xchclow

Thank you!! I think I've uninstalled combofix because I couldn't find it back anymore. My Malwarebytes' expired already (so I don't have real time protection now). Do I need to update Malwarebytes' manually EVERYDAY? And perform quick scan everyday too? It's not appear in my notifications bar anymore. Is Malwarebytes' still able to protect my computer?

Hi elise. I've uninstalled Java kit 6 (omg, I really have older version of Java in my computer)and replaced with Java kit 7 now. I already scanned my computer using ESET OnlineScan, but there's no threat found in my computer. Only FINISHED button left after scan completed. So, I can't List and threats, and can't found any Export button too.

Hello elise! My computer looks fine now! I can connect to all webpages and even play Facebook games already! No problem with any browsers. Thank you so much!!!

Hi. I reset my router by pressing the reset button already. But I still couldn't connect to Facebook..

Hi, now I couldnt connect Facebook, Twitter and Youtube by all browsers..

Hi again. I restart my computer, this is the changes: Google Chrome: Cannot open Facebook at first and then now can(even can run Facebook games now). yes Twitter, yes Youtube. IE: Cannot for all Facebook, Twitter and Youtube. Firefox: Yes Facebook, yes Twitter, no Youtube.

Dear elise, Hi. I am unable to connect facebook right now. IE stated that, Internet Explorer cannot display the webpage. (So do Firefox) At the same time, I using Google Chrome to connect Facebook, it works fine. (For your information, sometimes I could connect Facebook, while sometimes couldn't) Besides, I cannot play Facebook games too. (It cannot connect to that page once I click the game) Google Chrome: Can open Facebook, no Twitter, no Youtube. Internet Explorer: Twitter only, no Facebook, no Youtube. Firefox: Twitter only, no Facebook, no Youtube. (same as IE)

Oops, it goes to this again: Oops! Google Chrome could not find www.facebook.com Try reloading: www.­facebook.­com Additional suggestions: Access a cached copy of www.­facebook.­com Search on Google:

Hi again. I still cannot connect to certain webpage that I used to visit. By the way, the description of I couldnt connect to those webpage had changed. It changed to: DNS Lookup failed. (Previously I couldn't run DDS due to DNS too?) I am using Google Chrome: The server at www.facebook.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.

Hi. Here is the combofix log. ComboFix 11-08-21.01 - User 8/2011 Mon 9:09.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4519 [GMT 8:00] 執行位置: c:\users\User\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\20110819153240_jianerma110822zanting15s.swf.tpp c:\favoritevideo\InvisibleFolder\20110819161639_jianeng110822zhu15s.swf.tpp c:\favoritevideo\InvisibleFolder\20110819161910_jianeng110822zanting15s.swf.tpp c:\favoritevideo\InvisibleFolder\20110820105015_taobao110822zanting.swf.tpp c:\favoritevideo\InvisibleFolder\20110820105756_taobao110822qipao.swf.tpp c:\favoritevideo\InvisibleFolder\20110820110008_taobao110822cha15s.swf.tpp c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll . . ((((((((((((((((((((((((( 2011-07-22 至 2011-08-22 的新的檔案 ))))))))))))))))))))))))))))))) . . 2011-08-22 01:17 . 2011-08-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira 2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira 2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee 2011-08-13 16:32 . 2011-08-22 01:17 -------- d-----w- C:\FavoriteVideo 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive 2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG 2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files 2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10 2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG 2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG 2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData 2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft 2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft 2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog 2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft 2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku 2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll 2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp 2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo! 2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software 2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft 2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro 2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll 2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll 2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll 2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll 2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia 2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD 2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-22 01:05 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-08-22 01:05 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys 2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll 2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp 2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll 2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX 2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe 2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe 2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-21_10.55.56 ))))))))))))))))))))))))))))))))))))))))) . + 2011-02-21 01:53 . 2011-08-22 01:06 65930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-08-21 10:57 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-08-22 01:06 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-21 01:32 . 2011-08-22 01:06 14336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060712862-2128723342-4021548419-1000_UserData.bin + 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-22 05:18 . 2011-08-22 01:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-02-22 05:18 . 2011-08-21 10:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2011-08-21 10:53 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-08-22 01:17 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-22 13:37 . 2011-08-21 16:47 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-02-22 13:37 . 2011-08-07 09:35 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}] c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}] c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-22 30528] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360] S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104] S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] DoctorService REG_MULTI_SZ XLDoctor Service . ‘計劃任務’ 文件夾 裡的內容 . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . 2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.155.com/?id=104295 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: facebook.com Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*] "hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a, 6f,62,00,84 "gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d, 6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\ "iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69, 63,70,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ 其他運行進程 ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe . ************************************************************************** . 完成時間: 2011-08-22 09:24:59 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2011-08-22 01:24 ComboFix2.txt 2011-08-21 11:01 . Pre-Run: 118,865,944,576 bytes free Post-Run: 118,772,756,480 bytes free . - - End Of File - - 5BCF388512EE2A652F50E50F300AB25E

No. I din do the system restore. Sorry for the inconvenience..

I am very sorry Elise! I think it is not caused by Combofix. I'm very sorry!

Thank you elize. Can you kindly tell me what to do next in order to remove the malware?

Hi. After run COMBOFIX, I noticed that my Photoshop needs serial number to run it. I think I maybe going to restore my computer to previous point because I need a lot of Adobe softwares. Can we have different solution to fix my computer problem (remove malwares)? I forgot my serial number already. I still have my AUTOCAD exactly....

Here is the C:\Combofix.txt Is it the same as i posted above? ComboFix 11-08-21.01 - User 8/2011 Sun 18:46:03.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4386 [GMT 8:00] 執行位置: c:\users\User\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功創造新還原點 . . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf c:\favoritevideo\InvisibleFolder\20110801123635_guangqichuanqi110801zhu15s3.swf c:\favoritevideo\InvisibleFolder\20110801123818_guangqichuanqi110801zanting15s.swf c:\favoritevideo\InvisibleFolder\20110801124028_guangqichuanqi11081cha15s.swf c:\favoritevideo\InvisibleFolder\20110801185425_newbalance110801zhu15s.swf c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg c:\favoritevideo\InvisibleFolder\20110804143802_shasha110804zhu15s.swf c:\favoritevideo\InvisibleFolder\20110804143934_shasha110804cha15s.swf c:\favoritevideo\InvisibleFolder\20110804144043_shasha110804zanting.swf c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf c:\favoritevideo\InvisibleFolder\20110811182334_ludingji110812zanting.swf c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812114240_kelingklei110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812114622_kelingklei110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf c:\favoritevideo\InvisibleFolder\20110812131909_taobao110815qipao.swf c:\favoritevideo\InvisibleFolder\20110812132155_taobao110815zanting.swf c:\favoritevideo\InvisibleFolder\20110812132502_taobao110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110812161119_qijishijie110814zanting.jpg c:\favoritevideo\InvisibleFolder\20110812161335_qijishijie110814qipao.swf c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812164719_zhengtu2110814qipao.swf c:\favoritevideo\InvisibleFolder\20110812165402_zhengtu2110814zanting.swf c:\favoritevideo\InvisibleFolder\20110812175654_paipaiwang110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812175859_paipaiwang110815zanting.swf c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812195519_yitiantulong110814zanting.swf c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110813224859_baojun110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110814093631_shenmozhetian110814zhu15s.swf c:\favoritevideo\InvisibleFolder\20110814093818_shenmozhetian110814zanting15s.swf c:\favoritevideo\InvisibleFolder\20110814094956_shenmozhetian110814cha15s.swf c:\favoritevideo\InvisibleFolder\20110815092802_yougouwang110815zanting.swf c:\favoritevideo\InvisibleFolder\20110815093313_yougouwang110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110815135603_aiyaya110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815135947_zhongsheng110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140135_bishengyuan110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140531_panpan110815jiaobiao1.swf c:\favoritevideo\InvisibleFolder\20110815140632_kefaang110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140813_hanmei110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140855_panpan110815jiaobiao2.swf c:\favoritevideo\InvisibleFolder\20110815141015_panpan110815jiaobiao3.swf c:\favoritevideo\InvisibleFolder\20110815141052_ruizhou110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815141129_panpan110815jiaobiao4.swf c:\favoritevideo\InvisibleFolder\20110815141241_panpan110815jiaobiao5.swf c:\favoritevideo\InvisibleFolder\20110815141244_didou110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815141400_panpan110815jiaobiao6.swf c:\favoritevideo\InvisibleFolder\20110815141528_panpan110815jiaobiao7.swf c:\favoritevideo\InvisibleFolder\20110815141643_panpan110815jiaobiao8.swf c:\favoritevideo\InvisibleFolder\20110815141649_bishengyuan110815jiaobao.swf c:\favoritevideo\InvisibleFolder\20110815193655_aodili110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110815223356_baojun110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110816092049_qixiong110816zanting.swf c:\favoritevideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110816130435_panpan110816jiaobiao1.swf c:\favoritevideo\InvisibleFolder\20110816130634_panpan110816jiaobiao2.swf c:\favoritevideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110816160943_lvsezhengtu110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816163807_taobao110818zanting.swf c:\favoritevideo\InvisibleFolder\20110816164011_taobao110818qipao.swf c:\favoritevideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110816171330_yingxiongwudi110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816173522_maibaobao110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110816181632_baojun110816zanting15s.swf c:\favoritevideo\InvisibleFolder\20110816182446_yitiantulong110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816182600_yitiantulong110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817093542_furenguo110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817093713_furenguo110817zanting15s.swf c:\favoritevideo\InvisibleFolder\20110817100238_furenguo110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf c:\favoritevideo\InvisibleFolder\20110817131256_yingxiongwudi110817zantingnew.swf c:\favoritevideo\InvisibleFolder\20110817161308_1haodian110817zanting.swf c:\favoritevideo\InvisibleFolder\20110817162100_1haodian110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817162445_chuanqi110817zanting15s.swf c:\favoritevideo\InvisibleFolder\20110817162636_chuanqi110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817162811_1haodian110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110817163335_chuanqi110817zhu15sa.swf c:\favoritevideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf c:\favoritevideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf c:\favoritevideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf c:\favoritevideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf c:\favoritevideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf c:\favoritevideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf c:\favoritevideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf c:\favoritevideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf c:\favoritevideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf c:\favoritevideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf c:\favoritevideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf c:\favoritevideo\InvisibleFolder\oplayer.ocx c:\favoritevideo\InvisibleFolder\peer.dll c:\favoritevideo\InvisibleFolder\pplss2.swf c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll c:\windows\SysWow64\User c:\windows\SysWow64\User\User.dat c:\windows\SysWow64\User\User.sav c:\windows\SysWow64\User\users\controller_settings.bin c:\windows\SysWow64\User\users\graphics_settings.bin c:\windows\SysWow64\User\vuid c:\windows\SysWow64\User\wins\and_it_continues c:\windows\SysWow64\User\wins\father_forgive_me c:\windows\SysWow64\User\wins\getting_started c:\windows\SysWow64\User\wins\making_a_name c:\windows\SysWow64\User\wins\revenge_is_sweet c:\windows\SysWow64\User\wins\scars_from_the_past c:\windows\SysWow64\User\wins\the_meating c:\windows\SysWow64\User\wins\the_wrong_guy . . ((((((((((((((((((((((((( 2011-07-21 至 2011-08-21 的新的檔案 ))))))))))))))))))))))))))))))) . . 2011-08-21 10:53 . 2011-08-21 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira 2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira 2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee 2011-08-13 16:32 . 2011-08-21 10:53 -------- d-----w- C:\FavoriteVideo 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive 2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG 2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files 2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10 2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG 2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG 2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData 2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft 2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft 2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog 2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft 2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku 2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll 2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp 2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo! 2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software 2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft 2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro 2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll 2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll 2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll 2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll 2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia 2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD 2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer 2011-07-22 12:46 . 2011-07-22 12:46 -------- d-----w- c:\users\User\AppData\Roaming\World-Loom . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 10:56 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-08-21 10:56 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys 2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll 2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp 2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll 2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX 2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe 2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe 2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360] S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104] S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x] S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-21 30528] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] DoctorService REG_MULTI_SZ XLDoctor Service . ‘計劃任務’ 文件夾 裡的內容 . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.155.com/?id=104295 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: facebook.com Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . BHO-{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll BHO-{B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*] "hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a, 6f,62,00,84 "gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d, 6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\ "iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69, 63,70,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ 其他運行進程 ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\GIGABYTE\ET6\GUI.exe c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe . ************************************************************************** . 完成時間: 2011-08-21 19:01:56 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2011-08-21 11:01 . Pre-Run: 119,272,247,296 bytes free Post-Run: 118,869,110,784 bytes free . - - End Of File - - 31E3E3F8001E55947876B04180C7B626 By the way, I let it scan and away from my computer. After awhile, the log already produced, I aint sure there was installation of Microsoft Windows Recovery Console or not.

Sorry, it produced some chinese font, does it matter? If yes, I change the display language (system locale of mine is traditional chinese) later. Here is the LOG produced: ComboFix 11-08-21.01 - User 8/2011 Sun 18:46:03.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4386 [GMT 8:00] 執行位置: c:\users\User\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功創造新還原點 . . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\favoritevideo\InvisibleFolder c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf c:\favoritevideo\InvisibleFolder\20110801123635_guangqichuanqi110801zhu15s3.swf c:\favoritevideo\InvisibleFolder\20110801123818_guangqichuanqi110801zanting15s.swf c:\favoritevideo\InvisibleFolder\20110801124028_guangqichuanqi11081cha15s.swf c:\favoritevideo\InvisibleFolder\20110801185425_newbalance110801zhu15s.swf c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg c:\favoritevideo\InvisibleFolder\20110804143802_shasha110804zhu15s.swf c:\favoritevideo\InvisibleFolder\20110804143934_shasha110804cha15s.swf c:\favoritevideo\InvisibleFolder\20110804144043_shasha110804zanting.swf c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf c:\favoritevideo\InvisibleFolder\20110811182334_ludingji110812zanting.swf c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812114240_kelingklei110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812114622_kelingklei110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf c:\favoritevideo\InvisibleFolder\20110812131909_taobao110815qipao.swf c:\favoritevideo\InvisibleFolder\20110812132155_taobao110815zanting.swf c:\favoritevideo\InvisibleFolder\20110812132502_taobao110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110812161119_qijishijie110814zanting.jpg c:\favoritevideo\InvisibleFolder\20110812161335_qijishijie110814qipao.swf c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812164719_zhengtu2110814qipao.swf c:\favoritevideo\InvisibleFolder\20110812165402_zhengtu2110814zanting.swf c:\favoritevideo\InvisibleFolder\20110812175654_paipaiwang110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812175859_paipaiwang110815zanting.swf c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110812195519_yitiantulong110814zanting.swf c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf c:\favoritevideo\InvisibleFolder\20110813224859_baojun110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110814093631_shenmozhetian110814zhu15s.swf c:\favoritevideo\InvisibleFolder\20110814093818_shenmozhetian110814zanting15s.swf c:\favoritevideo\InvisibleFolder\20110814094956_shenmozhetian110814cha15s.swf c:\favoritevideo\InvisibleFolder\20110815092802_yougouwang110815zanting.swf c:\favoritevideo\InvisibleFolder\20110815093313_yougouwang110815cha15s.swf c:\favoritevideo\InvisibleFolder\20110815135603_aiyaya110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815135947_zhongsheng110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140135_bishengyuan110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140531_panpan110815jiaobiao1.swf c:\favoritevideo\InvisibleFolder\20110815140632_kefaang110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140813_hanmei110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815140855_panpan110815jiaobiao2.swf c:\favoritevideo\InvisibleFolder\20110815141015_panpan110815jiaobiao3.swf c:\favoritevideo\InvisibleFolder\20110815141052_ruizhou110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815141129_panpan110815jiaobiao4.swf c:\favoritevideo\InvisibleFolder\20110815141241_panpan110815jiaobiao5.swf c:\favoritevideo\InvisibleFolder\20110815141244_didou110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110815141400_panpan110815jiaobiao6.swf c:\favoritevideo\InvisibleFolder\20110815141528_panpan110815jiaobiao7.swf c:\favoritevideo\InvisibleFolder\20110815141643_panpan110815jiaobiao8.swf c:\favoritevideo\InvisibleFolder\20110815141649_bishengyuan110815jiaobao.swf c:\favoritevideo\InvisibleFolder\20110815193655_aodili110815zhu15s.swf c:\favoritevideo\InvisibleFolder\20110815223356_baojun110815zanting15s.swf c:\favoritevideo\InvisibleFolder\20110816092049_qixiong110816zanting.swf c:\favoritevideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110816130435_panpan110816jiaobiao1.swf c:\favoritevideo\InvisibleFolder\20110816130634_panpan110816jiaobiao2.swf c:\favoritevideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110816160943_lvsezhengtu110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816163807_taobao110818zanting.swf c:\favoritevideo\InvisibleFolder\20110816164011_taobao110818qipao.swf c:\favoritevideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110816171330_yingxiongwudi110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816173522_maibaobao110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110816181632_baojun110816zanting15s.swf c:\favoritevideo\InvisibleFolder\20110816182446_yitiantulong110817zanting.swf c:\favoritevideo\InvisibleFolder\20110816182600_yitiantulong110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817093542_furenguo110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817093713_furenguo110817zanting15s.swf c:\favoritevideo\InvisibleFolder\20110817100238_furenguo110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf c:\favoritevideo\InvisibleFolder\20110817131256_yingxiongwudi110817zantingnew.swf c:\favoritevideo\InvisibleFolder\20110817161308_1haodian110817zanting.swf c:\favoritevideo\InvisibleFolder\20110817162100_1haodian110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817162445_chuanqi110817zanting15s.swf c:\favoritevideo\InvisibleFolder\20110817162636_chuanqi110817cha15s.swf c:\favoritevideo\InvisibleFolder\20110817162811_1haodian110817zhu15s.swf c:\favoritevideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110817163335_chuanqi110817zhu15sa.swf c:\favoritevideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf c:\favoritevideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf c:\favoritevideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf c:\favoritevideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf c:\favoritevideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf c:\favoritevideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf c:\favoritevideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf c:\favoritevideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf c:\favoritevideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf c:\favoritevideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf c:\favoritevideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf c:\favoritevideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf c:\favoritevideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf c:\favoritevideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf c:\favoritevideo\InvisibleFolder\oplayer.ocx c:\favoritevideo\InvisibleFolder\peer.dll c:\favoritevideo\InvisibleFolder\pplss2.swf c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll c:\windows\SysWow64\User c:\windows\SysWow64\User\User.dat c:\windows\SysWow64\User\User.sav c:\windows\SysWow64\User\users\controller_settings.bin c:\windows\SysWow64\User\users\graphics_settings.bin c:\windows\SysWow64\User\vuid c:\windows\SysWow64\User\wins\and_it_continues c:\windows\SysWow64\User\wins\father_forgive_me c:\windows\SysWow64\User\wins\getting_started c:\windows\SysWow64\User\wins\making_a_name c:\windows\SysWow64\User\wins\revenge_is_sweet c:\windows\SysWow64\User\wins\scars_from_the_past c:\windows\SysWow64\User\wins\the_meating c:\windows\SysWow64\User\wins\the_wrong_guy . . ((((((((((((((((((((((((( 2011-07-21 至 2011-08-21 的新的檔案 ))))))))))))))))))))))))))))))) . . 2011-08-21 10:53 . 2011-08-21 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira 2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira 2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira 2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee 2011-08-13 16:32 . 2011-08-21 10:53 -------- d-----w- C:\FavoriteVideo 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive 2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive 2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG 2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files 2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10 2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG 2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG 2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData 2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft 2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft 2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog 2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft 2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku 2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll 2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp 2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo 2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo! 2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll 2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll 2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll 2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll 2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll 2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software 2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft 2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro 2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll 2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll 2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll 2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll 2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll 2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia 2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD 2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer 2011-07-22 12:46 . 2011-07-22 12:46 -------- d-----w- c:\users\User\AppData\Roaming\World-Loom . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-21 10:56 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys 2011-08-21 10:56 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys 2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll 2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp 2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp 2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll 2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX 2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe 2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe 2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] "PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856] "QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ SOGOUPY.IME . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360] S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104] S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112] S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016] S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984] S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x] S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-21 30528] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] DoctorService REG_MULTI_SZ XLDoctor Service . ‘計劃任務’ 文件夾 裡的內容 . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . 2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://www.155.com/?id=104295 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local Trusted Zone: facebook.com Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com TCP: DhcpNameServer = 219.139.81.6 168.95.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . BHO-{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll BHO-{B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*] "hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a, 6f,62,00,84 "gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d, 6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\ "iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69, 63,70,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ 其他運行進程 ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\GIGABYTE\ET6\GUI.exe c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe . ************************************************************************** . 完成時間: 2011-08-21 19:01:56 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2011-08-21 11:01 . Pre-Run: 119,272,247,296 bytes free Post-Run: 118,869,110,784 bytes free . - - End Of File - - 31E3E3F8001E55947876B04180C7B626

Extra.txt OTL Extras logfile created on: 21/8/2011 5:02:08 PM - Run 1 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy 5.98 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.33% Memory free 11.97 Gb Paging File | 9.82 Gb Available in Paging File | 82.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244.04 Gb Total Space | 103.59 Gb Free Space | 42.45% Space Free | Partition Type: NTFS Drive D: | 221.62 Gb Total Space | 106.49 Gb Free Space | 48.05% Space Free | Partition Type: NTFS Drive F: | 498.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft) Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft) Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java 6 Update 26 (64-bit) "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{420461EA-8522-0409-B836-C9BFC6137A6D}" = Autodesk 3ds Max Design 2010 64-bit Components "{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English "{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{625855ED-DB93-4927-8C48-4BAB4C2C41B9}_is1" = P1 4G Connection Manager "{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java SE Development Kit 6 Update 26 (64-bit) "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{94D463D0-2B13-4181-9512-B27004B1151A}" = Autodesk Revit Architecture 2011 x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C9E49EC1-F125-0409-A5D1-452B98A1530A}" = Autodesk 3ds Max Design 2010 64-bit "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AutoCAD 2010 - English" = AutoCAD 2010 - English "Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit "Autodesk Revit Architecture 2011 SP2" = Autodesk Revit Architecture 2011 x64 Update 2 "Autodesk Revit Architecture 2011 x64" = Autodesk Revit Architecture 2011 x64 "CCleaner" = CCleaner "Lexmark 1200 Series" = Lexmark 1200 Series "Lexmark Fax Solutions" = Lexmark Fax Solutions "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1159F14B-1E9F-417F-925E-E0242276FEBB}_is1" = Shank "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1 "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{7021CBFE-9C50-4BE0-A299-8F173E751302}" = Autodesk 3ds Max Design 2010 Tutorials Files "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO® "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007 "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007 "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran蓷is, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.166 "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C4F3587C-964E-466F-92BA-8F8DB9C509E9}_is1" = NBA 2K11 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C90ACAB5-D36E-406B-B59D-164694BE9B17}" = 仙劍奇俠傳四 "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "1489-3350-5074-6281" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "Autodesk Design Review 2011" = Autodesk Design Review 2011 "Autorun Eater_is1" = Autorun Eater v2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "Chicken Invaders 4" = Chicken Invaders 4 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Cooking Dash 3 - Thrills and Spills - Collectors Edition1.0.1.145" = Cooking Dash 3 - Thrills and Spills - Collectors Edition "CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1 "Dead Rising 2_is1" = Dead Rising 2 "Diner Dash 5 Boom Collector's Edition H33T" = Diner Dash 5 Boom Collector's Edition H33T "EA Download Manager" = EA Download Manager "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "Farm Frenzy 3: Madagascar" = Farm Frenzy 3: Madagascar "Fiddler2" = Fiddler2 "Fix-It-Up Eighties - Meet Kate's Parents" = Fix-It-Up Eighties - Meet Kate's Parents "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "GOM Player" = GOM Player "Google Chrome" = Google Chrome "GVOD_is1" = 捃畦GVOD畦溫 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{C90ACAB5-D36E-406B-B59D-164694BE9B17}" = 仙劍奇俠傳四 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.8.0 "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Picasa 3" = Picasa 3 "PPLive" = PPTV V3.0.4.0008 "PPSGame" = PPS蚔牁 V1.0.1.322 "PPStream" = PPStream V2.7.0.1226 Final "PRJPRO" = Microsoft Office Project Professional 2007 "QuicktimeAlt_is1" = QuickTime Alternative 3.2.2 "RealAlt_is1" = Real Alternative 2.0.2 "Soap Opera Dash1.0.1.128" = Soap Opera Dash "Sogou Input" = 搜狗拼音输入法 5.2正式版 "SpongeBob DinerDash 21.0" = SpongeBob DinerDash 2 "thunder_is1" = 捃濘7 "TTPlayer" = 千千静听 5.7正式版 "VISPRO" = Microsoft Office Visio Professional 2007 "V-Ray for SketchUp 1.48.89" = V-Ray for SketchUp "Wedding Dash 4-Ever1.0.1.174" = Wedding Dash 4-Ever "WinLiveSuite" = Windows Live Essentials "Wisdom-soft Set up ScreenHunter 5.1 Pro" = Wisdom-soft Set up ScreenHunter 5.1 Pro "Yahoo! Messenger" = Yahoo! Messenger "富甲天下5 中文完美破解版_is1" = 富甲天下5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13/8/2011 12:10:19 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: Reseting to Probing: 16 User-PC.local. AAAA FE80:0000:0000:0000:315D:AC49:41FC:AF2E Error - 13/8/2011 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: Received from 192.168.1.5:49152 4 user-PC.local. Addr 192.168.1.5 Error - 13/8/2011 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 User-PC.local. Addr 192.168.1.2 Error - 13/8/2011 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Local Hostname User-PC.local already in use; will try User-PC-2.local instead Error - 18/8/2011 10:02:13 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18/8/2011 10:02:13 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9984 Error - 18/8/2011 10:02:13 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9984 Error - 18/8/2011 9:53:27 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error - 18/8/2011 9:54:53 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL. System Error: The system cannot find the file specified. . Error - 20/8/2011 11:41:44 PM | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Faulting application name: QvodTerminal.exe, version: 3.5.0.65, time stamp: 0x4d81e605 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x00034388 Faulting process id: 0x55c Faulting application start time: 0x01cc5fb4360d9b01 Faulting application path: C:\QvodPlayer\QvodTerminal.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 7cfb93ac-cba7-11e0-8732-1c6f65a97709 [ Media Center Events ] Error - 6/5/2011 10:00:40 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 10:00:40 PM - Error connecting to the internet. 10:00:40 PM - Unable to contact server.. Error - 6/5/2011 10:00:51 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 10:00:45 PM - Error connecting to the internet. 10:00:45 PM - Unable to contact server.. Error - 9/5/2011 3:08:57 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 3:08:56 PM - Error connecting to the internet. 3:08:57 PM - Unable to contact server.. Error - 9/5/2011 3:09:06 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 3:09:02 PM - Error connecting to the internet. 3:09:02 PM - Unable to contact server.. Error - 9/5/2011 4:09:11 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 4:09:11 PM - Error connecting to the internet. 4:09:11 PM - Unable to contact server.. Error - 9/5/2011 4:09:17 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 4:09:16 PM - Error connecting to the internet. 4:09:16 PM - Unable to contact server.. Error - 9/5/2011 5:09:21 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 5:09:21 PM - Error connecting to the internet. 5:09:21 PM - Unable to contact server.. Error - 9/5/2011 5:09:27 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 5:09:26 PM - Error connecting to the internet. 5:09:26 PM - Unable to contact server.. Error - 9/5/2011 6:09:31 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 6:09:31 PM - Error connecting to the internet. 6:09:31 PM - Unable to contact server.. Error - 9/5/2011 6:09:37 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0 Description = 6:09:36 PM - Error connecting to the internet. 6:09:36 PM - Unable to contact server.. [ System Events ] Error - 20/8/2011 9:41:34 PM | Computer Name = User-PC | Source = sptd | ID = 262148 Description = Driver detected an internal error in its data structures for . Error - 20/8/2011 9:42:20 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: sptd Error - 20/8/2011 9:58:44 PM | Computer Name = User-PC | Source = sptd | ID = 262148 Description = Driver detected an internal error in its data structures for . Error - 20/8/2011 9:59:40 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: sptd Error - 20/8/2011 11:27:44 PM | Computer Name = User-PC | Source = sptd | ID = 262148 Description = Driver detected an internal error in its data structures for . Error - 20/8/2011 11:28:47 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: sptd Error - 21/8/2011 12:08:44 AM | Computer Name = User-PC | Source = sptd | ID = 262148 Description = Driver detected an internal error in its data structures for . Error - 21/8/2011 12:09:36 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: sptd Error - 21/8/2011 12:38:12 AM | Computer Name = User-PC | Source = sptd | ID = 262148 Description = Driver detected an internal error in its data structures for . Error - 21/8/2011 12:39:05 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: sptd < End of report >

OTL.txt OTL logfile created on: 21/8/2011 5:02:08 PM - Run 1 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy 5.98 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.33% Memory free 11.97 Gb Paging File | 9.82 Gb Available in Paging File | 82.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244.04 Gb Total Space | 103.59 Gb Free Space | 42.45% Space Free | Partition Type: NTFS Drive D: | 221.62 Gb Total Space | 106.49 Gb Free Space | 48.05% Space Free | Partition Type: NTFS Drive F: | 498.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/08/21 17:01:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2011/08/19 13:36:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/08/06 10:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2011/08/05 17:16:22 | 000,442,232 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/27 18:15:02 | 000,267,952 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\ProgramData\Thunder Network\Thunder\addins\InMediaAddin\ThunderMinisite.exe PRC - [2011/05/27 18:14:58 | 001,002,672 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe PRC - [2011/05/27 18:14:56 | 000,173,744 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\ThunderPlatform.exe PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/03/17 18:49:26 | 000,570,760 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\QvodPlayer\QvodTerminal.exe PRC - [2011/03/17 15:00:20 | 002,622,856 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\QvodPlayer\QvodPlayer.exe PRC - [2011/02/22 11:49:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010/10/08 10:24:12 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\P1\P1 4G\GPCommonService.exe PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/04/03 01:27:32 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe PRC - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe PRC - [2007/02/09 06:52:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2007/02/09 06:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe ========== Modules (No Company Name) ========== MOD - [2011/08/06 10:21:25 | 000,400,440 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll MOD - [2011/08/06 10:21:24 | 004,118,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\pdf.dll MOD - [2011/08/06 10:19:58 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\avutil-50.dll MOD - [2011/08/06 10:19:56 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\avformat-52.dll MOD - [2011/08/06 10:19:55 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\avcodec-52.dll MOD - [2011/08/06 08:29:30 | 006,338,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gcswf32.dll MOD - [2011/08/05 17:07:30 | 000,395,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\MngModule.dll MOD - [2011/08/02 15:11:10 | 000,243,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\TipsClient.dll MOD - [2011/08/02 15:11:10 | 000,143,720 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\kernel\FWUpnp.dll MOD - [2011/05/27 18:14:32 | 000,052,400 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\XLCrypto.dll MOD - [2011/05/27 18:14:18 | 000,015,336 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\dl_uac_tool.dll MOD - [2011/05/27 18:14:18 | 000,015,336 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\dl_uac_tool.dll MOD - [2011/05/27 18:13:30 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\sqlite3.dll MOD - [2011/05/27 18:13:30 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libpng13.dll MOD - [2011/05/27 18:13:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll MOD - [2011/05/27 18:13:30 | 000,143,360 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\libexpat.dll MOD - [2011/05/27 18:13:30 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\zlib1.dll MOD - [2011/05/27 18:13:30 | 000,059,904 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\zlib1.dll MOD - [2011/05/27 18:13:30 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\minizip.dll MOD - [2011/05/27 18:13:30 | 000,018,432 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\minizip.dll MOD - [2011/05/27 18:13:30 | 000,012,288 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\mini_unzip_dll.dll MOD - [2010/10/24 14:58:12 | 002,457,671 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll MOD - [2010/10/22 19:02:40 | 000,385,091 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll MOD - [2010/10/22 10:41:36 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll MOD - [2010/10/21 20:50:40 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll MOD - [2010/10/19 20:27:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll MOD - [2010/10/19 10:59:46 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll MOD - [2010/09/30 08:45:46 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll MOD - [2010/06/24 15:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll MOD - [2010/06/10 15:52:24 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll MOD - [2010/03/12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll MOD - [2010/03/12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll MOD - [2010/01/12 17:09:20 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll MOD - [2009/12/22 16:52:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll MOD - [2009/10/21 14:07:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2008/05/07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll MOD - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe MOD - [2003/02/14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/04/02 00:31:08 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2010/10/08 10:24:34 | 000,111,104 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\P1\P1 4G\GPCommonServicex64.exe -- (GPCommonService(64)) SRV:64bit: - [2010/10/08 10:24:12 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\P1\P1 4G\GPCommonService.exe -- (GPCommonService) SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64) SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV:64bit: - [2007/02/09 06:51:08 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2011/08/19 13:36:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/27 18:14:32 | 000,083,120 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Thunder Network\Thunder\Program\DctSer.dll -- (XLDoctor Service) SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/02/22 11:49:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/02/21 19:26:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/06/13 04:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service) SRV - [2007/02/09 06:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/08/19 13:36:45 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/08/19 13:36:45 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/05/06 12:32:26 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/12 07:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/09/03 13:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/07/27 09:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/07/27 09:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/07/05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU) DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/04/26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT) DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2011/08/21 12:39:13 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2011/08/21 12:39:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.155.com/?id=104295 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.6 FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.2.0 FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/04/25 19:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/04 18:49:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/05 20:32:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/15 00:08:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/06/09 10:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions [2011/04/10 08:57:41 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C} [2011/03/16 21:48:28 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\searchplugins\mywebsearch.xml [2011/08/06 13:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/03/28 22:03:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011/08/06 13:00:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011/07/04 18:49:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/08/06 12:59:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/05/09 19:05:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/06/08 14:51:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2011/02/21 19:25:18 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll (ShenZhen Xunlei Networking Technologies,LTD) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll (深圳市迅雷网络技术有限公司) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ѸÀ×ÏÂÔØÖúÊÖ) - {B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll (ShenZhen Xunlei Networking Technologies,LTD) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) O4 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc) O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation) O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: facebook.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: pps.tv ([]http in Trusted sites) O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: ppstream.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: webscache.com ([]http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 219.139.81.6 168.95.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/01 23:19:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2004/10/04 07:27:26 | 000,143,360 | R--- | M] () - F:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [2004/06/05 19:51:02 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{09c71d0c-5fe5-11e0-bea7-1c6f65a97709}\Shell - "" = AutoRun O33 - MountPoints2\{09c71d0c-5fe5-11e0-bea7-1c6f65a97709}\Shell\AutoRun\command - "" = F:\P14GSetup.exe O33 - MountPoints2\{0e74674b-5d49-11e0-87dd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0e74674b-5d49-11e0-87dd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\P14GSetup.exe O33 - MountPoints2\{9d2bf369-5f9a-11e0-8a0c-001ffb143984}\Shell - "" = AutoRun O33 - MountPoints2\{9d2bf369-5f9a-11e0-8a0c-001ffb143984}\Shell\AutoRun\command - "" = J:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/08/21 16:59:45 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2011/08/21 09:53:50 | 000,607,017 | ---- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr [2011/08/19 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira [2011/08/19 13:12:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/08/19 13:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/08/19 13:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/08/19 13:11:06 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/08/19 13:11:06 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/08/19 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/08/19 13:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011/08/19 09:54:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/08/19 09:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011/08/14 00:32:02 | 000,000,000 | ---D | C] -- C:\FavoriteVideo [2011/08/14 00:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPLive [2011/08/14 00:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Jlcm [2011/08/14 00:30:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PPLive [2011/08/14 00:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLive [2011/08/14 00:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PPLiveNetwork [2011/08/14 00:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PPLive [2011/08/12 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG [2011/08/12 16:40:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG10 [2011/08/12 16:04:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011/08/12 16:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2011/08/12 16:03:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2011/08/12 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2011/08/12 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2011/08/12 12:10:58 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/08/12 00:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft [2011/08/12 00:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Kingsoft [2011/08/12 00:52:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\nsklog [2011/08/12 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft [2011/08/12 00:33:30 | 000,153,632 | ---- | C] (youku.com) -- C:\Windows\SysWow64\ikutm.dll [2011/08/12 00:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\youku [2011/08/11 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2011/08/11 07:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/08/11 07:27:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Yahoo [2011/08/11 07:27:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo! [2011/08/10 17:10:53 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011/08/10 17:10:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/08/10 17:10:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/08/10 17:10:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011/08/10 17:10:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011/08/10 17:10:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011/08/10 17:10:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011/08/10 17:01:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011/08/10 17:01:19 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011/08/10 17:01:19 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011/08/10 17:01:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011/08/10 17:01:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011/08/10 17:01:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011/08/10 17:01:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011/08/10 17:01:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011/08/10 17:01:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011/08/10 17:01:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011/08/10 16:53:46 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011/08/10 16:53:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011/08/10 16:53:46 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011/08/10 16:53:45 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011/08/10 16:53:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011/08/10 16:53:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011/08/10 16:53:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011/08/10 16:53:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011/08/10 16:53:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011/08/10 16:53:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011/08/10 16:53:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011/08/10 16:53:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011/08/10 16:53:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011/08/10 16:53:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011/08/10 16:53:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011/08/10 16:53:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011/08/10 16:53:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011/08/10 16:53:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011/08/10 16:53:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011/08/10 16:53:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011/08/10 16:53:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011/08/10 16:53:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011/08/10 16:53:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011/08/10 16:53:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011/08/10 16:53:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011/08/10 16:53:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011/08/10 16:53:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011/08/10 16:53:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011/08/10 16:46:00 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011/08/10 16:45:59 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011/08/10 16:45:59 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011/08/06 22:28:09 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011/08/06 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sunbelt Software [2011/08/06 21:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011/08/06 13:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/08/06 13:00:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/08/06 13:00:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/08/06 13:00:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011/08/05 22:13:11 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011/08/05 20:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/08/05 09:34:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro [2011/08/05 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro [2011/08/05 09:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro [2011/08/01 09:10:14 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\NG AH TECK [2011/07/26 00:08:36 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\3dsMaxDesign [2011/07/25 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\3ds Max Design 2010 Tutorials [2011/07/25 23:27:18 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2011/07/25 23:27:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2011/07/25 23:27:18 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2011/07/25 23:27:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011/07/25 23:27:17 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2011/07/25 23:27:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011/07/24 02:42:14 | 000,000,000 | ---D | C] -- C:\GVODMedia [2011/07/24 02:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\捃畦GVOD畦溫 [2011/07/24 02:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\GVODPlayer [2011/07/24 02:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GVOD [2011/07/22 20:46:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\World-Loom [2011/02/26 16:28:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2011/02/26 16:28:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2011/02/26 16:28:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2011/02/26 16:28:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2011/02/26 16:28:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2011/02/26 16:28:50 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2011/02/26 16:28:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2011/02/26 16:28:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2011/02/26 16:28:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2011/02/26 16:28:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2011/02/26 16:28:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2011/02/26 16:28:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2011/02/26 16:28:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2011/02/26 16:28:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2011/02/26 16:28:48 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/21 17:01:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2011/08/21 16:15:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/08/21 15:15:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/08/21 12:46:11 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/21 12:46:11 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/21 12:39:13 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2011/08/21 12:39:13 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref [2011/08/21 12:39:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2011/08/21 12:38:49 | 004,303,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/08/21 12:38:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/08/21 12:38:20 | 523,833,343 | -HS- | M] () -- C:\hiberfil.sys [2011/08/21 12:24:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011/08/21 09:53:46 | 000,607,017 | ---- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr [2011/08/19 19:28:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\admovie.jpg [2011/08/19 13:36:45 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/08/19 13:36:45 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/08/19 13:28:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/08/19 13:11:15 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/08/19 10:30:48 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/08/17 21:58:39 | 001,209,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/08/17 21:58:39 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/08/17 21:58:39 | 000,380,576 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2011/08/17 21:58:39 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/08/17 21:58:39 | 000,099,980 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2011/08/15 15:01:20 | 005,153,452 | ---- | M] () -- C:\Users\User\Documents\HOME FEET.skp [2011/08/15 14:46:53 | 005,152,341 | ---- | M] () -- C:\Users\User\Documents\HOME FEET.skb [2011/08/15 14:03:17 | 000,026,337 | ---- | M] () -- C:\Users\User\Desktop\1b.jpg [2011/08/15 14:03:14 | 000,026,337 | ---- | M] () -- C:\Users\User\Desktop\1b2.jpg [2011/08/14 14:25:19 | 001,872,502 | ---- | M] () -- C:\Users\User\Documents\HOME.skp [2011/08/14 00:30:56 | 000,001,116 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk [2011/08/12 00:33:29 | 000,153,632 | ---- | M] (youku.com) -- C:\Windows\SysWow64\ikutm.dll [2011/08/11 18:02:47 | 001,245,184 | ---- | M] () -- C:\Users\User\Desktop\setup_11.0.0.1245.x01_2011_08_11_13_09.exe [2011/08/11 07:19:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2011/08/10 09:29:34 | 001,226,402 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/08/10 09:16:28 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/08/06 22:28:51 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2011/08/06 22:28:51 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2011/08/06 22:28:09 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011/08/06 12:59:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011/08/06 12:59:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011/08/06 12:59:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011/08/06 12:59:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011/08/05 09:44:07 | 000,000,055 | ---- | M] () -- C:\Windows\ScreenHunter.INI [2011/08/05 09:34:22 | 000,001,983 | ---- | M] () -- C:\Users\User\Desktop\ScreenHunter 5.1 Pro.lnk [2011/08/02 15:11:00 | 000,709,992 | ---- | M] () -- C:\Windows\SysWow64\kindling.dll [2011/07/25 23:29:20 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 64-bit.lnk [2011/07/25 11:19:03 | 001,879,623 | ---- | M] () -- C:\Users\User\Documents\HOME.skb [2011/07/24 09:01:07 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\cid_store.dat [2011/07/23 23:16:33 | 000,001,369 | ---- | M] () -- C:\Users\User\Desktop\metric handbook - Shortcut.lnk [2011/07/23 23:15:27 | 000,001,334 | ---- | M] () -- C:\Users\User\Desktop\neufert3th - Shortcut.lnk [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/08/19 19:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\admovie.jpg [2011/08/19 13:12:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/08/19 13:11:15 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011/08/15 14:03:14 | 000,026,337 | ---- | C] () -- C:\Users\User\Desktop\1b2.jpg [2011/08/15 14:00:34 | 000,026,337 | ---- | C] () -- C:\Users\User\Desktop\1b.jpg [2011/08/14 14:27:05 | 005,152,341 | ---- | C] () -- C:\Users\User\Documents\HOME FEET.skb [2011/08/14 14:26:01 | 005,153,452 | ---- | C] () -- C:\Users\User\Documents\HOME FEET.skp [2011/08/14 00:30:56 | 000,001,116 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk [2011/08/11 18:02:09 | 001,245,184 | ---- | C] () -- C:\Users\User\Desktop\setup_11.0.0.1245.x01_2011_08_11_13_09.exe [2011/08/10 09:30:14 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2011/08/06 22:28:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/08/06 22:28:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/08/05 09:43:56 | 000,000,055 | ---- | C] () -- C:\Windows\ScreenHunter.INI [2011/08/05 09:34:22 | 000,001,983 | ---- | C] () -- C:\Users\User\Desktop\ScreenHunter 5.1 Pro.lnk [2011/08/02 15:11:00 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll [2011/07/25 23:29:20 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 64-bit.lnk [2011/07/24 09:13:36 | 001,226,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/24 02:46:54 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\cid_store.dat [2011/07/23 23:00:02 | 001,879,623 | ---- | C] () -- C:\Users\User\Documents\HOME.skb [2011/07/23 22:50:37 | 001,872,502 | ---- | C] () -- C:\Users\User\Documents\HOME.skp [2011/07/09 17:44:50 | 000,000,031 | ---- | C] () -- C:\Windows\wininit.ini [2011/06/18 17:36:20 | 000,000,460 | ---- | C] () -- C:\Users\User\AppData\Roaming\Poladroid prefs.plist [2011/06/06 20:35:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\tg0157b.ini [2011/06/06 20:35:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\tg0157a.ini [2011/06/06 20:35:55 | 000,000,016 | ---- | C] () -- C:\Windows\tg0157c.ini [2011/06/06 20:35:55 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\22BSKDRK.dll [2011/06/06 15:22:51 | 001,741,886 | ---- | C] () -- C:\Windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe [2011/06/06 15:12:36 | 001,520,566 | ---- | C] () -- C:\Windows\Chicken Invaders 4 Uninstaller.exe [2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/04/03 02:42:06 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat [2011/03/28 22:17:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/03/16 10:00:19 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/06 15:38:44 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2011/02/26 16:45:36 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini [2011/02/26 16:28:53 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2011/02/26 16:28:52 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2011/02/23 09:51:35 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm [2011/02/22 11:49:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/02/22 11:49:29 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/02/21 20:20:20 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/02/21 20:20:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B076AA7B14.sys [2011/02/21 13:42:19 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2011/02/21 10:33:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011/02/21 10:33:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011/02/21 10:33:31 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/02/21 10:33:31 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/02/21 10:33:31 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011/02/21 09:46:24 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2011/02/21 09:37:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011/02/21 09:34:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009/08/27 15:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== Files - Unicode (All) ========== [2011/08/14 11:52:22 | 000,015,161 | ---- | M] ()(C:\Users\User\Documents\2002年度第94??班.docx) -- C:\Users\User\Documents\2002年度第94毕业班.docx [2011/08/14 11:49:19 | 000,015,161 | ---- | C] ()(C:\Users\User\Documents\2002年度第94??班.docx) -- C:\Users\User\Documents\2002年度第94毕业班.docx [2011/07/31 22:28:55 | 000,000,749 | ---- | M] ()(C:\Users\User\Desktop\第七?香妃城大???? - Shortcut.lnk) -- C:\Users\User\Desktop\第七届香妃城大专联谊会 - Shortcut.lnk [2011/07/27 00:02:54 | 000,000,749 | ---- | C] ()(C:\Users\User\Desktop\第七?香妃城大???? - Shortcut.lnk) -- C:\Users\User\Desktop\第七届香妃城大专联谊会 - Shortcut.lnk [2011/02/27 21:21:05 | 000,002,040 | ---- | M] ()(C:\Users\User\Desktop\千千?听.lnk) -- C:\Users\User\Desktop\千千静听.lnk [2011/02/27 21:21:05 | 000,002,040 | ---- | C] ()(C:\Users\User\Desktop\千千?听.lnk) -- C:\Users\User\Desktop\千千静听.lnk [2011/02/22 11:46:34 | 000,002,090 | ---- | M] ()(C:\Users\Public\Desktop\Need for Speed? Undercover.lnk) -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk [2011/02/22 11:46:34 | 000,002,090 | ---- | C] ()(C:\Users\Public\Desktop\Need for Speed? Undercover.lnk) -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件 (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音?入法) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法 (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\三?志 X) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\三国志 X ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report >

And hi again, I think I've to let you know this. I read the thread: I'm infected - What do I do now? before, so I downloaded DeFogger, disable it, but there's no response in my computer, so i re-enable it again..

Hi. I downloaded both DDS. When I run one of the DDS, it opened a notepad written: MZ ÿÿ ¸ @ Ø º ´ Í!¸LÍ!This program cannot be run in DOS mode. There're lots of unknown characters after that. I restart my computer, disable AVIRA by right click the icon and untick ENABLE, the umbrella is close now. And then I disconnect from internet, double click on the DDS icon, it still come out with notepad written the program cannot be run in DOS mode....

Can anyone help me please? I really need your help! Thank you!!

Hi there. I have this recurring popup every couple of minutes from MalwareBytes saying MalwareBytes has successfully blocked access to a potentially malicious website "219.139.81.6". type:outgoing port: 62274 process:svchost.exe and sometimes this: "process:mdnresponder.exe" The problem I facing now is, I couldn't connect to Facebook, Twitter and Youtube by using Google Chrome, Internet Explorer and Firefox. Sometimes I could log in to Facebook, but just for a couple minutes. In Google Chromes, it stated that Oops! Google Chrome could not connect to www.facebook.com Suggestions: Access a cached copy of www.­facebook.­com/­ Try reloading: www.­facebook.­com/­ Search on Google: BUT I can connect to other webpages. *********** By the way, this is my Malwarebytes' scan report: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7504 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 19/8/2011 4:52:50 PM mbam-log-2011-08-19 (16-52-50).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 568115 Time elapsed: 1 hour(s), 32 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ***** and this is my Avira antivirus scan log: Avira AntiVir Personal Report file date: Friday, 19 August, 2011 16:56 Scanning for 3268970 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 x64 Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : User Computer name : USER-PC Version information: BUILD.DAT : 10.2.0.700 35934 Bytes 2011/7/21 17:12:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 2011/8/19 05:36:45 AVSCAN.DLL : 10.0.5.0 47464 Bytes 2011/8/19 05:36:45 LUKE.DLL : 10.3.0.5 45416 Bytes 2011/8/19 05:36:45 LUKERES.DLL : 10.0.0.1 12648 Bytes 2010/2/10 16:40:49 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 2011/8/19 05:36:45 AVREG.DLL : 10.3.0.9 88833 Bytes 2011/8/19 05:36:45 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009/11/6 02:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010/12/14 23:53:55 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011/2/9 23:53:56 VBASE003.VDF : 7.11.5.225 1980416 Bytes 2011/4/7 03:30:38 VBASE004.VDF : 7.11.8.178 2354176 Bytes 2011/5/31 03:30:40 VBASE005.VDF : 7.11.10.251 1788416 Bytes 2011/7/7 03:30:41 VBASE006.VDF : 7.11.13.60 6411776 Bytes 2011/8/16 05:21:30 VBASE007.VDF : 7.11.13.61 2048 Bytes 2011/8/16 05:21:30 VBASE008.VDF : 7.11.13.62 2048 Bytes 2011/8/16 05:21:30 VBASE009.VDF : 7.11.13.63 2048 Bytes 2011/8/16 05:21:30 VBASE010.VDF : 7.11.13.64 2048 Bytes 2011/8/16 05:21:31 VBASE011.VDF : 7.11.13.65 2048 Bytes 2011/8/16 05:21:31 VBASE012.VDF : 7.11.13.66 2048 Bytes 2011/8/16 05:21:31 VBASE013.VDF : 7.11.13.95 166400 Bytes 2011/8/17 05:21:35 VBASE014.VDF : 7.11.13.125 209920 Bytes 2011/8/18 05:21:40 VBASE015.VDF : 7.11.13.126 2048 Bytes 2011/8/18 05:21:40 VBASE016.VDF : 7.11.13.127 2048 Bytes 2011/8/18 05:21:40 VBASE017.VDF : 7.11.13.128 2048 Bytes 2011/8/18 05:21:41 VBASE018.VDF : 7.11.13.129 2048 Bytes 2011/8/18 05:21:41 VBASE019.VDF : 7.11.13.130 2048 Bytes 2011/8/18 05:21:41 VBASE020.VDF : 7.11.13.131 2048 Bytes 2011/8/18 05:21:41 VBASE021.VDF : 7.11.13.132 2048 Bytes 2011/8/18 05:21:42 VBASE022.VDF : 7.11.13.133 2048 Bytes 2011/8/18 05:21:42 VBASE023.VDF : 7.11.13.134 2048 Bytes 2011/8/18 05:21:42 VBASE024.VDF : 7.11.13.135 2048 Bytes 2011/8/18 05:21:42 VBASE025.VDF : 7.11.13.136 2048 Bytes 2011/8/18 05:21:43 VBASE026.VDF : 7.11.13.137 2048 Bytes 2011/8/18 05:21:43 VBASE027.VDF : 7.11.13.138 2048 Bytes 2011/8/18 05:21:43 VBASE028.VDF : 7.11.13.139 2048 Bytes 2011/8/18 05:21:43 VBASE029.VDF : 7.11.13.140 2048 Bytes 2011/8/18 05:21:44 VBASE030.VDF : 7.11.13.141 2048 Bytes 2011/8/18 05:21:44 VBASE031.VDF : 7.11.13.144 2048 Bytes 2011/8/18 05:21:44 Engineversion : 8.2.6.32 AEVDF.DLL : 8.1.2.1 106868 Bytes 2011/4/20 23:53:28 AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 2011/8/19 05:22:46 AESCN.DLL : 8.1.7.2 127349 Bytes 2011/4/20 23:53:27 AESBX.DLL : 8.2.1.34 323957 Bytes 2011/7/20 03:29:54 AERDL.DLL : 8.1.9.13 639349 Bytes 2011/7/20 03:29:53 AEPACK.DLL : 8.2.9.5 676214 Bytes 2011/7/20 03:29:53 AEOFFICE.DLL : 8.1.2.13 201083 Bytes 2011/8/19 05:22:37 AEHEUR.DLL : 8.1.2.155 3617144 Bytes 2011/8/19 05:22:35 AEHELP.DLL : 8.1.17.7 254327 Bytes 2011/8/19 05:21:56 AEGEN.DLL : 8.1.5.7 401778 Bytes 2011/8/19 05:21:53 AEEMU.DLL : 8.1.3.0 393589 Bytes 2011/4/20 23:53:14 AECORE.DLL : 8.1.22.4 196983 Bytes 2011/7/20 03:29:42 AEBB.DLL : 8.1.1.0 53618 Bytes 2011/4/20 23:53:14 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2011/4/20 23:53:36 AVPREF.DLL : 10.0.3.2 44904 Bytes 2011/8/19 05:36:45 AVREP.DLL : 10.0.0.10 174120 Bytes 2011/8/19 05:36:45 AVARKT.DLL : 10.0.26.1 255336 Bytes 2011/8/19 05:36:45 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 2011/8/19 05:36:45 SQLITE3.DLL : 3.6.19.0 355688 Bytes 2011/7/20 08:40:24 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2011/4/20 23:53:36 NETNT.DLL : 10.0.0.0 11624 Bytes 2011/4/20 23:53:46 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 2011/8/19 05:36:45 RCTEXT.DLL : 10.0.64.0 97640 Bytes 2011/8/19 05:36:45 Configuration settings for the scan: Jobname.............................: Local Drives Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp Logging.............................: Default Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, F:, I:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: Advanced Start of the scan: Friday, 19 August, 2011 16:56 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'QvodTerminal.exe' - '1' Module(s) have been scanned Scan process 'QvodPlayer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'TFGui.exe' - '1' Module(s) have been scanned Scan process 'NASvc.exe' - '1' Module(s) have been scanned Scan process 'TFTray.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'NBAgent.exe' - '1' Module(s) have been scanned Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned Scan process 'PPAP.exe' - '1' Module(s) have been scanned Scan process 'PPSAP.exe' - '1' Module(s) have been scanned Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned Scan process 'LXCZbmgr.exe' - '1' Module(s) have been scanned Scan process 'GUI.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TFService.exe' - '1' Module(s) have been scanned Scan process 'nvSCPAPISvr.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'PassThruSvr.exe' - '1' Module(s) have been scanned Scan process 'raysat_3dsmax2010_64server.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'GPCommonService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'armsvc.exe' - '1' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '231' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'F:\' <SAN10GM> Begin scan in 'I:\' Search path I:\ could not be opened! System error [21]: The device is not ready. End of the scan: Friday, 19 August, 2011 18:46 Used time: 1:49:27 Hour(s) The scan has been done completely. 45498 Scanned directories 1506783 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1506783 Files not concerned 10168 Archives were scanned 0 Warnings 0 Notes I am panic! Please tell me what to do now in order to get your attention please... Thank you!

Avira scan report Avira AntiVir Personal Report file date: Friday, 19 August, 2011 16:56 Scanning for 3268970 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 x64 Windows version : (Service Pack 1) [6.1.7601] Boot mode : Normally booted Username : User Computer name : USER-PC Version information: BUILD.DAT : 10.2.0.700 35934 Bytes 2011/7/21 17:12:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 2011/8/19 05:36:45 AVSCAN.DLL : 10.0.5.0 47464 Bytes 2011/8/19 05:36:45 LUKE.DLL : 10.3.0.5 45416 Bytes 2011/8/19 05:36:45 LUKERES.DLL : 10.0.0.1 12648 Bytes 2010/2/10 16:40:49 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 2011/8/19 05:36:45 AVREG.DLL : 10.3.0.9 88833 Bytes 2011/8/19 05:36:45 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009/11/6 02:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010/12/14 23:53:55 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011/2/9 23:53:56 VBASE003.VDF : 7.11.5.225 1980416 Bytes 2011/4/7 03:30:38 VBASE004.VDF : 7.11.8.178 2354176 Bytes 2011/5/31 03:30:40 VBASE005.VDF : 7.11.10.251 1788416 Bytes 2011/7/7 03:30:41 VBASE006.VDF : 7.11.13.60 6411776 Bytes 2011/8/16 05:21:30 VBASE007.VDF : 7.11.13.61 2048 Bytes 2011/8/16 05:21:30 VBASE008.VDF : 7.11.13.62 2048 Bytes 2011/8/16 05:21:30 VBASE009.VDF : 7.11.13.63 2048 Bytes 2011/8/16 05:21:30 VBASE010.VDF : 7.11.13.64 2048 Bytes 2011/8/16 05:21:31 VBASE011.VDF : 7.11.13.65 2048 Bytes 2011/8/16 05:21:31 VBASE012.VDF : 7.11.13.66 2048 Bytes 2011/8/16 05:21:31 VBASE013.VDF : 7.11.13.95 166400 Bytes 2011/8/17 05:21:35 VBASE014.VDF : 7.11.13.125 209920 Bytes 2011/8/18 05:21:40 VBASE015.VDF : 7.11.13.126 2048 Bytes 2011/8/18 05:21:40 VBASE016.VDF : 7.11.13.127 2048 Bytes 2011/8/18 05:21:40 VBASE017.VDF : 7.11.13.128 2048 Bytes 2011/8/18 05:21:41 VBASE018.VDF : 7.11.13.129 2048 Bytes 2011/8/18 05:21:41 VBASE019.VDF : 7.11.13.130 2048 Bytes 2011/8/18 05:21:41 VBASE020.VDF : 7.11.13.131 2048 Bytes 2011/8/18 05:21:41 VBASE021.VDF : 7.11.13.132 2048 Bytes 2011/8/18 05:21:42 VBASE022.VDF : 7.11.13.133 2048 Bytes 2011/8/18 05:21:42 VBASE023.VDF : 7.11.13.134 2048 Bytes 2011/8/18 05:21:42 VBASE024.VDF : 7.11.13.135 2048 Bytes 2011/8/18 05:21:42 VBASE025.VDF : 7.11.13.136 2048 Bytes 2011/8/18 05:21:43 VBASE026.VDF : 7.11.13.137 2048 Bytes 2011/8/18 05:21:43 VBASE027.VDF : 7.11.13.138 2048 Bytes 2011/8/18 05:21:43 VBASE028.VDF : 7.11.13.139 2048 Bytes 2011/8/18 05:21:43 VBASE029.VDF : 7.11.13.140 2048 Bytes 2011/8/18 05:21:44 VBASE030.VDF : 7.11.13.141 2048 Bytes 2011/8/18 05:21:44 VBASE031.VDF : 7.11.13.144 2048 Bytes 2011/8/18 05:21:44 Engineversion : 8.2.6.32 AEVDF.DLL : 8.1.2.1 106868 Bytes 2011/4/20 23:53:28 AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 2011/8/19 05:22:46 AESCN.DLL : 8.1.7.2 127349 Bytes 2011/4/20 23:53:27 AESBX.DLL : 8.2.1.34 323957 Bytes 2011/7/20 03:29:54 AERDL.DLL : 8.1.9.13 639349 Bytes 2011/7/20 03:29:53 AEPACK.DLL : 8.2.9.5 676214 Bytes 2011/7/20 03:29:53 AEOFFICE.DLL : 8.1.2.13 201083 Bytes 2011/8/19 05:22:37 AEHEUR.DLL : 8.1.2.155 3617144 Bytes 2011/8/19 05:22:35 AEHELP.DLL : 8.1.17.7 254327 Bytes 2011/8/19 05:21:56 AEGEN.DLL : 8.1.5.7 401778 Bytes 2011/8/19 05:21:53 AEEMU.DLL : 8.1.3.0 393589 Bytes 2011/4/20 23:53:14 AECORE.DLL : 8.1.22.4 196983 Bytes 2011/7/20 03:29:42 AEBB.DLL : 8.1.1.0 53618 Bytes 2011/4/20 23:53:14 AVWINLL.DLL : 10.0.0.0 19304 Bytes 2011/4/20 23:53:36 AVPREF.DLL : 10.0.3.2 44904 Bytes 2011/8/19 05:36:45 AVREP.DLL : 10.0.0.10 174120 Bytes 2011/8/19 05:36:45 AVARKT.DLL : 10.0.26.1 255336 Bytes 2011/8/19 05:36:45 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 2011/8/19 05:36:45 SQLITE3.DLL : 3.6.19.0 355688 Bytes 2011/7/20 08:40:24 AVSMTP.DLL : 10.0.0.17 63848 Bytes 2011/4/20 23:53:36 NETNT.DLL : 10.0.0.0 11624 Bytes 2011/4/20 23:53:46 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 2011/8/19 05:36:45 RCTEXT.DLL : 10.0.64.0 97640 Bytes 2011/8/19 05:36:45 Configuration settings for the scan: Jobname.............................: Local Drives Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp Logging.............................: Default Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, F:, I:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: Advanced Start of the scan: Friday, 19 August, 2011 16:56 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'QvodTerminal.exe' - '1' Module(s) have been scanned Scan process 'QvodPlayer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'chrome.exe' - '1' Module(s) have been scanned Scan process 'TFGui.exe' - '1' Module(s) have been scanned Scan process 'NASvc.exe' - '1' Module(s) have been scanned Scan process 'TFTray.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'NBAgent.exe' - '1' Module(s) have been scanned Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned Scan process 'PPAP.exe' - '1' Module(s) have been scanned Scan process 'PPSAP.exe' - '1' Module(s) have been scanned Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned Scan process 'LXCZbmgr.exe' - '1' Module(s) have been scanned Scan process 'GUI.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TFService.exe' - '1' Module(s) have been scanned Scan process 'nvSCPAPISvr.exe' - '1' Module(s) have been scanned Scan process 'RichVideo.exe' - '1' Module(s) have been scanned Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'PassThruSvr.exe' - '1' Module(s) have been scanned Scan process 'raysat_3dsmax2010_64server.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'GPCommonService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'armsvc.exe' - '1' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '231' files ). Starting the file scan: Begin scan in 'C:\' Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: The device is not ready. Begin scan in 'F:\' <SAN10GM> Begin scan in 'I:\' Search path I:\ could not be opened! System error [21]: The device is not ready. End of the scan: Friday, 19 August, 2011 18:46 Used time: 1:49:27 Hour(s) The scan has been done completely. 45498 Scanned directories 1506783 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1506783 Files not concerned 10168 Archives were scanned 0 Warnings 0 Notes

Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7504 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 19/8/2011 4:52:50 PM mbam-log-2011-08-19 (16-52-50).txt Scan type: Full scan (C:\|D:\|F:\|) Objects scanned: 568115 Time elapsed: 1 hour(s), 32 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Hello! Can anyone please tell me what I should do now in order to take attention from you guys to solve my problem. I've installed Malwarebytes' antimalware, and avira antivirus too. HELLO! Need help please.......... Thank you sooo much!