVideoSuiteSetup.exe2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys ==================== One Month Modified Files and Folders ======= 2013-10-24 22:32 - 2013-10-24 22:32 - 01955412 _____ (Farbar) C:\Users\dou dou\Downloads\FRST64.exe2013-10-24 22:32 - 2013-10-24 22:32 - 00000000 ____D C:\FRST2013-10-24 22:32 - 2012-03-25 14:54 - 01393628 _____ C:\Windows\WindowsUpdate.log2013-10-24 21:35 - 2012-09-04 21:47 - 00002338 _____ C:\Users\dou dou\Desktop\Google Chrome.lnk2013-10-24 21:30 - 2013-10-24 21:30 - 00002243 _____ C:\Users\Public\Desktop\BlackShot Launcher.lnk2013-10-24 21:30 - 2013-10-24 21:30 - 00001993 _____ C:\Users\Public\Desktop\BlackShot Garena Plus Launch.lnk2013-10-24 21:30 - 2013-10-24 21:30 - 00001065 _____ C:\Users\Public\Desktop\Garena Plus.lnk2013-10-24 21:29 - 2013-07-09 22:50 - 00002171 _____ C:\Users\dou dou\Desktop\360软件管家.lnk2013-10-24 21:08 - 2013-10-24 21:08 - 00000000 ____D C:\GarenaDownload2013-10-24 21:08 - 2013-07-06 14:50 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_dou dou2013-10-24 21:08 - 2012-04-23 21:55 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\GarenaPlus2013-10-24 21:08 - 2012-04-23 21:52 - 00000000 ____D C:\ProgramData\GarenaMessenger2013-10-24 21:06 - 2009-07-14 12:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-10-24 21:06 - 2009-07-14 12:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-10-24 21:04 - 2009-07-14 13:13 - 00803968 _____ C:\Windows\system32\PerfStringBackup.INI2013-10-24 20:59 - 2012-10-13 21:56 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn Hamachi2013-10-24 20:58 - 2013-10-24 19:45 - 00003878 _____ C:\Windows\PFRO.log2013-10-24 20:58 - 2013-10-24 19:45 - 00000112 _____ C:\Windows\setupact.log2013-10-24 20:58 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-10-24 20:55 - 2013-10-24 19:42 - 00000000 ____D C:\AdwCleaner2013-10-24 20:53 - 2013-10-24 20:53 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner (1).exe2013-10-24 20:51 - 2013-10-24 20:37 - 1448268920 _____ C:\Users\dou dou\Downloads\BlackShot_GarenaPlus_Install_2_187.exe2013-10-24 20:36 - 2013-10-24 20:36 - 02751024 _____ C:\Users\dou dou\Downloads\Blackshot_GarenaPlus_Installer.exe2013-10-24 20:35 - 2013-07-09 22:50 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360Safe2013-10-24 20:31 - 2012-03-31 10:05 - 00000000 ____D C:\Users\dou dou\AppData\Local\CrashDumps2013-10-24 20:05 - 2012-07-24 21:18 - 00000000 ____D C:\Program Files (x86)\Steam2013-10-24 19:46 - 2013-10-24 19:46 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT (1).exe2013-10-24 19:45 - 2013-10-24 19:45 - 06753536 _____ C:\Windows\system32\FNTCACHE.DAT2013-10-24 19:45 - 2013-10-24 19:45 - 00000000 _____ C:\Windows\setuperr.log2013-10-24 19:18 - 2013-10-24 19:18 - 00013937 _____ C:\Users\dou dou\Desktop\JRT.txt2013-10-24 19:04 - 2013-10-24 19:04 - 01060070 _____ C:\Users\dou dou\Downloads\AdwCleaner.exe2013-10-24 19:04 - 2013-10-24 19:04 - 01033335 _____ (Thisisu) C:\Users\dou dou\Downloads\JRT.exe2013-10-24 19:04 - 2013-07-09 22:35 - 00000000 ____D C:\Windows\ERUNT2013-10-24 19:00 - 2013-10-24 19:00 - 00030149 _____ C:\Users\dou dou\Desktop\dds.txt2013-10-24 19:00 - 2013-10-24 19:00 - 00011363 _____ C:\Users\dou dou\Desktop\attach.txt2013-10-24 18:58 - 2013-10-24 18:58 - 00094408 _____ C:\Users\dou dou\AppData\Local\GDIPFONTCACHEV1.DAT2013-10-24 18:56 - 2013-10-24 18:55 - 00000000 __SHD C:\Users\dou dou\AppData\Roaming\360Quarant2013-10-24 18:55 - 2013-10-24 18:55 - 00000000 __SHD C:\$360Section2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 ____R (Swearware) C:\Users\dou dou\Downloads\dds.com2013-10-24 18:53 - 2013-10-24 18:53 - 00688992 _____ (Swearware) C:\Users\dou dou\Downloads\dds (1).com2013-10-24 18:36 - 2013-10-24 18:36 - 00003136 _____ C:\Windows\System32\Tasks\{16C98054-64E8-47BB-B688-6855F9598B54}2013-10-24 18:30 - 2013-10-24 18:30 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\dou dou\Downloads\rkill.exe2013-10-24 18:26 - 2012-07-04 21:04 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Notepad++2013-10-24 18:26 - 2012-03-25 20:39 - 00000000 __RHD C:\MSOCache2013-10-24 18:26 - 2011-02-12 01:00 - 00000000 ____D C:\Windows\Panther2013-10-24 18:25 - 2013-10-24 18:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Expert2013-10-24 18:23 - 2013-10-24 18:23 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-10-24 18:23 - 2013-10-24 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-10-24 18:21 - 2013-10-24 18:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\dou dou\Downloads\mbam-setup-1.75.0.1300.exe2013-10-24 18:18 - 2013-10-24 18:18 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Aiyoyo_45490202013-10-24 17:21 - 2013-10-10 21:20 - 00000000 ____D C:\ProgramData\MFAData2013-10-24 16:18 - 2013-07-02 23:11 - 00000000 ____D C:\Users\dou dou\minecraft2013-10-24 12:58 - 2013-10-24 12:58 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\sfe2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Garena2013-10-24 11:15 - 2013-10-24 11:15 - 00000000 ____D C:\ProgramData\Garena2013-10-22 09:53 - 2012-10-30 21:18 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleFordou dou.job2013-10-21 21:06 - 2013-10-21 21:06 - 39401336 _____ (Apple Inc.) C:\Users\dou dou\Downloads\QuickTimeInstaller.exe2013-10-21 16:12 - 2012-10-30 21:18 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleFordou dou2013-10-21 16:12 - 2012-04-16 21:03 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2013-10-21 16:12 - 2012-03-26 21:05 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2013-10-21 16:11 - 2012-03-26 21:02 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\HP Support Assistant2013-10-21 16:11 - 2012-03-26 20:54 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\HpUpdate2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731.user.js2013-10-20 17:00 - 2013-10-20 17:00 - 00186992 _____ C:\Users\dou dou\Downloads\78731 (1).user.js2013-10-20 16:25 - 2012-10-15 11:14 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Skype2013-10-20 16:08 - 2013-05-31 21:05 - 00035350 _____ C:\Users\dou dou\Documents\keyfile_u2013-10-20 16:08 - 2013-05-31 21:05 - 00000016 _____ C:\Users\dou dou\Documents\keyfile2013-10-19 15:34 - 2012-04-23 21:53 - 00000000 ____D C:\Program Files (x86)\Garena Plus2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software2013-10-19 10:03 - 2013-10-19 10:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software2013-10-19 10:03 - 2013-10-10 21:25 - 00000967 _____ C:\Users\Public\Desktop\AVG 2014.lnk2013-10-17 20:33 - 2013-10-17 20:33 - 00085370 _____ C:\Users\dou dou\Downloads\xliveless-0.999b7.rar2013-10-17 17:55 - 2012-03-25 16:06 - 00000000 ____D C:\Windows\Tasks\360Disabled2013-10-17 15:18 - 2012-05-24 16:34 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-10-17 15:18 - 2012-05-24 16:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-10-17 15:18 - 2011-11-18 15:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-10-13 12:41 - 2013-10-13 12:41 - 01111552 _____ C:\Users\dou dou\Downloads\TerrariViewer.exe2013-10-13 12:28 - 2013-10-13 12:28 - 00000000 ____D C:\ProgramData\RELOADED2013-10-13 12:25 - 2013-10-13 12:24 - 39882755 _____ C:\Users\dou dou\Downloads\terraria 1.2.0.3.1.rar2013-10-13 11:55 - 2013-10-13 11:55 - 00018473 _____ C:\Users\dou dou\Downloads\[rutracker.org].t4141528.torrent2013-10-13 11:54 - 2013-10-13 11:54 - 00012980 _____ C:\Users\dou dou\Downloads\Terraria.1.2.0.3.1.torrent2013-10-13 11:53 - 2013-10-13 11:53 - 00012980 _____ C:\Users\dou dou\Downloads\[kickass.to]terraria.1.2.0.3.1-title=[kickass.to]terraria.1.2.0.3.1.torrent2013-10-13 11:53 - 2013-10-13 11:53 - 00012896 _____ C:\Users\dou dou\Downloads\[isoHunt] 4930299.torrent2013-10-13 00:09 - 2013-10-13 00:09 - 00000406 _____ C:\Users\dou dou\Downloads\proxy.pac2013-10-12 23:50 - 2013-10-12 23:50 - 00001122 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-10-12 23:48 - 2013-10-12 23:48 - 00000000 ____D C:\Users\dou dou\AppData\Local\TNT22013-10-12 23:48 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Resources2013-10-12 23:47 - 2013-10-12 23:47 - 00583584 _____ C:\Users\dou dou\Downloads\hotspotshield-setup.exe2013-10-12 17:52 - 2013-07-09 22:50 - 00000000 _RSHD C:\360SANDBOX2013-10-12 17:01 - 2013-10-10 21:24 - 00000000 ____D C:\Program Files (x86)\AVG2013-10-12 11:50 - 2009-07-14 13:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT2013-10-11 19:08 - 2013-09-21 14:38 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LIMBO2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn2013-10-11 14:28 - 2013-10-11 14:28 - 00000000 ____D C:\ProgramData\LogMeIn2013-10-10 22:37 - 2013-10-10 22:37 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi2013-10-10 22:36 - 2013-03-13 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-10 22:36 - 2013-03-13 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-10-10 21:48 - 2013-10-10 21:31 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}2013-10-10 21:48 - 2012-10-30 21:13 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\hpqLog2013-10-10 21:48 - 2012-10-30 21:12 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}2013-10-10 21:48 - 2012-08-22 21:40 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2013-10-10 21:48 - 2012-04-01 17:26 - 00000000 ____D C:\Users\dou dou\AppData\Local\Microsoft Help2013-10-10 21:48 - 2011-11-18 15:44 - 00000000 __HDC C:\ProgramData\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18}2013-10-10 21:39 - 2013-10-10 21:39 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria2013-10-10 21:39 - 2013-05-11 23:23 - 00000000 ____D C:\Games2013-10-10 21:37 - 2013-10-10 21:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\Avg20142013-10-10 21:34 - 2013-09-21 14:38 - 00000000 ____D C:\Program Files (x86)\LIMBO2013-10-10 21:34 - 2013-06-10 22:15 - 00000000 ____D C:\Program Files (x86)\Sketchpad52013-10-10 21:33 - 2013-10-10 21:31 - 00000000 ____D C:\ProgramData\AVG2013-10-10 21:32 - 2013-10-10 21:32 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG2013-10-10 21:31 - 2013-10-10 21:30 - 78411688 _____ (AVG) C:\Users\dou dou\Downloads\avg_tuh_stf_all_2014_174_24c28.exe2013-10-10 21:25 - 2013-10-10 21:25 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\TuneUp Software2013-10-10 21:25 - 2013-10-10 21:25 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\AVG20142013-10-10 21:25 - 2013-10-10 21:24 - 00000000 ____D C:\ProgramData\AVG20142013-10-10 21:24 - 2013-10-10 21:24 - 00000000 ___HD C:\$AVG2013-10-10 21:20 - 2013-10-10 21:20 - 04425448 _____ (AVG Technologies) C:\Users\dou dou\Downloads\avg_free_stb_all_2014_4116_cnet.exe2013-10-10 21:20 - 2013-10-10 21:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\MFAData2013-10-10 21:11 - 2013-10-10 21:11 - 00485905 _____ C:\Users\dou dou\Desktop\terraria-server.zip2013-10-10 08:02 - 2013-10-13 12:26 - 00000000 ____D C:\Users\dou dou\Desktop\Terrariacrack2013-10-09 22:02 - 2013-07-13 22:16 - 00000000 ____D C:\Windows\system32\MRT2013-10-09 22:00 - 2012-03-29 23:16 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-10-09 17:01 - 2011-02-12 01:15 - 00789436 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2013-10-08 21:50 - 2012-03-29 19:35 - 00000000 ____D C:\Users\dou dou\AppData\Local\Apple Computer2013-10-08 21:06 - 2013-10-08 21:03 - 23117731 _____ C:\Users\dou dou\Downloads\Brain Music - STUDY FOCUS CONCENTRATE - HELP YOU WORK FAST.m4a2013-10-08 18:42 - 2013-07-09 22:50 - 00227000 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys2013-10-08 16:00 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF2013-10-07 22:22 - 2013-10-07 22:22 - 00066493 _____ C:\Users\dou dou\Downloads\X-RayMod_v043.zip2013-10-06 22:00 - 2013-10-06 22:00 - 00648240 _____ (Unity Technologies ApS) C:\Users\dou dou\Downloads\UnityWebPlayer.exe2013-10-06 22:00 - 2012-09-04 22:27 - 00000000 ____D C:\Users\dou dou\AppData\Local\Unity2013-10-04 20:56 - 2012-03-25 16:03 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Adobe2013-10-04 18:16 - 2013-10-04 16:13 - 00003298 _____ C:\Windows\System32\Tasks\SogouImeMgr2013-10-04 17:42 - 2011-11-18 15:53 - 00000000 ____D C:\Program Files (x86)\Adobe2013-10-04 17:41 - 2013-10-04 17:41 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\No Company Name2013-10-04 17:40 - 2012-09-02 13:03 - 00000000 ____D C:\Program Files\Adobe2013-10-04 16:22 - 2013-10-04 16:22 - 00491533 _____ C:\Users\dou dou\Downloads\list4.txt2013-10-04 16:17 - 2012-05-20 10:52 - 00000000 ____D C:\Program Files (x86)\Baofeng2013-10-04 16:14 - 2013-10-04 16:14 - 00000000 ____D C:\Windows\SysWOW64\Storm2013-10-04 16:14 - 2013-08-11 12:54 - 00002152 _____ C:\Users\Public\Desktop\暴风影视库.lnk2013-10-04 16:14 - 2013-05-30 18:51 - 00000000 ____D C:\Users\dou dou\Documents\暴风影视库2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\SysWOW64\nsn64BE.tmp2013-10-04 16:13 - 2013-10-04 16:13 - 00000000 _____ C:\Windows\system32\nsn64BF.tmp2013-10-04 16:13 - 2013-07-10 21:05 - 00000000 ____D C:\Thunder2013-10-04 16:13 - 2013-05-31 21:05 - 00000000 ___RD C:\Program Files (x86)\skype2013-10-04 16:12 - 2013-01-01 11:12 - 00000204 _____ C:\22.log2013-10-04 16:12 - 2011-11-18 15:44 - 00000000 ____D C:\ProgramData\Skype2013-10-03 20:41 - 2013-07-08 22:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-10-03 20:41 - 2012-08-19 13:20 - 00000000 ____D C:\Users\dou dou\AppData\Local\Mozilla2013-10-01 18:05 - 2013-10-01 18:05 - 02534110 _____ () C:\Users\dou dou\Downloads\liteloader-installer-1.6.4-00.exe2013-10-01 17:33 - 2013-10-01 17:33 - 00128817 _____ C:\Users\dou dou\Downloads\AutoFishing Mod v1.2.zip2013-09-30 22:36 - 2013-09-30 03:14 - 00000000 ____D C:\Users\dou dou\Desktop\Sci PT2013-09-30 19:26 - 2012-04-13 19:31 - 00000000 ____D C:\Users\dou dou\AppData\Local\Windows Live2013-09-30 01:32 - 2013-09-30 01:32 - 00000004 _____ C:\Users\dou dou\Downloads\Tense_ThemeBattle_Begins.mp42013-09-30 00:01 - 2013-09-30 00:01 - 00763789 _____ C:\Users\dou dou\Documents\Untitled.wma2013-09-29 20:02 - 2013-09-29 19:57 - 27119770 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).mp42013-09-29 19:54 - 2012-06-02 21:05 - 00000915 _____ C:\Users\dou dou\AppData\Roaming\coreavc.ini2013-09-29 18:21 - 2013-09-29 18:14 - 49831192 _____ C:\Users\dou dou\Downloads\Effects of a nuclear bomb 2013 HD.mp42013-09-29 18:13 - 2013-09-29 18:08 - 39277944 _____ C:\Users\dou dou\Downloads\Hiroshima Nuclear (atomic) Bomb - USA attack on Japan (1945).flv2013-09-29 18:07 - 2013-09-29 18:07 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\PDAppFlex2013-09-29 18:07 - 2012-06-27 18:38 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe2013-09-29 14:48 - 2013-09-29 14:43 - 60965342 _____ C:\Users\dou dou\Downloads\AFTER EFFECTS OF THE ATOMIC BOMB ON HIROSHIMA AND NAGASAKI.mp42013-09-28 15:10 - 2013-09-28 15:10 - 00000000 ____D C:\Users\dou dou\Documents\NewBlueFX2013-09-28 15:10 - 2012-05-12 13:18 - 00000000 ____D C:\ProgramData\Adobe2013-09-28 15:09 - 2013-09-28 15:09 - 00000000 ____D C:\Users\dou dou\Documents\Adobe2013-09-28 14:56 - 2013-09-28 14:54 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\MOVAVI2013-09-28 14:56 - 2013-08-14 18:45 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\DivX2013-09-28 14:55 - 2012-06-27 18:34 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-09-28 14:43 - 2013-09-28 14:37 - 102149720 _____ (Movavi) C:\Users\dou dou\Downloads\MovaviVideoSuiteSetup.exe2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys Some content of TEMP:====================C:\Users\dou dou\AppData\Local\Temp\Quarantine.exeC:\Users\dou dou\AppData\Local\Temp\update_2_188.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 16:41 ==================== End Of Log ============================
  5. I have tried disabling all the plugins but I am still redirected to delta-search.com whenever I search anything in the omnibox. No search engine is found beside the google.com engine. Chrome is up to date. Any idea why this still occurs? Thank you in advance!
  6. Hi. This is what I see whenever I try to search something.
  7. Thanks for the prompt reply! Here is the logs for Adwcleaner. # AdwCleaner v3.010 - Report created 24/10/2013 at 19:43:22# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : dou dou - DOUDOU-HP# Running from : C:\Users\dou dou\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法\皮肤小盒子.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\dou dou\AppData\Roaming\Mozilla\Firefox\Profiles\h2de69z9.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1166 octets] - [24/10/2013 19:42:37]AdwCleaner[s0].txt - [988 octets] - [24/10/2013 19:43:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1047 octets] ########## Here is the logs for the MABM scan. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.10.24.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721dou dou :: DOUDOU-HP [limited] 2013/10/24 21:11:50mbam-log-2013-10-24 (21-11-50).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 236072Time elapsed: 4 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 2C:\Program Files (x86)\360\360safe\360LeakFixPlugin.dll (Trojan.Agent) -> Delete on reboot.C:\Program Files (x86)\360\360safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 2C:\Program Files (x86)\360\360safe\360LeakFixPlugin.dll (Trojan.Agent) -> Delete on reboot.C:\Program Files (x86)\360\360safe\safemon\BootLeakFixer.tpi (Trojan.Agent) -> Delete on reboot. (end) Thank you!
  8. Hi. I have noticed that my search engine that was defaulted to google was been replaced as to a certain "delta-search.com". I have tried using Malwarebytes to resolve the problem but to no avail. Please find attached logs for DDS. Any help will be greatly appreciated. Thank you. attach.txt JRT.txt dds.txt
  9. Thank you very much for your help!! Have a nice day! Regards, Wenyi
  10. Here is the SecurityCheck logs. Thanks again! Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 21 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (22.0) Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 9% ````````````````````End of Log``````````````````````
  11. Hi! Here is the Adwcleaner logs. Thank you for all your help! # AdwCleaner v2.304 - Logfile created 07/09/2013 at 20:05:50# Updated 03/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : dou dou - DOUDOU-HP# Boot Mode : Normal# Running from : C:\Users\dou dou\Downloads\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\BabylonFolder Deleted : C:\Program Files\BabylonFolder Deleted : C:\ProgramData\APNFolder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\ProgramData\InstallMateFolder Deleted : C:\ProgramData\PremiumFolder Deleted : C:\Users\dou dou\AppData\Local\PackageAware ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\TutorialsKey Deleted : HKCU\Software\TutoTagKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLLKey Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCSKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMKey Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\dou dou\AppData\Roaming\Mozilla\Firefox\Profiles\h2de69z9.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.94 File : C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3115 octets] - [09/07/2013 20:05:50] ########## EOF - C:\AdwCleaner[s1].txt - [3175 octets] ##########
  12. Hi. I have finished the scan. Here are the logs. Thank you for all your help! C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B applicationC:\Qoobox\Quarantine\C\Users\dou dou\AppData\Roaming\Allmyapps\install\206746.exe.vir Win32/OpenCandy applicationC:\Qoobox\Quarantine\D\360Downloads\Daemon_Tools_4.46.1.327.exe.vir Win32/OpenCandy applicationC:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B applicationC:\Users\dou dou\Desktop\download\jhhb.exe Win32/BaiduSearch applicationC:\Users\dou dou\Downloads\X-Ray-Mod-Fly-Installer-1.6.1.exe MSIL/Solimba.U application
  13. Hi. Here is the logs for the rougekiller. I have actually installed the sogouinput myself. Do I still need to remove it? RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : dou dou [Admin rights]Mode : Remove -- Date : 07/08/2013 17:25:56| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31000524AS +++++--- User ---[MBR] 7c8d92f9516dd8de55c8a716181ef9fe[bSP] d8b81577af8db3df6caa698766db08b7 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 933935 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1912905728 | Size: 19832 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] e64c63d12f65fa8a680c959b994254a0[bSP] 8f916bd443e527a6d9b51580760f9cb8 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo Finished : << RKreport[0]_D_07082013_172556.txt >>RKreport[0]_D_07082013_172433.txt;RKreport[0]_S_07082013_170447.txt;RKreport[0]_S_07082013_172548.txt
  14. New OTL logs, thanks again! OTL logfile created on: 2013/7/8 17:09:15 - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dou dou\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy/M/d 7.98 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 69.02% Memory free15.96 Gb Paging File | 13.03 Gb Available in Paging File | 81.66% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 912.05 Gb Total Space | 566.19 Gb Free Space | 62.08% Space Free | Partition Type: NTFSDrive D: | 19.37 Gb Total Space | 2.24 Gb Free Space | 11.58% Space Free | Partition Type: NTFS Computer Name: DOUDOU-HP | User Name: dou dou | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/06 21:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dou dou\Downloads\OTL.exePRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exePRC - [2013/05/28 16:07:20 | 000,260,208 | ---- | M] (Sogou.com Inc.) -- D:\Program Files\SogouInput\SogouExe\SogouExe.exePRC - [2013/05/27 12:30:16 | 005,715,568 | ---- | M] (Sogou.com Inc.) -- D:\Program Files\SogouInput\6.7.0.0163\SGTool.exePRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\dou dou\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/08/29 18:08:46 | 000,577,400 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exePRC - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exePRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exePRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exePRC - [2011/09/16 05:36:28 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exePRC - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exePRC - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exePRC - [2011/08/17 06:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exePRC - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exePRC - [2011/03/26 09:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exePRC - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exePRC - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2008/11/21 02:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013/06/19 11:39:03 | 001,903,920 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dllMOD - [2013/06/14 23:25:35 | 013,140,872 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dllMOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dllMOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dllMOD - [2013/05/23 13:43:06 | 000,599,504 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dllMOD - [2013/05/23 13:43:05 | 000,124,368 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dllMOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dllMOD - [2013/05/15 12:27:35 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\271ef233b83ada113cfea94ecbcff020\System.IdentityModel.ni.dllMOD - [2013/05/15 12:27:34 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dcfb28a7d4951481319eaa4e3353d2b5\System.ServiceModel.ni.dllMOD - [2013/05/15 12:26:38 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0303c10ed5a18fad23197179dad69829\ReachFramework.ni.dllMOD - [2013/05/15 12:26:31 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ad4e3fd4f3bc61f9255b89853f9517d0\System.Runtime.DurableInstancing.ni.dllMOD - [2013/05/15 12:26:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\acb98d54c594f4736ac2d97c84db2bb4\System.Runtime.Serialization.ni.dllMOD - [2013/05/15 10:35:21 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\982e2b96175ba7ec1ed584f81b362aca\PresentationCore.ni.dllMOD - [2013/05/15 10:35:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a07737b92dff00eadb852a3fe654676\System.Windows.Forms.ni.dllMOD - [2013/05/15 10:35:14 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7622c8820556cde07c1948f3f48e83df\System.Core.ni.dllMOD - [2013/05/15 10:35:13 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\77aaf9593f460b4c6c72a2915c833161\WindowsBase.ni.dllMOD - [2013/05/15 10:35:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\739dab9e00d22ebf960776ead08c8e73\System.Configuration.ni.dllMOD - [2013/04/20 06:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dllMOD - [2013/01/11 20:10:33 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fce2acd42e271e44ef1c29ecfe03b030\SMDiagnostics.ni.dllMOD - [2013/01/09 17:19:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cd38ddfac4535d1fc8b285244cfe2350\System.Xml.ni.dllMOD - [2013/01/09 17:19:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d67ab5fb461b6917c67d587eca870c44\System.Drawing.ni.dllMOD - [2013/01/09 17:18:59 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e19f70f3c84abc64e1f1b7e76333a372\System.ni.dllMOD - [2013/01/09 17:18:55 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f86110621e29c00e2db8f462781529fe\mscorlib.ni.dllMOD - [2012/12/12 13:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllMOD - [2012/10/05 18:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dllMOD - [2012/10/05 18:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllMOD - [2012/08/31 18:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dllMOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/02/16 03:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dllMOD - [2010/11/21 11:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dllMOD - [2010/11/21 11:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dllMOD - [2009/06/11 05:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/11/05 20:44:31 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2012/11/05 20:44:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV:64bit: - [2011/03/26 09:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2010/10/11 18:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)SRV - [2013/06/17 20:13:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/06/07 06:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/05/08 09:28:54 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/03/20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)SRV - [2013/01/10 10:49:48 | 000,202,048 | ---- | M] (Just Orange) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN\Service\wlcommsvc.exe -- (wlcommsvc)SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)SRV - [2012/08/29 18:08:00 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)SRV - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)SRV - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)SRV - [2011/08/13 01:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)SRV - [2011/03/08 07:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)SRV - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/11/21 11:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/24 21:27:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/11/05 20:44:32 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/11/18 16:02:08 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)DRV:64bit: - [2011/11/18 15:25:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/11/18 15:25:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)DRV:64bit: - [2011/09/30 11:07:08 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/09/27 06:31:10 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)DRV:64bit: - [2011/09/09 09:02:24 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)DRV:64bit: - [2011/08/24 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/06/24 05:48:22 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)DRV:64bit: - [2011/06/24 05:48:18 | 000,016,152 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)DRV:64bit: - [2011/06/24 05:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)DRV:64bit: - [2011/05/05 08:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2011/03/26 10:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)DRV:64bit: - [2011/03/26 10:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2011/03/26 10:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2011/03/26 10:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2011/03/26 10:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/21 11:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/11 12:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)DRV:64bit: - [2010/10/20 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)DRV:64bit: - [2010/07/13 20:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)DRV:64bit: - [2010/03/23 11:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV - [2012/08/29 18:08:28 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFIE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFIE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\dou dou\DownloadsIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_1CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dllCHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dllCHR - plugin: 360\u7F51\u76FE (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLCHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dllCHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Google Update (Enabled) = C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: XunLei Plugin (Enabled) = D:\Thunder Network\data\npxunlei1.0.0.1.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: Google Drive = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: AdBlock = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\CHR - Extension: Skip video ads on Youtube = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanobjfgoogmilhpmlciifoaflmojigf\0.1.1_0\CHR - Extension: Battlefield Play4Free = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\CHR - Extension: Gmail = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/07/05 23:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)O4 - HKLM..\Run: [systray] C:\Windows\SysWOW64\systray.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.50O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053F7BFD-2D08-4426-8F68-504CBC8B65D3}: DhcpNameServer = 192.168.0.50O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not foundO18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/08 17:03:29 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\RK_Quarantine[2013/07/08 16:59:04 | 000,000,000 | ---D | C] -- C:\_OTL[2013/07/08 11:53:45 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\PowerCinema[2013/07/07 11:27:49 | 000,000,000 | --SD | C] -- C:\kankan[2013/07/07 11:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法[2013/07/06 14:51:51 | 005,635,016 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi[2013/07/06 14:26:15 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp90.dll[2013/07/06 14:26:14 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr90.dll[2013/07/06 14:26:13 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl90.dll[2013/07/06 12:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2013/07/05 23:21:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/07/05 23:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/07/05 11:17:07 | 000,000,000 | ---D | C] -- C:\FRST[2013/07/03 20:29:42 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe[2013/07/02 23:11:49 | 000,000,000 | ---D | C] -- C:\Users\dou dou\minecraft[2013/07/02 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Malwarebytes[2013/07/02 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/07/02 23:09:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/07/02 23:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/07/02 22:34:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/07/02 22:34:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/07/02 22:34:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/07/02 22:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/07/02 22:30:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/07/02 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264 Video Codec[2013/07/01 22:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache[2013/06/27 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oxeye Games[2013/06/20 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\Rockstar Games[2013/06/20 09:51:04 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\Rockstar Games[2013/06/19 09:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arab-GB[2013/06/17 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA4[2013/06/15 22:00:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/15 22:00:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/13 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\National Geographic and other Educational Books[2013/06/13 09:14:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/06/13 09:14:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/06/13 09:14:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/06/13 09:11:46 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/06/13 09:11:46 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/06/12 09:30:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/06/12 09:30:14 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/06/12 09:28:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/06/12 09:28:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/06/12 09:28:06 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/06/12 09:27:58 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/06/12 09:27:58 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/06/12 09:27:58 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe[2013/06/12 09:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/06/12 09:23:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/06/12 09:23:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/06/12 09:23:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/06/12 09:23:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/06/12 09:23:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/06/12 09:23:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/06/12 09:23:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/06/12 09:23:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/06/12 09:23:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/06/12 09:23:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/06/12 09:23:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/06/12 09:23:00 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/06/11 12:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\APN[2013/06/10 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sketchpad5[2013/06/10 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\CompleteNatGeo[2013/06/10 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1[2013/06/09 20:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Geographic[2013/06/09 20:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Geographic[2013/06/09 20:44:05 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\download[2013/06/09 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Bitcoin[2013/06/08 23:08:17 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Armory[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/08 17:08:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/08 17:08:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/08 17:01:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordou dou.job[2013/07/08 17:00:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/08 17:00:46 | 2132,000,767 | -HS- | M] () -- C:\hiberfil.sys[2013/07/08 17:00:14 | 4086,894,591 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td[2013/07/08 17:00:14 | 4085,682,175 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td[2013/07/08 17:00:14 | 3824,881,663 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td[2013/07/08 14:31:38 | 001,630,666 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg[2013/07/08 11:53:13 | 000,144,045 | ---- | M] () -- C:\Users\dou dou\Desktop\full ishow screen.gif[2013/07/08 11:49:58 | 000,797,935 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg[2013/07/08 09:48:03 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2013/07/07 20:01:49 | 4113,305,599 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td[2013/07/07 20:01:49 | 3236,171,776 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td[2013/07/07 20:01:49 | 2919,178,240 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td[2013/07/07 20:01:49 | 000,258,423 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg[2013/07/07 20:01:49 | 000,145,730 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg[2013/07/07 20:01:49 | 000,111,049 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg[2013/07/07 20:01:48 | 001,811,459 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg[2013/07/07 17:46:55 | 000,035,350 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile_u[2013/07/07 17:46:50 | 000,000,016 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile[2013/07/06 16:36:16 | 000,008,017 | ---- | M] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip[2013/07/05 23:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/07/05 21:15:22 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\config.properties[2013/07/03 21:11:42 | 000,726,439 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg[2013/07/02 23:09:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/02 22:18:49 | 4103,639,039 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td[2013/06/27 17:29:27 | 000,000,915 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini[2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des[2013/06/25 07:45:13 | 000,005,588 | ---- | M] () -- C:\Windows\SysWow64\nppt9x.vxd[2013/06/18 09:26:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/06/17 20:13:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/06/17 20:13:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/06/17 17:44:34 | 000,803,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/06/17 17:44:34 | 000,668,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/06/17 17:44:34 | 000,128,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/06/11 16:44:53 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue[2013/06/11 10:27:25 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue[2013/06/11 10:27:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue[2013/06/11 10:15:39 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue[2013/06/10 22:33:28 | 000,001,536 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat[2013/06/10 22:15:24 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\几何画板.lnk[2013/06/10 22:01:00 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue[2013/06/10 21:50:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue[2013/06/10 18:17:58 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue[2013/06/10 11:56:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat[2013/06/10 09:02:48 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue[2013/06/09 20:49:56 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk[2013/06/09 20:30:22 | 119,554,637 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air[2013/06/08 22:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/08 19:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/08 11:53:11 | 000,144,045 | ---- | C] () -- C:\Users\dou dou\Desktop\full ishow screen.gif[2013/07/06 16:36:16 | 000,008,017 | ---- | C] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip[2013/07/06 14:51:43 | 000,005,588 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd[2013/07/05 21:14:46 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\config.properties[2013/07/02 23:09:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/02 22:34:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/07/02 22:34:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/07/02 22:34:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/07/02 22:34:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/07/02 22:34:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/06/12 18:32:23 | 3236,171,776 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td[2013/06/12 18:32:23 | 000,145,730 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg[2013/06/11 16:44:53 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue[2013/06/11 10:27:25 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue[2013/06/11 10:27:16 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue[2013/06/11 10:15:39 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue[2013/06/10 22:33:28 | 000,001,536 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat[2013/06/10 22:15:24 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\几何画板.lnk[2013/06/10 22:01:00 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue[2013/06/10 18:17:57 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue[2013/06/10 11:56:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat[2013/06/10 09:02:48 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue[2013/06/10 08:36:29 | 3824,881,663 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td[2013/06/10 08:36:29 | 001,630,666 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg[2013/06/10 08:34:14 | 2919,178,240 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td[2013/06/10 08:34:14 | 000,111,049 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg[2013/06/09 20:50:24 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue[2013/06/09 20:49:56 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk[2013/06/09 20:44:21 | 4086,894,591 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td[2013/06/09 20:40:05 | 4085,682,175 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td[2013/06/09 20:39:50 | 000,797,935 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg[2013/06/09 20:35:55 | 4103,639,039 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td[2013/06/09 20:33:56 | 001,811,459 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg[2013/06/09 20:32:10 | 000,726,439 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg[2013/06/09 20:32:07 | 4113,305,599 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td[2013/06/09 20:32:07 | 000,258,423 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg[2013/06/09 20:28:58 | 119,554,637 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air[2013/01/17 19:38:35 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe[2013/01/17 18:47:37 | 000,000,600 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\winscp.rnd[2013/01/16 21:11:13 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2013/01/16 21:11:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/09/09 15:02:34 | 000,110,223 | ---- | C] () -- C:\Users\dou dou\final_bstSnapshot_36619.jpg[2012/07/06 19:46:58 | 000,000,548 | ---- | C] () -- C:\Users\dou dou\test.trace.db[2012/07/06 19:46:27 | 000,026,624 | ---- | C] () -- C:\Users\dou dou\test.h2.db[2012/07/06 19:46:27 | 000,000,188 | ---- | C] () -- C:\Users\dou dou\.h2.server.properties[2012/06/29 20:20:18 | 000,007,600 | ---- | C] () -- C:\Users\dou dou\AppData\Local\Resmon.ResmonCfg[2012/06/02 21:05:06 | 000,000,915 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini[2012/05/28 22:41:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2012/04/07 23:04:40 | 000,000,070 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.ini[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbt[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbs[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbp[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbm[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbj[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbe[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbc[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbg[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cba[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cit[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cib[2012/04/04 18:52:37 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat[2012/03/25 17:09:53 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2011/09/07 04:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ==========(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\èú?á1áí¨) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÈÚ»á¹áͨ(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±?·?ó°ò?5) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±©·çÓ°Òô5(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??à×èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ѸÀ×Èí¼þ < End of report >
  15. Roguekiller 64bits logs: RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : dou dou [Admin rights]Mode : Scan -- Date : 07/08/2013 17:04:47| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] AllmyappsUpdateTask : c:\users\dou - dou\appdata\roaming\allmyapps\allmyappsupdater.exe check startup [x][x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31000524AS +++++--- User ---[MBR] 7c8d92f9516dd8de55c8a716181ef9fe[bSP] d8b81577af8db3df6caa698766db08b7 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 933935 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1912905728 | Size: 19832 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] e64c63d12f65fa8a680c959b994254a0[bSP] 8f916bd443e527a6d9b51580760f9cb8 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo Finished : << RKreport[0]_S_07082013_170447.txt >>
  16. Here is the logs after the fix finished: ========== OTL ==========64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\ not found.Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@360.cn/npnpsosalbum;version=1.0\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdyy\ deleted successfully.C:\Program Files (x86)\Baidu\BaiduPlayer folder moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@xunlei.com/DapCtrl\ deleted successfully.C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(14).dll moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@xunlei.com/npxluser\ deleted successfully.C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2\ deleted successfully.C:\Program Files (x86)\Thunder Network\Thunder\XMPInstaller folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\XLApp\XLVipBox folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\XLApp\SpeedTestApp folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\XLApp\LanSpeedViewerApp folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\XLApp\InitGuideApp folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\XLApp folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\tp\download_profiles folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\tp folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Thunder\Xar\ThunderApp folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Thunder\Xar folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Thunder folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\XmpIcon folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\xar\ThunderExternal\res folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\xar\ThunderExternal folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\xar folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Program\SpeedHistory scheduled to be moved on reboot.C:\Program Files (x86)\Thunder Network\Thunder\Program\profiles folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\icon folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\DesktopSkin folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Program scheduled to be moved on reboot.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\XLGameBox folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Torrents folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\TipsAddin folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\ThunderSearch folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Offline folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\InMedia folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\GameMode folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\FlowMonitorAddin folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Emule scheduled to be moved on reboot.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\XMLPaint folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\VipAssistant folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\UserImages folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\Achievements folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Profiles scheduled to be moved on reboot.C:\Program Files (x86)\Thunder Network\Thunder\NetMon folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\PreDownload folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush scheduled to be moved on reboot.C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderDownloader folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\Online folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\yellow folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\violet folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\red folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\pink folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\green folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\gray folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\flash folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\cyan folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\blue folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\autoskin\default folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\autoskin folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\skin folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\SenceTipAddin folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\MainWndTabItem folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\AppCollection\Image folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\AppCollection folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Data scheduled to be moved on reboot.C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\BHO\image\waiting folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\BHO\image folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\BHO\Firefox\components folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\BHO\Firefox\chrome folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\BHO\Firefox folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\BHO folder moved successfully.Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder scheduled to be moved on reboot.Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@360.cn/360MMPlugin\ deleted successfully.Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@xunlei.com/npxluser\ deleted successfully.File C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll not found.Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2\ deleted successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll moved successfully.File C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dll not found.File C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dll not found.File D:\Thunder Network\data\npxunlei1.0.0.1.dll not found.C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\_locales\zh_TW folder moved successfully.C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\_locales\zh_CN folder moved successfully.C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\_locales folder moved successfully.C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\js folder moved successfully.C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\images folder moved successfully.C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0 folder moved successfully.64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ deleted successfully.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.5.4480.dll not found.64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20E1725C-7237-41A9-954A-04DCCB1FD16C}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1725C-7237-41A9-954A-04DCCB1FD16C}\ deleted successfully.C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.5.4480.dll not found.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}\ deleted successfully.File C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll not found.Registry value HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.Registry value HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Thunder deleted successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe moved successfully.Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ\ deleted successfully.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\ deleted successfully.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm not found.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\ deleted successfully.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm not found.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\ deleted successfully.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm not found.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&迅雷下载到手机\ deleted successfully.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...\ deleted successfully.c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm moved successfully.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷看看播放器播放\ deleted successfully.C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm moved successfully.64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加当前页到迅雷看看播放器标签\ deleted successfully.C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm moved successfully.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ\ not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\ not found.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\ not found.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\ not found.File C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&迅雷下载到手机\ not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷看看播放器播放\ not found.File C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm not found.Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加当前页到迅雷看看播放器标签\ not found.File C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14c1d00e-0b92-4379-880b-444fa2d740dd}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c1d00e-0b92-4379-880b-444fa2d740dd}\ not found.C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm moved successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{24c1d00e-0b92-4379-880b-444fa2d740dd}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c1d00e-0b92-4379-880b-444fa2d740dd}\ not found.C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm moved successfully.Registry value HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA6A295E-9AA0-47EC-A24C-B96F1DD0C4CF}\\DhcpNameServer| /E : value set successfully!C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk moved successfully.C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk moved successfully.File C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk not found.File C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk not found.========== FILES ==========C:\Program Files (x86)\Common Files\Thunder Network\xldqvideo\pusher folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\xldqvideo folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\UserAgent folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111\LiveUpdateLanguage folder moved successfully.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111 scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1 scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP scheduled to be moved on reboot.C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\ServiceLoadModule folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\ServiceDlls folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Pusher\XLUE folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Pusher folder moved successfully.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\Kankan scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network scheduled to be moved on reboot.C:\迅雷下载\Despicable.Me.2010.[2.8GB].[bDRip].[1920x1080p].[H.264].5.1CH-AAC-[HolyShitHD] folder moved successfully.C:\迅雷下载 folder moved successfully.File\Folder 载 not found.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderXMPAds\com folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderXMPAds\code folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderXMPAds folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderProfile\com folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderProfile folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderDownload\com folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderDownload\code folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderDownload folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform folder moved successfully.C:\Users\dou dou\AppData\Local\Thunder Network folder moved successfully.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111 scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1 scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\Kankan scheduled to be moved on reboot.Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network scheduled to be moved on reboot.C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360电脑专家优化工具 folder moved successfully.File\Folder 化工具 not found.C:\Windows\xinstaller.exe moved successfully.C:\Windows\xinstaller.dll moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdown\侠盗猎车4 folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdown folder moved successfully.C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdown\侠盗猎车4 folder moved successfully.C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdown folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\网站支持 folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\画板教程 folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\画板实例 folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\主程序 folder moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版 folder moved successfully.File\Folder 中文版 not found.C:\Windows\System\jhhb5.ocx moved successfully.C:\Users\dou dou\Desktop\迅雷7.lnk moved successfully.C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk moved successfully.File\Folder C:\Users\dou dou\Desktop\360软件管家.lnk not found.File\Folder nk not found.========== SERVICES/DRIVERS ==========Service XLServicePlatform stopped successfully!Service XLServicePlatform deleted successfully! OTL by OldTimer - Version 3.2.69.0 log created on 07082013_165904 Files\Folders moved on Reboot...C:\Program Files (x86)\Thunder Network\Thunder\Program\SpeedHistory folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Program folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Emule folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Profiles folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder\Data folder moved successfully.C:\Program Files (x86)\Thunder Network\Thunder folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111 folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1 folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\TP folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network\Kankan folder moved successfully.C:\Program Files (x86)\Common Files\Thunder Network folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Still doing the other steps Thanks alot!
  17. Also, I have discovered that Internet Explorer does not do anything when I attempt to switch to a website by typing in the name in the search bar. Thanks alot for your help!
  18. Extras.txt OTL Extras logfile created on: 2013/7/6 21:24:51 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dou dou\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy/M/d 7.98 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 61.24% Memory free15.96 Gb Paging File | 12.31 Gb Available in Paging File | 77.15% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 912.05 Gb Total Space | 568.30 Gb Free Space | 62.31% Space Free | Partition Type: NTFSDrive D: | 19.37 Gb Total Space | 2.24 Gb Free Space | 11.58% Space Free | Partition Type: NTFS Computer Name: DOUDOU-HP | User Name: dou dou | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0B854114-F271-4DD6-B848-980884AB609E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1523F561-5E70-45EB-9AD8-07886DC33D42}" = lport=25565 | protocol=6 | dir=in | name=minecraft | "{169FA98F-5F36-41A2-B1BB-8FD58A9BA3FC}" = lport=10243 | protocol=6 | dir=in | app=system | "{24CEEEFA-D2F4-4669-919D-A134C5C6502D}" = lport=138 | protocol=17 | dir=in | app=system | "{2A945D2F-2541-483A-A43B-D4B74A5F9B02}" = lport=139 | protocol=6 | dir=in | app=system | "{2F7D08A8-331F-4AFD-80B2-9BDE1E562BDB}" = rport=10243 | protocol=6 | dir=out | app=system | "{3C74A485-3DCE-429B-926C-10BFD6DE20CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{41205E5F-C891-4D8A-8A3E-5F2AD8602722}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{41B07F42-785A-4858-8732-4A72A8D9DEA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4FBF9C84-CD3F-43DC-9B80-A224B9332D40}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) | "{5B020B00-EC03-4EEB-9E2D-D623061ADF54}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{61601088-7D66-469B-AAEC-C18198EC1D8A}" = rport=139 | protocol=6 | dir=out | app=system | "{67DC18A4-7C37-44F6-AB19-6D77E50FBAAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7532EE77-E712-412D-A772-967F903337E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{761D7355-DF33-4DC5-BCDE-045381BDAD81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B076082-C12E-4C12-9243-658BD1F686D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8E8703D7-C7F9-4947-88A7-A2FAAFE4DD9D}" = rport=138 | protocol=17 | dir=out | app=system | "{8F0058E7-46D0-490D-A52D-CA0501625C24}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8F6079E7-90D7-410E-9523-DF184AE10218}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{B4D14B0C-BF93-4A3A-B3EE-82A4658B0866}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BFCF566F-2818-4238-BF15-16088BFC0483}" = lport=2869 | protocol=6 | dir=in | app=system | "{C58D780C-AF1E-4A5E-8CD0-474818DED999}" = lport=445 | protocol=6 | dir=in | app=system | "{C70046B4-B493-44CE-A774-EEA54CA6B7D1}" = lport=137 | protocol=17 | dir=in | app=system | "{CDB76474-BFE7-45D0-9DE8-D0A2B8492758}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) | "{D754D409-B397-417C-A9C4-085EB349DA94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DB29301A-DAEF-43E8-9269-C796ED5386CD}" = rport=445 | protocol=6 | dir=out | app=system | "{F34E72AE-2F80-4B3D-9D23-6CBE9CD098F3}" = rport=137 | protocol=17 | dir=out | app=system | "{FFC53F45-0260-40D1-A8CC-6C1BB3CC8DD7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{011E86B0-A185-42C6-9F72-11AB69BC927C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe | "{02C3E789-999D-49A7-8D7D-5E22A564AAF1}" = protocol=17 | dir=in | app=c:\users\dou dou\appdata\local\google\google talk plugin\googletalkplugin.exe | "{060507EF-7F4C-440E-9885-4B0239C7C912}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "{060D41F3-410B-4A11-B202-35442E2B5A95}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\xlbugreport.exe | "{0631266E-650E-4710-9B40-8C4EB4C4A46C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{06A8121A-9BD5-48EC-A62C-69C019E627F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{08712AB5-B95F-4C10-91CC-72BB66AA59F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{09240F27-BAE0-4F1D-AD72-F53B9F356FDB}" = protocol=17 | dir=in | app=d:\360\360jishi\sosclient.exe | "{09A1B381-8AAD-4391-B40F-E87C09FD2BF4}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{0BFA51A9-5F23-48ED-A0A9-04468759133F}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | "{0C714508-1B66-42FB-8C1A-599A07E907C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{0D5248FE-CEB5-469C-88B2-30A2DAA6B542}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | "{0ECDBC7A-ED8A-45CB-9952-3F391AD7DEAB}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe | "{0F5500B7-0610-43B0-BF04-50516AF721A2}" = protocol=6 | dir=in | app=d:\thunder network\program\xbrowser.exe | "{110E0FAF-1944-4CD6-B612-2ED9F2D99665}" = protocol=6 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | "{11A5A4CE-A825-48F0-B594-11A53660A0DC}" = protocol=17 | dir=in | app=d:\360\360safe\netmon\360speedtest.exe | "{11A710F6-3BAB-4736-AEF7-2421F34528FC}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | "{12A2CE59-976F-444A-AC42-A66E591E0B61}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | "{13A6B106-F504-43AA-9334-2E7005DD0495}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | "{14AF0A8B-F233-44D8-82D6-8FBAA28EA6C9}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe | "{14D1761A-4B5A-4E65-A81D-6D34BA133312}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{16B1A12B-5EC9-44F5-9188-FD9BBC2714D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{18CEA925-7C5D-469A-B92C-1BCEF86AF969}" = protocol=17 | dir=in | app=c:\ace of spades\server.exe | "{18FF7609-FB73-4DD2-AF0C-9B06BBCD85E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1A1ADB3A-99A9-4510-ADD3-29BBAE20BDFF}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{1E17DDAD-D6C5-440B-B8EA-9FDBDB7C89FC}" = protocol=6 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | "{1E295890-D8FD-4C49-868C-0673DD9FE0AA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{1EEEA16A-D62A-45B7-8474-0BFC735860FA}" = protocol=6 | dir=in | app=d:\360\360safe\safemon\360tray.exe | "{208AD42F-5153-43AC-8DCC-6ED74B01BDEF}" = protocol=17 | dir=in | app=d:\360\360jishi\winvnc.exe | "{21D12842-7DF6-457F-8A58-C8ADB4F2641F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{21F5E348-1A8F-4F45-8FAE-ED3CCFC063A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{22FED010-9B05-4661-87B6-11754A718000}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | "{23DAF8C4-A354-4EB5-94B0-43F14BBD574C}" = protocol=6 | dir=out | app=system | "{25D28791-12F2-4B16-9A45-63BBB4B25FBD}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{2C5797B0-E861-43C2-BA56-C0AE3DD562AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2F3141B6-A0C0-452B-825A-3FE9CD3E7C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{3106A4B7-0A33-4613-B4B7-C019A7CF51BE}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "{312BE606-828B-4F8D-8347-1336753BA0F0}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{3217E2F8-A0FC-4136-9A14-B7F7E9CAF74F}" = protocol=17 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | "{3255F331-F12C-4CE9-935D-1710A878600D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{365C7CC3-0AF4-4F9E-8635-41FC38360172}" = protocol=58 | dir=in | app=system | "{378866C1-1C62-427F-A124-B7606B351295}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe | "{37F8C60E-B2E0-4D7C-A3E3-D4E97A3CC13C}" = protocol=6 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | "{383B9F87-0DFE-4F81-BDE8-D80812E5FC99}" = protocol=17 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe | "{394340F5-88FE-490E-AD7D-20537712B39F}" = protocol=6 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | "{3AF1F6B5-AB01-4A50-93B0-748309477542}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3B8E3F8E-43E6-4CD0-A8B2-45554E0B7574}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe | "{3C246326-A691-4AAF-BA39-DE8F914BC285}" = protocol=17 | dir=in | app=d:\thunder network\program\thunder.exe | "{3C61E5E4-2EBE-4523-B515-690DCAB20129}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | "{3CEE7923-D1CB-44A3-B25A-00A1511C2D75}" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | "{3D9AD76A-FDD5-4C63-B142-36B0CC69309B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | "{40475388-F816-42C2-9EDC-5F9037DC6D72}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | "{419A50B5-8548-478A-ACCA-459DD3C6ACE6}" = protocol=17 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | "{41F51C51-BC2C-441A-9B2D-36C6F33F69F6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | "{43154DDA-8592-45D6-BD0E-11772CAE5106}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | "{4414141B-9CB7-47D7-88B4-A6D9E34B8935}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{445AACC6-82FE-4398-A14E-980B4485806A}" = protocol=6 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | "{454423F6-D27A-4873-99EB-70A6B020E7A8}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | "{470F7F1B-CA15-477F-9AAB-1DDB9BFAC810}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{492AAF0A-DA57-441D-A250-F8EECE47300F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderplatform.exe | "{49B858D8-4A10-4186-91B1-5BCF4613DECC}" = dir=in | app=c:\users\dou dou\appdata\roaming\allmyapps\allmyapps.exe | "{4A2A0970-68F5-4A9C-86C0-CDB60DF85849}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "{4B446B60-3143-4C82-8899-6A9777B4EC44}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | "{4B97C7B9-5DC7-4EB5-B960-4B768A6F3BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | "{50A04B06-89FE-41DB-B43A-3CA033E20AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\xlbugreport.exe | "{51ECDD78-7BED-496F-AEE0-6E0A57BEB13E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderliveud.exe | "{5510128A-C21D-44DF-9107-F69D52CCCE70}" = protocol=17 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | "{5617FDC5-4A38-473E-BB46-31B2DE7BFEF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{596F9A7F-9CC1-43D5-A903-462A75CA91CA}" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | "{597F9CE9-8508-40B9-B6F2-03EB646A7A5B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{59CBA5DC-1715-4C75-B439-6A4A78FFCF46}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe | "{5D645A6F-CE84-45D2-87CF-E4502C25DE48}" = protocol=6 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | "{5E1155DB-83C6-4952-9916-4DBE08861664}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderliveud.exe | "{5E5A0B3F-D632-4FDA-97F9-B887583E6C93}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | "{5EB9F892-9B60-42D5-A80B-66745DF13A0B}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | "{605E1E3B-649E-44F2-A3EB-71378F0DB2D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{60D854B5-3EC7-4762-9860-EBF11CEDC796}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{63C8A7B7-89C0-4D89-BDEA-8861D66714B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63CF4420-429D-4395-966F-64AE87C684E8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{63F440CE-FE86-48E6-9E86-9BA20B884189}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | "{6403B53B-2062-4C54-8D70-2C7A658CACA9}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | "{67894841-09AC-443E-AEA9-163874D37EE1}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe | "{67B8B213-9D35-41BA-AE55-33644739004B}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | "{6842E1AC-9AD7-4383-AEE8-BCF2A788B369}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{6CB0E62E-8E6F-40C0-92F4-53DE134CBDDC}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | "{6CE99CA6-41EB-4480-9656-95A5CA0AD9CD}" = protocol=17 | dir=in | app=d:\360\360safe\liveupdate360.exe | "{6E3F15BC-5BDC-4993-9219-E362C46014B0}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{6E727537-7822-4D77-B5A3-95758E253906}" = protocol=6 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | "{6EB6C56D-977E-4470-AC78-7E923ADC3300}" = protocol=6 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | "{6F5FD1CA-7B61-495E-B218-668276835EBD}" = protocol=6 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | "{701BDF25-AB59-4853-AC7A-5DD359A199E5}" = protocol=17 | dir=in | app=d:\thunder network\program\thundermobileplatform.exe | "{703B458D-9EB7-48B2-BC51-0F61D4572428}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | "{7205899E-676B-4946-82F4-696A8332AC40}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "{72EDF02E-66C9-4EDA-ACC4-FF23D793D1EC}" = protocol=17 | dir=in | app=d:\360\360safe\safemon\360tray.exe | "{7474B37D-96F8-4E29-950B-4F7833697D4A}" = protocol=17 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | "{76035385-0F33-401C-807D-3663E934591C}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "{76309955-85AF-46E0-AA1A-24A9CBC89D6E}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "{7652289A-FAAE-450B-B6EC-80C411C8CE49}" = protocol=6 | dir=in | app=d:\360\360safe\liveupdate360.exe | "{776C2B08-6864-4C69-935E-81424F424F7C}" = protocol=17 | dir=in | app=d:\360\360safe\safemon\360tray.exe | "{78FB5983-6FA1-433F-9E45-C8A7995D0D5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | "{7A68EE9C-3A9E-4049-B816-BAB9B39F84C8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlliveud.exe | "{7CDAEEC5-5C14-43A2-962F-21B28172CB58}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "{7D637D36-340D-4E7F-9B4C-AA2532AD90C1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7DEA79CA-0E59-4754-A14D-A35E22359354}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | "{7E1C2E3D-1C34-4842-8CFD-97AD1C0BBEB8}" = protocol=6 | dir=in | app=c:\users\dou dou\appdata\local\google\google talk plugin\googletalkplugin.exe | "{7F5ACD09-B562-4DB3-8C75-F2A13ABE9550}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | "{802CB4BC-D939-40D2-8751-27D9D1EA7D63}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{802E18E1-A400-476E-9BB6-12A989A04C42}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | "{808EC050-BC80-4CE5-86DA-A8CF2631CB48}" = protocol=6 | dir=in | app=d:\thunder network\program\thunderliveud.exe | "{80BA4350-6FAF-49E0-9D1D-DFA6D728000A}" = protocol=6 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | "{813F4FA0-5731-4D93-818A-51B45CA6BB6A}" = protocol=17 | dir=in | app=d:\thunder network\program\xbrowser.exe | "{83C7DF7C-CB16-48DE-A85B-B97367953D94}" = protocol=17 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | "{87C8BE84-9334-42BA-A342-CA3EBDA0ED4D}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "{8807CA16-1688-41DA-9957-1280A56FF0EB}" = protocol=17 | dir=in | app=d:\thunder network\program\thunderliveud.exe | "{88342CCA-E6F0-4E41-865E-50506E3DAB18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{8987EB88-61B4-47A0-90E2-D1ED757582EF}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{8A799A3F-9294-41D7-94AA-DE440A8CD93C}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | "{8C13B557-71A2-4644-9980-C267C63ABE37}" = protocol=6 | dir=in | app=d:\360\360safe\safemon\360tray.exe | "{8D8B9A20-923B-4434-9510-4C0F0FFB472B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderplatform.exe | "{91B1150E-88E8-4B99-A32B-43A672D45908}" = protocol=6 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | "{91E1A5AC-DE40-45BE-AB6B-6265CA992768}" = protocol=17 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | "{91F7A310-4C81-4C5A-89D1-D1AF7D8FB0C6}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe | "{92CF889F-7D75-4EBA-B674-0E8EE1CCA604}" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | "{978603A8-F937-4BD8-9521-2E909F225370}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | "{97D2FE73-FA99-4197-BF9F-33E27FFECD0F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{980472CE-0501-49AB-B857-660996765030}" = protocol=17 | dir=in | app=d:\360\360jishi\bbt_thinclient.exe | "{983A73D5-28A2-4C9E-A23A-1F1DFB61287E}" = protocol=6 | dir=in | app=d:\thunder network\program\thunder.exe | "{985B1BD7-9696-4759-AF88-741804A76504}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe | "{98949E10-600A-4F1F-9D92-4BF4ECE3CFB5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderplatform.exe | "{98CCF77B-5936-4AD8-97EE-D1EC3C0A6B93}" = protocol=17 | dir=in | app=d:\thunder network\xldoctor\7.2.13.3882_2\program\xldoctorui.exe | "{991379C0-67D6-4270-9004-FF56EA0CADE1}" = protocol=6 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe | "{99F173EA-32A0-4DE5-AF15-E3846FEE795E}" = protocol=6 | dir=in | app=c:\ace of spades\server.exe | "{9AAE73AC-4515-42FC-8E31-DB4FA1EB92D6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\xlbugreport.exe | "{9D5A1BF2-09BB-4F15-9690-4855312DD970}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9DF203F9-29C3-4BF9-858E-2AFEA1661CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderliveud.exe | "{9E379A3D-EF68-4908-B154-A686827AFCAE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9ECA79F4-E0C8-4733-9D15-6854FF3030D1}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe | "{9F349B0F-4A20-4620-BF24-3A414CEEB614}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{A1796C9D-FF41-4A89-9271-10364C34D961}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | "{A1E25FAA-0097-4BDD-AA59-E978B012B7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | "{A22BC431-7F0E-4ADD-A494-D99AAC3B9D88}" = protocol=6 | dir=in | app=d:\360\360jishi\sosclient.exe | "{A302E55C-CA2B-44ED-9101-F43182AE9AF9}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | "{A383983E-8471-4D21-A315-9EF7B5482581}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A3DD17AD-688E-4DFE-89DA-7DEFB08CCD8E}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | "{A7F45B4E-E415-4B49-900A-BFAD18E918DB}" = protocol=17 | dir=in | app=d:\360\360safe\liveupdate360.exe | "{ABF26417-34CF-43F6-9AC9-86C2CA4B52BB}" = protocol=6 | dir=in | app=d:\thunder network\xldoctor\7.2.13.3882_2\program\xldoctorui.exe | "{AC071CCF-A748-4E90-B343-CB2FC758D2D0}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{AC3E5D02-7085-4F08-AC7D-5E01179EAF3E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{ACEABB1A-0875-4AE4-A281-6202B9690AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "{ADF6D7F9-14B9-494E-848B-8914C85DE42E}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlliveud.exe | "{AF506F58-03E3-4BC2-94C7-F21E0AFA9BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | "{AF56B57C-8205-44BD-A279-8B6FC6D77C03}" = protocol=17 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | "{B12C81C8-5FDF-4E22-91C8-3462A3605586}" = protocol=6 | dir=in | app=d:\thunder network\program\thundermobileplatform.exe | "{B42FC21F-17FD-4C04-A79B-26ABD7A1036F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\xlbugreport.exe | "{B699C357-3625-4627-B533-76573F7C57D6}" = protocol=6 | dir=in | app=d:\360\360safe\liveupdate360.exe | "{B744B848-6DB8-4524-A9DE-49583F3AB3C7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe | "{B84EFC0F-D9E9-4B95-8602-D790E8EC2C17}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | "{BA50D887-E953-4130-9334-86DB2948B926}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | "{BB5150A8-3C17-4768-91FE-0650FB6F35F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BB942F56-73AF-4544-B210-AA37E17F5826}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | "{BBCCC2A4-AE61-4864-BF7E-E65A2744EA28}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe | "{BD7A1738-E6FE-4139-98BF-DCC30103471A}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | "{BDB12B9A-AF8B-4CFA-8D19-E75763F651FD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BDF7C6C8-E8A2-4A21-AB3D-3187A360D2B2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{BE211A47-5CF1-4D71-98BA-89D2E5AFB108}" = protocol=17 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | "{BE30C868-5516-4126-982A-48C112B54BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | "{BE8D38D5-C6AC-4D03-88F4-F460EFC2374B}" = protocol=17 | dir=in | app=d:\360\360safe\netmon\360netman.exe | "{C0F007F5-117B-4568-A289-8282FD000FB3}" = protocol=6 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | "{C328B809-EC22-46CD-9A1D-CB0D8390CD3D}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "{C42D8213-F313-4712-8016-9D8B0A78AB4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CCF74000-8AAE-499C-AFFE-BE4C979164F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CE88ED39-E79E-4815-9F05-36FBFDC7B5A9}" = protocol=6 | dir=in | app=d:\360\360jishi\bbt_thinclient.exe | "{D09B7173-62C4-4018-B8A0-AAC05D454020}" = protocol=6 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | "{D3132DAB-AB0B-4629-AAFC-A8A5B51AABB2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D31EA82F-CAFA-4079-A321-1E3BAB099CC6}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | "{D37B9C1C-F89E-4A96-81D3-9E1EE86B9A8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D4C0FF2E-C4F5-4E91-BD30-00F6CD69D1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | "{D9A920EE-2F3C-479A-8FCF-D18C6F2ECC30}" = protocol=17 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | "{DAD3D7B4-F462-43B0-9FA7-EEF279746BDC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderliveud.exe | "{DB60D983-27FA-4334-B33F-8B7E71FDC050}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | "{DFE249F3-34BE-46F4-89D4-5E99D2C41A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe | "{E0ABF98D-33B7-4BEA-AB86-735C2E979F6E}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | "{E0B4DCCA-9728-4EA4-A07D-387D7A8A8166}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe | "{E1115D31-FD01-4EB6-8606-557ADC503785}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | "{E2B5BD9D-64A0-4360-8CF9-63429BA2F561}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{E64C01DE-C2FA-47AC-8D4B-1E616483721F}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | "{E6DBDE53-219C-47A2-B666-0EB1BA42F5A6}" = protocol=17 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | "{E76E3BBB-7E2A-43D9-ADF9-64C2A64B1D99}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | "{E7A1DDFA-CD35-4197-B5C7-E0B12CE6BF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | "{E92ECDED-4137-4D09-9385-B997807410A1}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "{EA1FF4F4-F39B-49ED-BE21-0CF135001943}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\photoagent.exe | "{EBCAD361-9934-465D-AD25-2DC554EAC96A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{EC553611-648B-4281-A6E4-578F8B5B7CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | "{EC8F9500-8E89-4035-B6A6-91757E03DE52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | "{ED73B499-DC67-4E15-B05A-4E22D7A392EE}" = protocol=6 | dir=in | app=d:\360\360jishi\winvnc.exe | "{EE1EADA3-E50C-4779-88AB-EB6523965040}" = protocol=17 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | "{EE8B7583-2988-43C3-9534-F95CA9E3C86C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFACA21B-E2FF-4D9C-88FE-8386AD4081D7}" = protocol=17 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | "{F152D9E7-D917-484A-A4C9-81F871865A24}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | "{F1D8F277-7594-4DA2-A480-D48CE45C3004}" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | "{F2B5C8AF-7324-43F7-9840-B21B714836C2}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | "{F58FBBC2-930A-437E-99F8-D230C27FFA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | "{F65F7193-D7D6-4FEB-B09C-54B394EEB786}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderplatform.exe | "{F6A5A1BB-9EA9-4C81-B00D-7AC847C71D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | "{F8C9DA40-0124-4DCE-850E-F3BA0B4DBE73}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | "{FB4B22F7-8F57-4CB6-829A-F94B288FDD3A}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | "{FB7BA1C5-C595-4779-A794-FB331DD8935A}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | "{FD28C41B-DEDB-4E54-88D5-3B94DBF6A274}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe | "{FE08B257-A99D-4E49-B640-A162D39E643F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FFA1ADB4-163E-4ADF-9615-D896BEA837FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartvideo.exe | "TCP Query User{03E1A8B7-9161-4F51-8C24-032A8143BBD3}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{06BE37B7-8EB9-4D2D-BD0F-F777ACC86AFA}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "TCP Query User{0D497B95-56B3-48BF-AA11-F680B8B39504}C:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | "TCP Query User{37913198-0B3D-457D-BB7A-F31135C00602}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "TCP Query User{46ABE50F-54AD-4696-9F7A-FC8FC7DB51F0}C:\program files (x86)\baofeng\stormplayer\baofengplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | "TCP Query User{47040877-6588-4D18-9ED2-42453BEE545A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{59C46918-480A-4BCF-996F-370DD03FB90A}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | "TCP Query User{68CC3870-AE5E-4B9F-81FD-4614B7BD90F9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{8D818F5C-A7FB-413B-82E0-3AD520A9DF85}C:\program files (x86)\gta4\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | "TCP Query User{9A0C4C77-287E-4F60-9B3E-65599653A567}D:\thunder network\program\thunder.exe" = protocol=6 | dir=in | app=d:\thunder network\program\thunder.exe | "TCP Query User{AF36A98D-135C-4085-9D88-EC398F40416A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{B4D808C5-AA2A-4ADB-8C6B-780BE6A6C495}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{B5BC1DD1-6F06-411B-939E-19BC89F289F5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "TCP Query User{EF1CAFE3-5E15-48E6-9826-453673FFE86D}C:\ace of spades\server.exe" = protocol=6 | dir=in | app=c:\ace of spades\server.exe | "TCP Query User{FC7DCD33-79E9-42A9-8164-059E813372C4}C:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | "UDP Query User{077CCC91-985D-4844-BB30-95141B805925}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{2B0CE82F-D3EA-445C-9ED3-CDFB7D6A29D8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{3BE4E53C-3998-4FB8-BB11-CD55F3F0F80F}C:\ace of spades\server.exe" = protocol=17 | dir=in | app=c:\ace of spades\server.exe | "UDP Query User{3D64215A-01EE-47CD-A5F7-C65D083A39CD}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | "UDP Query User{4E8D4C33-7941-4875-B716-3B658A4C78EB}C:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | "UDP Query User{57648FBD-EC9F-4BDB-8D3C-AEA48FCD284E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{87E98095-587F-4284-94DF-F401FE4EC564}C:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | "UDP Query User{93A0AD05-1063-4EEF-BEE8-1CDB45542B87}C:\program files (x86)\baofeng\stormplayer\baofengplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | "UDP Query User{B1CBAEFF-0212-40B5-99A9-65BE6B783C9E}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | "UDP Query User{B6F90531-4324-4435-8EC2-9E3246286216}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{D65A350F-BC50-4754-A335-757748BD9A93}D:\thunder network\program\thunder.exe" = protocol=17 | dir=in | app=d:\thunder network\program\thunder.exe | "UDP Query User{D6CF0C68-0FAB-46B0-A669-C6056A99AB9D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{E43D2703-6C90-45EB-ABD2-7E8C051F9B03}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{EE318711-16D4-4979-86AD-036DEAC9C5A7}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{EF3B94DA-238D-4900-A5CA-A6C690598554}C:\program files (x86)\gta4\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Bluetooth by hp"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{90150000-001F-0804-1000-0000000FF1CE}" = Microsoft Office 校对工具 2013 - 简体中文"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.19"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.19"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"WinRAR archiver" = WinRAR 4.20 (64 位) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1"{13759E40-CAD3-4654-8AF7-8C4F76CD8A8A}" = BlueStacks"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display TouchSmart Edition"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21"{27710506-32B1-49B3-B95B-B7C65FA6FA15}" = HP Photo Canvas"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics"{4E575BFF-51A0-474E-A3BA-C0FCF82E6A78}" = HP Touch Browser"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.3"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12"{53D62BFD-049C-45F1-A54B-06A8232B6E56}" = iShowen"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh"{5A71DABE-6A2B-47EA-A1F6-D66E7B08033C}_is1" = Borderlands 2"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple 应用程序支持"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6C44DEFF-8638-49A4-B748-CA59B43F3265}" = Fritz 12"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail"{75781594-73D9-4D7B-997F-14D41BF1514E}" = HP TouchSmart Twitter"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed?World"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP Music"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{93337CC5-9BC4-4FB0-B82E-38EC63E149F3}_is1" = Leawo iTransfer version 1.4.0.1106"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS"{A59442FF-D882-4F87-9231-5C9FA8F25FE8}" = ³õÈý»¯Ñ§ÉÏ(A)"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-2052-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Chinese Simplified"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C6F34AE0-0576-11d4-82FE-4491FCC00000}" = IconViewer"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = IconChanger"{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP Photo"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX"{DBAFF495-A33C-4B9C-81AA-6AAF3F60AE1F}_is1" = 几何画板 5.0最强中文版"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic"{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = Video"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F312B2F8-A700-46D2-A2DD-BB758313EA2F}" = Macromedia Extension Manager"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"ArmA 2" = ArmA 2 Free Uninstall"AVerMedia MiniCard Hybrid TV Tuner" = AVerMedia MiniCard Hybrid TV Tuner 1.1.64.56"Blacklight Retribution" = Blacklight Retribution"BlackShot" = Garena - BlackShot"Borderlands 2_is1" = Borderlands 2"Cobalt" = Cobalt"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic"DAEMON Tools Lite" = DAEMON Tools Lite"Deep Fritz 12 DL" = Deep Fritz 12 DL"HP Photo Creations" = HP Photo Creations"HP Remote Solution" = HP Remote Solution"im" = Garena Plus"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP Music"InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP Photo"InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = Video"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video"LogMeIn Hamachi" = LogMeIn Hamachi"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"MSNProtect" = Windows Live Messenger 加强版组件"NBRTWizard" = Norton Bootable Recovery Tool Wizard"NoIPDUC" = No-IP DUC"Notepad++" = Notepad++"Office14.Click2Run" = Microsoft Office Click-to-Run 2010"Office14.SingleImage" = Microsoft Office Home and Student 2010"PDF Complete" = PDF Complete Special Edition"Simple Port Forwarding" = Simple Port Forwarding"Sogou Input" = 搜狗拼音输入法 6.7正式版"Steam App 440" = Team Fortress 2"StormPlayer" = 暴风影音5"Thunder BHO Platform" = Thunder BHO Platform 2.2.0.1035"thunder_is1" = 迅雷7"Tunngle beta_is1" = Tunngle beta"WinLiveSuite" = Windows Live 软件包"winscp3_is1" = WinSCP 5.1.3"国际象棋弗里茨" = 国际象棋弗里茨 12"侠盗猎车4" = 侠盗猎车4"迅雷看看播放器" = 迅雷看看播放器"迅雷看看高清播放组件" = 迅雷看看高清播放组件"自动优化工具" = 自动优化工具 1.0.0.48 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"ac1ad94e2ed7c137" = TF2 Items Editor"Google Chrome" = Google Chrome"UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 2013/7/5 10:56:34 | Computer Name = doudou-HP | Source = VSS | ID = 8193Description = Error - 2013/7/5 10:56:34 | Computer Name = doudou-HP | Source = System Restore | ID = 8193Description = Error - 2013/7/5 11:11:55 | Computer Name = doudou-HP | Source = Application Error | ID = 1000Description = Faulting application name: uninstall.exe_Setup Factory Runtime, version: 9.0.4.0, time stamp: 0x4eeb8cb2 Faulting module name: uninstall.exe, version: 9.0.4.0, time stamp: 0x4eeb8cb2 Exception code: 0x40000015 Fault offset: 0x001c7ce7 Faulting process id: 0xbbc Faulting application start time: 0x01ce7991f32ed17a Faulting application path: C:\Windows\Simple Port Forwarding\uninstall.exe Faulting module path: C:\Windows\Simple Port Forwarding\uninstall.exe Report Id: 39f35e27-e585-11e2-b605-386077c8247e Error - 2013/7/5 11:12:38 | Computer Name = doudou-HP | Source = Application Error | ID = 1000Description = Faulting application name: uninstall.exe_Setup Factory Runtime, version: 9.0.4.0, time stamp: 0x4eeb8cb2 Faulting module name: uninstall.exe, version: 9.0.4.0, time stamp: 0x4eeb8cb2 Exception code: 0x40000015 Fault offset: 0x001c7ce7 Faulting process id: 0x9c4 Faulting application start time: 0x01ce79920d299638 Faulting application path: C:\Windows\Simple Port Forwarding\uninstall.exe Faulting module path: C:\Windows\Simple Port Forwarding\uninstall.exe Report Id: 53cf3101-e585-11e2-b605-386077c8247e Error - 2013/7/6 00:45:30 | Computer Name = doudou-HP | Source = BstHdAndroidSvc | ID = 0Description = Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013/7/6 00:51:05 | Computer Name = doudou-HP | Source = Application Hang | ID = 1002Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b1c Start Time: 01ce7a040dd66fc9 Termination Time: 5 Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Report Id: 9f4c5385-e5f7-11e2-83b7-d0df9aa61076 Error - 2013/7/6 02:31:50 | Computer Name = doudou-HP | Source = MsiInstaller | ID = 11316Description = Error - 2013/7/6 02:37:02 | Computer Name = doudou-HP | Source = MsiInstaller | ID = 11316Description = Error - 2013/7/6 02:46:44 | Computer Name = doudou-HP | Source = BstHdAndroidSvc | ID = 0Description = Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 2013/7/6 06:45:53 | Computer Name = doudou-HP | Source = SideBySide | ID = 16842832Description = Activation context generation failed for "d:\program files\sogouinput\6.7.0.0163\SGTool.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ Hewlett-Packard Events ]Error - 2012/8/6 09:34:27 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 2012/8/13 09:25:05 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 2012/8/20 00:44:05 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 2012/8/27 05:17:48 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 2012/9/3 00:09:27 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 2012/9/10 08:59:24 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 2012/9/17 05:32:22 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 2012/9/24 04:56:22 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 2012/10/1 02:01:44 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 40 TargetSite: Void UpdateAndDetect() Error - 2012/10/8 01:19:44 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat: en-US RAM: 8172 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() [ System Events ]Error - 2013/7/6 00:46:44 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7000Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053 Error - 2013/7/6 00:47:00 | Computer Name = doudou-HP | Source = NetBT | ID = 4321Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 25.189.153.13. The computer with the IP address 25.79.12.131 did not allow the name to be claimed by this computer. Error - 2013/7/6 00:51:47 | Computer Name = doudou-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939). Error - 2013/7/6 02:40:40 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7030Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 2013/7/6 02:40:41 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect. Error - 2013/7/6 02:40:41 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7000Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: %%1053 Error - 2013/7/6 02:44:53 | Computer Name = doudou-HP | Source = DCOM | ID = 10010Description = Error - 2013/7/6 02:46:44 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7023Description = The BlueStacks Android Service service terminated with the following error: %%1064 Error - 2013/7/6 02:47:14 | Computer Name = doudou-HP | Source = bowser | ID = 8003Description = Error - 2013/7/6 02:51:51 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7030Description = The nProtect GameGuard Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. < End of report >
  19. Here are the logs. Thanks! OTL.txt OTL logfile created on: 2013/7/6 21:24:51 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dou dou\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy/M/d 7.98 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 61.24% Memory free15.96 Gb Paging File | 12.31 Gb Available in Paging File | 77.15% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 912.05 Gb Total Space | 568.30 Gb Free Space | 62.31% Space Free | Partition Type: NTFSDrive D: | 19.37 Gb Total Space | 2.24 Gb Free Space | 11.58% Space Free | Partition Type: NTFS Computer Name: DOUDOU-HP | User Name: dou dou | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/06 21:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dou dou\Downloads\OTL.exePRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exePRC - [2013/06/19 11:38:49 | 009,873,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exePRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\dou dou\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exePRC - [2013/04/30 18:56:54 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/08/29 18:08:46 | 000,577,400 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exePRC - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exePRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exePRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exePRC - [2011/09/16 05:36:28 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exePRC - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exePRC - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exePRC - [2011/08/17 06:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exePRC - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exePRC - [2011/03/26 09:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exePRC - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exePRC - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2008/11/21 02:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2013/06/28 18:55:36 | 000,389,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dllMOD - [2013/06/28 18:55:33 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dllMOD - [2013/06/28 16:29:32 | 002,174,768 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dllMOD - [2013/06/19 11:39:15 | 000,236,336 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dllMOD - [2013/06/19 11:39:14 | 000,856,880 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dllMOD - [2013/06/19 11:39:14 | 000,098,608 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dllMOD - [2013/06/19 11:39:12 | 000,287,024 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dllMOD - [2013/06/19 11:39:12 | 000,133,936 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dllMOD - [2013/06/19 11:39:03 | 001,903,920 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dllMOD - [2013/06/19 11:38:49 | 009,873,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exeMOD - [2013/06/14 23:25:35 | 013,140,872 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dllMOD - [2013/05/29 20:21:27 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dllMOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dllMOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dllMOD - [2013/05/23 13:43:06 | 000,599,504 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dllMOD - [2013/05/23 13:43:05 | 000,124,368 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dllMOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dllMOD - [2013/05/15 12:27:35 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\271ef233b83ada113cfea94ecbcff020\System.IdentityModel.ni.dllMOD - [2013/05/15 12:27:34 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dcfb28a7d4951481319eaa4e3353d2b5\System.ServiceModel.ni.dllMOD - [2013/05/15 12:26:38 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0303c10ed5a18fad23197179dad69829\ReachFramework.ni.dllMOD - [2013/05/15 12:26:31 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ad4e3fd4f3bc61f9255b89853f9517d0\System.Runtime.DurableInstancing.ni.dllMOD - [2013/05/15 12:26:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\acb98d54c594f4736ac2d97c84db2bb4\System.Runtime.Serialization.ni.dllMOD - [2013/05/15 10:35:21 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\982e2b96175ba7ec1ed584f81b362aca\PresentationCore.ni.dllMOD - [2013/05/15 10:35:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a07737b92dff00eadb852a3fe654676\System.Windows.Forms.ni.dllMOD - [2013/05/15 10:35:14 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7622c8820556cde07c1948f3f48e83df\System.Core.ni.dllMOD - [2013/05/15 10:35:13 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\77aaf9593f460b4c6c72a2915c833161\WindowsBase.ni.dllMOD - [2013/05/15 10:35:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\739dab9e00d22ebf960776ead08c8e73\System.Configuration.ni.dllMOD - [2013/05/09 12:38:48 | 000,590,128 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dllMOD - [2013/05/09 12:38:48 | 000,460,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dllMOD - [2013/05/09 12:38:48 | 000,194,864 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dllMOD - [2013/05/09 12:38:46 | 000,516,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dllMOD - [2013/05/09 12:38:46 | 000,245,040 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dllMOD - [2013/05/09 12:38:46 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dllMOD - [2013/05/09 12:38:46 | 000,068,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dllMOD - [2013/05/09 12:38:44 | 001,543,984 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dllMOD - [2013/05/09 12:38:44 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dllMOD - [2013/05/09 12:38:42 | 000,065,840 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dllMOD - [2013/05/09 12:38:42 | 000,055,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dllMOD - [2013/05/09 12:38:42 | 000,016,688 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dllMOD - [2013/05/09 12:38:40 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dllMOD - [2013/05/09 12:38:38 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dllMOD - [2013/05/09 12:38:38 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dllMOD - [2013/05/09 12:38:38 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dllMOD - [2013/05/09 12:38:38 | 000,184,624 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dllMOD - [2013/05/09 12:38:32 | 000,147,248 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xIM.dllMOD - [2013/05/09 12:38:32 | 000,026,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dllMOD - [2013/05/09 12:38:30 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dllMOD - [2013/05/09 12:38:30 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dllMOD - [2013/05/09 12:38:30 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dllMOD - [2013/05/09 12:38:28 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dllMOD - [2013/05/09 12:38:24 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dllMOD - [2013/05/09 12:38:24 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dllMOD - [2013/05/09 12:38:22 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dllMOD - [2013/05/09 12:38:20 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dllMOD - [2013/05/09 12:38:20 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dllMOD - [2013/05/09 12:38:20 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dllMOD - [2013/05/03 15:34:54 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\ggspawn.dllMOD - [2013/04/30 18:56:54 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exeMOD - [2013/04/20 06:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dllMOD - [2013/02/01 13:42:28 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dllMOD - [2013/01/11 20:10:33 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fce2acd42e271e44ef1c29ecfe03b030\SMDiagnostics.ni.dllMOD - [2013/01/09 17:19:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cd38ddfac4535d1fc8b285244cfe2350\System.Xml.ni.dllMOD - [2013/01/09 17:19:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d67ab5fb461b6917c67d587eca870c44\System.Drawing.ni.dllMOD - [2013/01/09 17:18:59 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e19f70f3c84abc64e1f1b7e76333a372\System.ni.dllMOD - [2013/01/09 17:18:55 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f86110621e29c00e2db8f462781529fe\mscorlib.ni.dllMOD - [2012/12/12 13:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllMOD - [2012/10/05 18:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dllMOD - [2012/10/05 18:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllMOD - [2012/08/31 18:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dllMOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dllMOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dllMOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dllMOD - [2011/10/18 09:54:24 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dllMOD - [2011/02/16 03:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dllMOD - [2010/11/21 11:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dllMOD - [2010/11/21 11:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dllMOD - [2009/06/11 05:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/11/05 20:44:31 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2012/11/05 20:44:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV:64bit: - [2011/03/26 09:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV:64bit: - [2010/10/11 18:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)SRV - [2013/06/25 18:03:50 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)SRV - [2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)SRV - [2013/06/17 20:13:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/06/07 06:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/05/08 09:28:54 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/03/20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)SRV - [2013/01/10 10:49:48 | 000,202,048 | ---- | M] (Just Orange) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN\Service\wlcommsvc.exe -- (wlcommsvc)SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)SRV - [2012/08/29 18:08:00 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)SRV - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)SRV - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)SRV - [2011/08/13 01:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)SRV - [2011/03/08 07:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)SRV - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/05/24 21:27:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/11/05 20:44:32 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/11/18 16:02:08 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)DRV:64bit: - [2011/11/18 15:25:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/11/18 15:25:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)DRV:64bit: - [2011/09/30 11:07:08 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/09/27 06:31:10 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)DRV:64bit: - [2011/09/09 09:02:24 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)DRV:64bit: - [2011/08/24 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/06/24 05:48:22 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)DRV:64bit: - [2011/06/24 05:48:18 | 000,016,152 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)DRV:64bit: - [2011/06/24 05:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)DRV:64bit: - [2011/05/05 08:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2011/03/26 10:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)DRV:64bit: - [2011/03/26 10:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)DRV:64bit: - [2011/03/26 10:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)DRV:64bit: - [2011/03/26 10:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)DRV:64bit: - [2011/03/26 10:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/21 11:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/11 12:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)DRV:64bit: - [2010/10/20 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)DRV:64bit: - [2010/07/13 20:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)DRV:64bit: - [2010/03/23 11:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)DRV - [2012/08/29 18:08:28 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFIE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFIE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002" IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\dou dou\DownloadsIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/goto?v=Af81002IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}: "URL" = http://www.baidu.com/s?wd={searchTerms}&tn=site888_1_pg&cl=3&ie=utf-8IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ File not foundFF - HKLM\Software\MozillaPlugins\@360.cn/npnpsosalbum;version=1.0: D:\360\360jishi\np360album.dll File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.14.0.101\npxbdyy.dll File not foundFF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(14).dll (ShenZhen Thunder Networking Technologies Ltd.)FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: D:\360\360Safe\MobileMgr\np360MMPlugIn.dll File not foundFF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_1CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dllCHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dllCHR - plugin: 360\u7F51\u76FE (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLCHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dllCHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Google Update (Enabled) = C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: XunLei Plugin (Enabled) = D:\Thunder Network\data\npxunlei1.0.0.1.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: Google Drive = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: AdBlock = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\CHR - Extension: Thunder Download Extension for Chrome = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\CHR - Extension: Skip video ads on Youtube = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanobjfgoogmilhpmlciifoaflmojigf\0.1.1_0\CHR - Extension: Battlefield Play4Free = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\CHR - Extension: Gmail = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/07/05 23:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (迅雷下载支持) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.5.4480.dll (深圳市迅雷网络技术有限公司)O2:64bit: - BHO: (EyeOnIE Class) - {20E1725C-7237-41A9-954A-04DCCB1FD16C} - C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll (北京暴风科技股份有限公司)O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (迅雷FLV视频嗅探及下载支持) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Thunder Network\BHO\XlBrowserAddin1.0.8.71.dll File not foundO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (迅雷下载支持) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.5.4480.dll (深圳市迅雷网络技术有限公司)O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\360\360Safe\safemon\safemon.dll File not foundO2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (迅雷BHO平台) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll (深圳市迅雷网络技术有限公司)O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)O3 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)O4 - HKLM..\Run: [systray] C:\Windows\SysWOW64\systray.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000..\Run: [Thunder] C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe (深圳市迅雷网络技术有限公司)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Thunder Network\BHO\OfflineDownload.htm File not foundO8:64bit: - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()O8:64bit: - Extra context menu item: &迅雷下载到手机 - http://static.u.155.com/shoulei/shouleidl.htm File not foundO8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()O8:64bit: - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Thunder Network\BHO\OfflineDownload.htm File not foundO8 - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()O8 - Extra context menu item: &迅雷下载到手机 - http://static.u.155.com/shoulei/shouleidl.htm File not foundO8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()O8 - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.50O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053F7BFD-2D08-4426-8F68-504CBC8B65D3}: DhcpNameServer = 192.168.0.50O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6A295E-9AA0-47EC-A24C-B96F1DD0C4CF}: DhcpNameServer = 7.254.254.254O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/06 14:51:51 | 005,635,016 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi[2013/07/06 14:26:28 | 000,000,000 | ---D | C] -- C:\迅雷下载[2013/07/06 14:26:15 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp90.dll[2013/07/06 14:26:14 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr90.dll[2013/07/06 14:26:13 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl90.dll[2013/07/06 14:25:54 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\Thunder Network[2013/07/06 14:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thunder Network[2013/07/06 12:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2013/07/05 23:21:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/07/05 23:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/07/05 11:17:07 | 000,000,000 | ---D | C] -- C:\FRST[2013/07/03 20:29:42 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe[2013/07/03 20:17:04 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360电脑专家优化工具[2013/07/02 23:11:49 | 000,000,000 | ---D | C] -- C:\Users\dou dou\minecraft[2013/07/02 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Malwarebytes[2013/07/02 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/07/02 23:09:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/07/02 23:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/07/02 22:34:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/07/02 22:34:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/07/02 22:34:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/07/02 22:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/07/02 22:30:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/07/02 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264 Video Codec[2013/07/01 22:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache[2013/06/27 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oxeye Games[2013/06/21 03:05:36 | 000,035,272 | ---- | C] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.exe[2013/06/21 03:05:34 | 000,080,328 | ---- | C] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.dll[2013/06/20 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\Rockstar Games[2013/06/20 09:51:04 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\Rockstar Games[2013/06/19 09:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arab-GB[2013/06/17 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA4[2013/06/17 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdown[2013/06/17 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdown[2013/06/15 22:00:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/15 22:00:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/13 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\National Geographic and other Educational Books[2013/06/13 09:14:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/06/13 09:14:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/06/13 09:14:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/06/13 09:11:46 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/06/13 09:11:46 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/06/12 09:30:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/06/12 09:30:14 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/06/12 09:28:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/06/12 09:28:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/06/12 09:28:06 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/06/12 09:27:58 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/06/12 09:27:58 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/06/12 09:27:58 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe[2013/06/12 09:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/06/12 09:23:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/06/12 09:23:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/06/12 09:23:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/06/12 09:23:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/06/12 09:23:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/06/12 09:23:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/06/12 09:23:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/06/12 09:23:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/06/12 09:23:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/06/12 09:23:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/06/12 09:23:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/06/12 09:23:00 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/06/11 12:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\APN[2013/06/10 22:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版[2013/06/10 22:15:23 | 001,396,736 | ---- | C] (画板论坛) -- C:\Windows\System\jhhb5.ocx[2013/06/10 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sketchpad5[2013/06/10 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\CompleteNatGeo[2013/06/10 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1[2013/06/09 20:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Geographic[2013/06/09 20:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Geographic[2013/06/09 20:44:05 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\download[2013/06/09 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Bitcoin[2013/06/08 23:08:17 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Armory[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/06 18:50:39 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/07/06 18:50:39 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/07/06 16:36:16 | 000,008,017 | ---- | M] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip[2013/07/06 14:46:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/07/06 14:46:05 | 2132,000,767 | -HS- | M] () -- C:\hiberfil.sys[2013/07/06 14:25:45 | 000,002,446 | ---- | M] () -- C:\Users\dou dou\Desktop\迅雷7.lnk[2013/07/06 14:25:45 | 000,002,287 | ---- | M] () -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk[2013/07/05 23:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/07/05 21:15:22 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\config.properties[2013/07/05 19:42:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol[2013/07/04 19:05:29 | 000,000,861 | ---- | M] () -- C:\Users\dou dou\Desktop\360软件管家.lnk[2013/07/03 21:11:42 | 001,809,193 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg[2013/07/03 21:11:42 | 000,726,439 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg[2013/07/03 21:11:42 | 000,219,230 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg[2013/07/03 21:11:42 | 000,106,423 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg[2013/07/03 21:11:41 | 001,409,748 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg[2013/07/03 21:11:41 | 000,781,256 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg[2013/07/03 21:11:41 | 000,120,044 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg[2013/07/02 23:09:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/02 22:18:50 | 3236,171,776 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td[2013/07/02 22:18:49 | 4113,305,599 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td[2013/07/02 22:18:49 | 4103,639,039 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td[2013/07/02 22:18:49 | 4086,894,591 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td[2013/07/02 22:18:49 | 4085,682,175 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td[2013/07/02 22:18:48 | 3824,881,663 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td[2013/07/02 22:18:48 | 2919,178,240 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td[2013/07/02 19:23:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordou dou.job[2013/06/30 10:16:57 | 000,035,158 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile_u[2013/06/30 10:16:53 | 000,000,016 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile[2013/06/27 17:29:27 | 000,000,915 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini[2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des[2013/06/25 07:45:13 | 000,005,588 | ---- | M] () -- C:\Windows\SysWow64\nppt9x.vxd[2013/06/21 03:05:36 | 000,035,272 | ---- | M] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.exe[2013/06/21 03:05:34 | 000,080,328 | ---- | M] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.dll[2013/06/18 09:26:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/06/17 20:13:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/06/17 20:13:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/06/17 17:44:34 | 000,803,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/06/17 17:44:34 | 000,668,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/06/17 17:44:34 | 000,128,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/06/11 16:44:53 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue[2013/06/11 10:27:25 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue[2013/06/11 10:27:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue[2013/06/11 10:15:39 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue[2013/06/10 22:33:28 | 000,001,536 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat[2013/06/10 22:15:24 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\几何画板.lnk[2013/06/10 22:01:00 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue[2013/06/10 21:50:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue[2013/06/10 18:17:58 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue[2013/06/10 11:56:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat[2013/06/10 09:02:48 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue[2013/06/09 20:49:56 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk[2013/06/09 20:30:22 | 119,554,637 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air[2013/06/08 22:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/08 19:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/06 16:36:16 | 000,008,017 | ---- | C] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip[2013/07/06 14:51:43 | 000,005,588 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd[2013/07/05 21:14:46 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\config.properties[2013/07/02 23:09:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/07/02 22:34:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/07/02 22:34:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/07/02 22:34:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/07/02 22:34:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/07/02 22:34:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/06/12 18:32:23 | 3236,171,776 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td[2013/06/12 18:32:23 | 000,120,044 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg[2013/06/11 16:44:53 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue[2013/06/11 10:27:25 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue[2013/06/11 10:27:16 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue[2013/06/11 10:15:39 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue[2013/06/10 22:33:28 | 000,001,536 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat[2013/06/10 22:15:24 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\几何画板.lnk[2013/06/10 22:01:00 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue[2013/06/10 18:17:57 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue[2013/06/10 11:56:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat[2013/06/10 09:02:48 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue[2013/06/10 08:36:29 | 3824,881,663 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td[2013/06/10 08:36:29 | 001,409,748 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg[2013/06/10 08:34:14 | 2919,178,240 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td[2013/06/10 08:34:14 | 000,106,423 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg[2013/06/09 20:50:24 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue[2013/06/09 20:49:56 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk[2013/06/09 20:44:21 | 4086,894,591 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td[2013/06/09 20:40:05 | 4085,682,175 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td[2013/06/09 20:39:50 | 000,781,256 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg[2013/06/09 20:35:55 | 4103,639,039 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td[2013/06/09 20:33:56 | 001,809,193 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg[2013/06/09 20:32:10 | 000,726,439 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg[2013/06/09 20:32:07 | 4113,305,599 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td[2013/06/09 20:32:07 | 000,219,230 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg[2013/06/09 20:28:58 | 119,554,637 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air[2013/01/17 19:38:35 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe[2013/01/17 18:47:37 | 000,000,600 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\winscp.rnd[2013/01/16 21:11:13 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe[2013/01/16 21:11:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe[2012/09/09 15:02:34 | 000,110,223 | ---- | C] () -- C:\Users\dou dou\final_bstSnapshot_36619.jpg[2012/07/06 19:46:58 | 000,000,548 | ---- | C] () -- C:\Users\dou dou\test.trace.db[2012/07/06 19:46:27 | 000,026,624 | ---- | C] () -- C:\Users\dou dou\test.h2.db[2012/07/06 19:46:27 | 000,000,188 | ---- | C] () -- C:\Users\dou dou\.h2.server.properties[2012/06/29 20:20:18 | 000,007,600 | ---- | C] () -- C:\Users\dou dou\AppData\Local\Resmon.ResmonCfg[2012/06/02 21:05:06 | 000,000,915 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini[2012/05/28 22:41:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2012/04/07 23:04:40 | 000,000,070 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.ini[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbt[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbs[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbp[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbm[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbj[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbe[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbc[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbg[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cba[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cit[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cib[2012/04/04 18:52:37 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat[2012/03/25 17:09:53 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat[2011/09/07 04:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ==========[2013/07/03 21:11:39 | 000,000,825 | ---- | M] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk[2012/05/20 10:53:08 | 000,001,151 | ---- | M] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±?·?ó°ò?5.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk[2012/05/20 10:53:08 | 000,001,151 | ---- | C] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±?·?ó°ò?5.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk[2012/03/25 17:10:17 | 000,000,825 | ---- | C] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\èú?á1áí¨) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÈÚ»á¹áͨ(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±?·?ó°ò?5) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±©·çÓ°Òô5(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??à×èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ѸÀ×Èí¼þ < End of report >
  20. Here is the logs: Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.07.06.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16618dou dou :: DOUDOU-HP [administrator] Protection: Enabled 2013/7/6 12:52:09mbam-log-2013-07-06 (12-52-09).txt Scan type: Full scan (C:\|D:\|Q:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 541011Time elapsed: 59 minute(s), 31 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 7C:\Qoobox\Quarantine\D\360\360Safe\360leakfixer.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\D\360\360Safe\360LeakFixPlugin.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\D\360\360Safe\leakrepair.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\D\360\360Safe\ipc\PatchCheck.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\D\360\360Safe\modules\360vulsetup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\D\360\360Safe\safemon\BootLeakFixer.tpi.vir (Trojan.Agent) -> Quarantined and deleted successfully.C:\Qoobox\Quarantine\D\360\360Safe\Utils\360leakfixerdll.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  21. Sorry about the incomplete log. Here is the appropriate one. ComboFix.txt
  22. This is the logs: ComboFix 13-07-04.01 - dou dou 3/07/05 周五 19:30:21.3.8 - x64 NETWORKMicrosoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.8172.7206 [GMT 8:00]执行位置: C:\Users\dou dou\Downloads\ComboFix.exeCommand switches used :: C:\Users\dou dou\Downloads\CFScript.txtSP: 360安全卫士 *Disabled/Updated* {1B9CA0DF-D058-CF02-4191-CE0E96A510E8}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点 FILE ::"c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys""c:\windows\SYSNATIVE\Drivers\360Camera64.sys""c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys""c:\windows\SYSNATIVE\Drivers\BAPIDRV64.SYS""c:\windows\system32\drivers\360AntiHacker64.sys""c:\windows\system32\drivers\360Box64.sys""c:\windows\system32\drivers\360Camera64.sys""c:\windows\system32\drivers\360FsFlt.sys""c:\windows\system32\drivers\360netmon.sys""c:\windows\system32\nsd5AFF.tmp""c:\windows\system32\SogouPY.ime""c:\windows\SysWow64\GameMon.des""c:\windows\SysWow64\nppt9x.vxd""c:\windows\SysWow64\nsy5959.tmp""c:\windows\SysWow64\shoC47C.tmp""c:\windows\SysWow64\SogouPY.ime""c:\windows\Tasks\AllmyappsUpdateTask.job"
  23. When I start up the computer, it says that it is "Checking file system on c:\. The type of the file system is NTFS. Volume label is OS. One of your disks needs to be checked for consistency". It deleted a corrupted attribute record from file record segment 2287 (128 " "). Is this normal? Or has my computer been destroyed by the virus badly?
  24. Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013Ran by SYSTEM at 2013-07-04 22:22:25 Run:1Running from G:\Boot Mode: Recovery============================================== HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\360Safetray => Value deleted successfully.360js => Service deleted successfully.ZhuDongFangYu => Service deleted successfully.BAPIDRV64 => Service deleted successfully.BeepMbr => Service deleted successfully.360AntiHacker => Service deleted successfully.360Box64 => Service deleted successfully.360Camera => Service deleted successfully.360FsFlt => Service deleted successfully.360netmon => Service deleted successfully.S2 TMAgent; => Service not found.C:\Users\dou dou\AppData\Roaming\360SuperKiller => Moved successfully.C:\Users\dou dou\AppData\Roaming\360DiagnoseScan => Moved successfully.C:\Users\dou dou\AppData\Roaming\360safe => Moved successfully."D:\360" => File/Directory not found.C:\ProgramData\360safe => Moved successfully.C:\Windows\System32\Drivers\360AntiHacker64.sys => Moved successfully.C:\Windows\System32\DRIVERS\360Box64.sys => Moved successfully.C:\Windows\System32\Drivers\360Camera64.sys => Moved successfully.C:\Windows\System32\DRIVERS\360FsFlt.sys => Moved successfully.C:\Windows\System32\DRIVERS\360netmon.sys => Moved successfully.C:\Users\dou dou\AppData\Roaming\360Login => Moved successfully.C:\360SANDBOX => Moved successfully. ==== End of Fixlog ====
  25. For some reason, now I actually do have internet on the infected computer. Thanks a lot! Here is the logs: ComboFix 13-07-02.02 - dou dou 3/07/04 周四 22:30:11.2.8 - x64 NETWORKMicrosoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.8172.6761 [GMT 8:00]执行位置: c:\users\dou dou\Downloads\ComboFix.exeSP: 360安全卫士 *Disabled/Updated* {1B9CA0DF-D058-CF02-4191-CE0E96A510E8}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点..((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\dou dou\AppData\Local\Microsoft\Windows\Temporary Internet Files\tipcondition_v1.2.datc:\users\dou dou\AppData\Roaming\360SEc:\users\dou dou\AppData\Roaming\360SE\data\360sefav.dbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_03_26.favdbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_02.favdbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_06.favdbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_07.favdbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_08.favdbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_09.favdbc:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_12.favdbc:\users\dou dou\AppData\Roaming\poclbmc:\users\dou dou\AppData\Roaming\poclbm\poclbm.inic:\users\dou dou\AppData\Roaming\SogouExplorerc:\users\dou dou\AppData\Roaming\SogouExplorer\sogou_explorer_silent_3.2.0.4716_2170.exec:\windows\Downloaded Program Files\655368c:\windows\Downloaded Program Files\655368\SetupAx.dllc:\windows\PFRO.logc:\windows\SysWow64\frapsvid.dllc:\windows\SysWow64\ptc:\windows\SysWow64\pt\Lagoon.resources.dllc:\windows\wininit.iniD:\360Downloadsd:\360downloads\360极速浏览器.exed:\360downloads\Adobe Flash Player for IE_11.5.exed:\360downloads\Adobe Flash Player Plugin_11.5.exed:\360downloads\Adobe Reader XI_11.0.exed:\360downloads\Daemon_Tools_4.46.1.327.exed:\360downloads\Hamachi_2.1.0.296.msid:\360downloads\iTunesSetup_11.0.1.12.exed:\360downloads\Notepad_6.2.3.exed:\360downloads\Skype_5.10正式版.exe..((((((((((((((((((((((((( 2013-06-04 至 2013-07-04 的新的档案 )))))))))))))))))))))))))))))))..2013-07-05 03:17 . 2013-07-05 03:17 -------- d-----w- C:\FRST2013-07-04 14:38 . 2013-07-04 14:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-07-04 14:38 . 2013-07-04 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-04 14:36 . 2013-05-08 09:27 304312 ----a-w- c:\windows\system32\drivers\360Box64.sys2013-07-04 14:33 . 2013-04-03 09:29 61120 ----a-w- c:\windows\system32\drivers\360netmon.sys2013-07-04 14:33 . 2012-05-22 09:56 40688 ----a-w- c:\windows\system32\drivers\360Camera64.sys2013-07-04 14:33 . 2013-06-24 02:42 70336 ----a-w- c:\windows\system32\drivers\360AntiHacker64.sys2013-07-04 14:33 . 2013-05-15 07:03 225976 ----a-w- c:\windows\system32\drivers\360FsFlt.sys2013-07-04 14:32 . 2013-07-04 14:32 -------- d-----w- c:\users\dou dou\AppData\Roaming\360Login2013-07-04 14:32 . 2013-07-04 14:33 -------- d-----w- c:\users\dou dou\AppData\Roaming\360Safe2013-07-02 15:11 . 2013-07-02 15:11 -------- d-----w- c:\users\dou dou\minecraft2013-07-02 15:09 . 2013-07-02 15:09 -------- d-----w- c:\users\dou dou\AppData\Roaming\Malwarebytes2013-07-02 15:09 . 2013-07-02 15:09 -------- d-----w- c:\programdata\Malwarebytes2013-07-02 15:09 . 2013-07-02 15:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-07-02 15:09 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-02 13:38 . 2013-07-02 13:38 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll2013-07-02 13:38 . 2013-07-02 13:38 -------- d-----w- c:\program files (x86)\x264 Video Codec2013-07-02 11:30 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1445541-DDE9-4448-9F65-E33D45DE79D2}\mpengine.dll2013-07-01 14:14 . 2013-07-01 14:14 -------- d-----w- c:\program files (x86)\MSECache2013-06-27 03:31 . 2013-06-27 03:31 -------- d-----w- c:\program files (x86)\Oxeye Games2013-06-20 01:51 . 2013-06-20 01:51 -------- d-----w- c:\users\dou dou\AppData\Local\Rockstar Games2013-06-19 01:19 . 2013-06-19 01:19 -------- d-----w- c:\program files (x86)\Arab-GB2013-06-17 12:15 . 2013-06-17 12:35 -------- d-----w- c:\program files (x86)\GTA42013-06-13 01:14 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-13 01:14 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-06-13 01:14 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-06-13 01:14 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-13 01:11 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-06-13 01:11 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll2013-06-12 01:33 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-12 01:30 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 01:30 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-12 01:28 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll2013-06-12 01:28 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-06-12 01:28 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-06-12 01:28 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-06-12 01:28 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-06-12 01:27 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-12 01:27 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-06-12 01:27 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-06-12 01:27 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe2013-06-12 01:27 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-06-12 01:22 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll2013-06-12 01:22 . 2013-05-17 00:58 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll2013-06-12 01:22 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-06-12 01:22 . 2013-05-17 01:25 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll2013-06-12 01:22 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll2013-06-12 01:22 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-06-12 01:22 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll2013-06-12 01:22 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-06-11 04:55 . 2013-06-11 04:55 -------- d-----w- c:\programdata\APN2013-06-10 14:15 . 2013-06-10 14:15 -------- d-----w- c:\program files (x86)\Sketchpad52013-06-10 11:23 . 2013-06-10 11:23 -------- d-----w- c:\users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.12013-06-09 12:49 . 2013-06-09 12:49 -------- d-----w- c:\program files (x86)\National Geographic2013-06-09 09:09 . 2013-06-12 12:32 -------- d-----w- c:\users\dou dou\AppData\Roaming\Bitcoin2013-06-08 15:08 . 2013-06-08 15:09 -------- d-----w- c:\users\dou dou\AppData\Roaming\Armory...(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-24 23:53 . 2012-04-23 14:01 5635016 ----a-w- c:\windows\SysWow64\GameMon.des2013-06-24 23:45 . 2012-04-23 14:01 5588 ----a-w- c:\windows\SysWow64\nppt9x.vxd2013-06-17 12:13 . 2012-05-24 08:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-06-17 12:13 . 2011-11-18 07:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-13 14:04 . 2012-03-29 15:16 75825640 ----a-w- c:\windows\system32\MRT.exe2013-05-30 10:48 . 2013-05-30 10:48 0 ----a-w- c:\windows\system32\nsd5AFF.tmp2013-05-30 10:48 . 2013-05-30 10:48 0 ----a-w- c:\windows\SysWow64\nsy5959.tmp2013-05-29 15:26 . 2013-05-29 15:26 0 ----a-w- c:\windows\SysWow64\shoC47C.tmp2013-05-28 08:07 . 2013-05-28 08:07 5316720 ----a-w- c:\windows\system32\SogouPY.ime2013-05-28 08:07 . 2013-05-28 08:07 3074160 ----a-w- c:\windows\SysWow64\SogouPY.ime2013-05-24 13:34 . 2013-05-24 13:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-05-24 13:34 . 2012-06-20 07:20 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-05-24 13:34 . 2012-04-26 14:18 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-05-24 13:29 . 2013-05-24 13:29 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2013-05-24 13:29 . 2013-05-24 13:30 311200 ----a-w- c:\windows\system32\javaws.exe2013-05-24 13:29 . 2013-05-24 13:29 188832 ----a-w- c:\windows\system32\javaw.exe2013-05-24 13:29 . 2013-05-24 13:29 188320 ----a-w- c:\windows\system32\java.exe2013-05-24 13:29 . 2012-07-08 13:21 971680 ----a-w- c:\windows\system32\deployJava1.dll2013-05-24 13:29 . 2012-07-08 13:21 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll2013-05-24 13:27 . 2013-05-24 13:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys2013-05-11 14:38 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-06 09:12 . 2012-03-25 08:06 190136 ----a-w- c:\windows\system32\drivers\BAPIDRV64.SYS2013-05-01 18:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-30 19:59 . 2013-04-30 19:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx2013-04-30 19:59 . 2013-04-30 19:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts2013-04-13 05:49 . 2013-05-15 02:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 02:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 02:41 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 02:41 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 02:41 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 02:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-24 09:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 06:01 . 2013-05-15 02:44 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 06:01 . 2013-05-15 02:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 03:30 . 2013-05-15 02:42 3153920 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白与合法缺省登录将不会被显示 REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]2013-01-21 02:51 88520 ----a-w- d:\thunder network\BHO\XlBrowserAddin1.0.8.71.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]2012-11-14 11:32 251856 ----a-w- c:\program files (x86)\Common Files\Thunder Network\Kankan\xappex.1.1.1.62.(987).dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-09-15 121648]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-08-29 577400]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]"Systray"="c:\windows\syswow64\systray.exe" [2009-07-14 8192]"360Safetray"="d:\360\360Safe\safemon\360Tray.exe" [2013-05-24 881584].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-26 1137952].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VAGP ATX Chipset]@="Driver Group".R1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]R1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]R1 BAPIDRV;BAPIDRV;c:\windows\System32\Drivers\BAPIDRV64.SYS;c:\windows\SYSNATIVE\Drivers\BAPIDRV64.SYS [x]R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]R3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys;c:\windows\SYSNATIVE\DRIVERS\AVerAVF2.sys [x]R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]R3 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]R3 SkypeUpdate;Skype Updater;c:\program files (x86)\skype\Updater\Updater.exe;c:\program files (x86)\skype\Updater\Updater.exe [x]R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 wlcommsvc;wlcommsvc;c:\program files (x86)\MSN\Service\wlcommsvc.exe;c:\program files (x86)\MSN\Service\wlcommsvc.exe [x]R3 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost;c:\windows\SYSNATIVE\svchost [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys;c:\windows\SYSNATIVE\drivers\NWVoltron.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]XLServicePlatform REG_MULTI_SZ XLServicePlatform. ‘计划任务’ 文件夹 里的内容.2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 12:13].2013-06-06 c:\windows\Tasks\AllmyappsUpdateTask.job- c:\users\dou dou\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [2013-05-13 13:55].2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core.job- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46].2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core1cdf098e1994741.job- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46].2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA.job- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46].2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA1cdf098e2774e71.job- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46].2013-07-02 c:\windows\Tasks\HPCeeScheduleFordou dou.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]2013-01-21 02:51 628680 ----a-w- d:\thunder network\BHO\XunleiBHO647.2.13.3882.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\360UDiskGuard Icon Overlay]@="{CC00F81D-5262-450A-B1FA-D6BEE3406263}"[HKEY_CLASSES_ROOT\CLSID\{CC00F81D-5262-450A-B1FA-D6BEE3406263}]2013-02-05 09:34 219768 ----a-w- d:\360\360Safe\safemon\360UDiskGuard64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-11-05 37888]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-05 1424896].------- 而外的扫描 -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;<local>uInternet Settings,ProxyServer = 5.109.141.61:25565IE: &ê1ó?&??à×à??????? - d:\thunder network\BHO\OfflineDownload.htmIE: &使用&迅雷下载 - d:\thunder network\BHO\GetUrl.htmIE: &使用&迅雷下载全部链接 - d:\thunder network\BHO\GetAllUrl.htmIE: &使用&迅雷离线下载 - d:\thunder network\BHO\OfflineDownload.htmIE: &迅雷下载到手机 - http://static.u.155.com/shoulei/shouleidl.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀N}廬@="d:\\Thunder Network\\BHO\\GetUrl.htm""Contexts"=dword:00000022"Name"="xl_geturl".[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀N}廻Q钀]@="d:\\Thunder Network\\BHO\\GetAllUrl.htm""Contexts"=dword:000000f3"Name"="xl_getallurl".[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀粂縹N}廬@Allowed: (Read) (RestrictedCode)@="d:\\Thunder Network\\BHO\\OfflineDownload.htm""Name"="xl_offlinedownload""Contexts"=dword:00000022.[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*艔鳀N}?RKb:g]@Allowed: (Read) (RestrictedCode)@="http://static.u.155.com/shoulei/shouleidl.htm""Contexts"=dword:00000022.[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\燨譾sf?*]"DisplayName"="侠盗猎车4""UninstallString"="c:\\Program Files (x86)\\GTA4\\uninst.exe""DisplayIcon"="c:\\Program Files (x86)\\GTA4\\NoRGSC.exe""URLInfoAbout"="http://www.yxdown.com/update.asp?name=%E4'>"Publisher"="".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ 其他运行进程 ------------------------.c:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exec:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exec:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exec:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe.**************************************************************************.完成时间: 2013-07-04 22:46:32 - 电脑已重新启动ComboFix-quarantined-files.txt 2013-07-04 14:46ComboFix2.txt 2013-07-02 14:44.Pre-Run: 610,311,335,936 bytes freePost-Run: 608,691,372,032 bytes free.- - End Of File - - 618096A74D4F89F234B7BB3187200CEFD41D8CD98F00B204E9800998ECF8427E
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.