Jump to content

My computer infected..need help..


Recommended Posts

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Roy Yip at 2:14:29 on 2012-08-16

Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.12771 [GMT -7:00]

.

AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: 個人防火牆 *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\BitComet\BitComet.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe

C:\Program Files\CyberLink\Shared files\RichVideo64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\PPS.tv\PPStream\PPSAP.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\BitComet\tools\BitCometService.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\BitComet\plugin_emule\plugin_eMule.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.charter.net/google/index.php?q=

uStart Page = hxxp://www.yahoo.com.hk/

uWindow Title = Powered by Charter Communications

uInternet Settings,ProxyOverride = local

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

mWinlogon: Userinit=userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Roy Yip\AppData\Roaming\Complitly\AutocompletePro.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll

BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - C:\Program Files (x86)\Tudou\?速Tudou\tudouDetector.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID 登入協助程式: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [bitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [PPS Accelerator] C:\PPS.tv\PPStream\ppsap.exe

uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe

mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

mRun: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [iME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [CtxfiReg] CTXFIREG.exe /FAIL1

StartupFolder: C:\Users\ROYYIP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\速土豆~1.LNK -

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIO-RE~1.LNK - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: 傳送至 OneNote(&N) - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206

LSP: mswsock.dll

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C} : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}\37471627771627 : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115

TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}\A4F686E67237 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B8BC4DE1-5F10-49D7-91BA-A70F9A1960B4} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

{02478D38-C3F9-4efb-9B51-7695ECA05670}

{0FB6A909-6086-458F-BD92-1F8EE10042A0}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}

{43BEAFD9-E005-483D-A367-146BA6C8A32E}

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9D425283-D487-4337-BAB6-AB8354A81457}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

{9D425283-D487-4337-BAB6-AB8354A81457}

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

TB-X64: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File

mRun-x64: [biosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe

mRun-x64: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"

mRun-x64: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [iME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

IE-X64: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}

IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}

IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE-X64: {92780B25-18CC-41C8-B9BE-3C9C571A8263}

IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-2-20 14136]

R1 BS_I2cIo;BS_I2cIo;\??\C:\Windows\system32\drivers\BS_I2c64.sys --> C:\Windows\system32\drivers\BS_I2c64.sys [?]

R1 BS_TPIO;BS_TPIO;\??\C:\Windows\system32\drivers\BS_TPIO64.sys --> C:\Windows\system32\drivers\BS_TPIO64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-8-31 131320]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-9 974944]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-6-13 386344]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]

R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]

R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-14 250056]

S3 BthAvrcp;Bluetooth AVRCP 組態檔;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\WN111x.sys --> C:\Windows\system32\DRIVERS\WN111x.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-15 21:29:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5D26C4F5-5E5C-4B72-B10B-A6F240D84A6C}

2012-08-15 21:29:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C49B059A-BAF3-41AD-838C-4D7971C2C11B}

2012-08-15 10:04:24 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-08-15 07:42:42 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-15 00:58:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C4A47706-2335-4471-9710-0753847B01CB}

2012-08-15 00:58:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4A27EC3B-2E2F-4BC0-858F-6E7571AB69A3}

2012-08-14 14:18:30 -------- d-----w- C:\Program Files\CPUID

2012-08-14 14:06:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-14 14:06:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-14 12:57:58 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7EAFAAB3-37CF-49BB-B510-BBAFB926ACBD}

2012-08-14 12:57:30 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F33E184B-C00A-4875-9CAB-7D7197DD62C4}

2012-08-14 05:53:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BF2D6CD0-83AA-46A6-9C0C-66309842971D}

2012-08-14 05:53:01 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{53C15148-8777-419E-A8D3-08647DDA1DEA}

2012-08-13 17:52:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5383E5EE-88AA-4D0D-864D-7A109AF2E69D}

2012-08-13 17:52:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{580633FE-07B6-4841-9D18-529FC6B6A7F4}

2012-08-13 05:51:37 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{12FC1627-06B6-4C4A-8C08-A4E9546F69F0}

2012-08-13 05:51:14 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{24C18583-5591-4F08-AF95-D24028FFC043}

2012-08-12 17:50:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4FB48938-E7F4-4F39-A448-F2A041A1F02C}

2012-08-12 17:50:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{211A0E65-9125-40B9-81D1-FF4F68D152A2}

2012-08-12 05:49:58 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{19EACD02-E456-41CF-B96C-811BB1DBBDF5}

2012-08-12 05:49:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3114121F-4A21-4368-AEA9-B67C8105F564}

2012-08-11 17:49:09 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{46DF1A1A-9B4E-4681-BDF9-738B987FD84D}

2012-08-11 17:48:47 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1A14E8CC-B835-4B80-A133-BBA51EFB1305}

2012-08-11 05:48:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{EE29170B-8606-48CF-9926-EFC984798AA6}

2012-08-11 05:47:59 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{26410040-5714-4C5B-86B7-A802FF2CB2D0}

2012-08-10 17:47:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5E19881C-8065-47AF-8B0F-3147ABA31138}

2012-08-10 17:47:12 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{320ECA2D-FB29-4252-9B96-F3377F1C788D}

2012-08-10 05:46:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D86488D1-47DC-4E59-9AA0-3FE52B3FABE1}

2012-08-10 05:46:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{CA0DFE5D-7F60-43F5-90EE-42EC7486DC1A}

2012-08-09 17:47:57 -------- d-----w- C:\Users\Roy Yip\AppData\Roaming\AnvSoft

2012-08-09 17:47:42 -------- d-----w- C:\Program Files (x86)\AnvSoft

2012-08-09 17:46:03 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6A4FA2EE-F8A2-44D4-891D-4756A76FF8AB}

2012-08-09 17:45:41 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{AD756DD4-7AFC-4B05-B980-F38C3A4DEB8E}

2012-08-09 05:45:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{15D45FC8-F6DC-4196-AB70-512D77539EF5}

2012-08-09 05:44:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A269BFEE-57F6-4269-AFDF-0A430673BF67}

2012-08-08 17:44:18 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A6C94227-D5B3-4BD5-A427-63648313CA94}

2012-08-08 17:43:56 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4C4041AA-ABB4-4B51-BC9C-DF420C34A27A}

2012-08-08 05:43:33 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B8102E89-BE15-4671-A263-347286D8A655}

2012-08-08 05:43:07 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6DC7EB9B-2BAE-4CF9-803A-F98D119E27CE}

2012-08-07 17:42:44 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B69473C5-54E4-4B0A-A0E2-2036816D061C}

2012-08-07 17:42:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B3276097-62A5-458C-9187-C5839BAE7C65}

2012-08-07 05:41:55 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6A1EA3BD-AECC-41DB-8BC6-B05D98064C65}

2012-08-07 05:41:43 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B35F87F6-1FFB-48AE-809D-572CBF197ED6}

2012-08-06 17:41:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{34AC9246-9773-45A0-BAFB-A3999F28D6CF}

2012-08-06 17:41:16 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{814BCCB6-CFD9-4DCC-B42A-E3F07CC21300}

2012-08-06 05:40:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{482494B0-E705-4609-B3ED-F93B07AB8570}

2012-08-06 05:40:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2804BC33-900A-49BA-BBEC-F014668D588F}

2012-08-05 17:40:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{24E514C4-1A8C-4F61-9EEC-BE763A1ECF14}

2012-08-05 17:39:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{611EE387-9777-47E3-8B65-0C1FB26A9911}

2012-08-05 05:39:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9AEF48F7-ADA8-44EB-8FA4-CE58C82CD304}

2012-08-05 05:38:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{79BDF927-A1DA-47F9-B3F6-F8EF0A07ACCC}

2012-08-04 17:38:33 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{696929C8-C2E0-408D-9F4C-DE90B77B0FFD}

2012-08-04 17:38:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D6AC97F9-A5E7-428F-AE59-4BC1B95B3FF5}

2012-08-04 05:37:48 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3E8E3C9F-4D2D-46B1-B3A1-4F259644D1DA}

2012-08-04 05:37:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A214482A-860D-4A06-8437-663F11A57B5D}

2012-08-03 17:36:50 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BCD290C9-9AFB-4F3E-9DDE-CCB5CF8E348C}

2012-08-03 17:36:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{EB935108-B16E-4FEF-A7F8-3EC0EC2427DC}

2012-08-03 05:36:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E2933D49-5F64-494A-962C-1169877C9BCC}

2012-08-03 05:35:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8E29FA66-D960-4A1C-983C-DDF2694D8CD3}

2012-08-02 17:35:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2A82CBA1-64BA-4BC1-B6A6-B0BEC808F496}

2012-08-02 17:34:56 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7DDF60BB-3401-416F-918D-81C5C0C7A0AF}

2012-08-02 07:40:55 16 ----a-w- C:\Windows\SysWow64\22AS6EJH.dll

2012-08-02 07:32:26 -------- d-----w- C:\Program Files (x86)\蜓樅毞狟5

2012-08-02 05:34:20 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F398C358-0CA3-4F9E-8A96-CE37D8AAC168}

2012-08-02 05:33:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{041500D4-9675-448F-863E-0DC5EAE31C8F}

2012-08-01 17:33:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1F7DD50A-71DF-4B38-918B-AB4BD2B28B7A}

2012-08-01 17:33:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2D52F759-7164-442B-B2E7-63F92CCC44DF}

2012-08-01 05:32:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6740FF7B-AE98-46BA-94EC-1184549B6D87}

2012-08-01 05:32:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4C8788E9-7913-4654-9110-517BB270DE8A}

2012-07-31 23:32:24 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll

2012-07-31 17:50:24 -------- d-----w- C:\Program Files\T-TIME

2012-07-31 17:31:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D54EE760-BDD9-4173-B4ED-111786DF56E7}

2012-07-31 17:31:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8A8770F0-CBA6-43E8-9B09-C3058DCD419E}

2012-07-31 05:30:52 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D51543CA-F39C-4DAF-AA55-62E4CE486436}

2012-07-31 05:30:30 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D293A778-7930-4435-A12D-DD820A46817B}

2012-07-30 17:30:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{372B8875-0C8A-4342-8E69-4082DD78A9C9}

2012-07-30 17:29:44 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{221A3F42-CC5F-4803-BC10-009149DCC753}

2012-07-30 10:28:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-30 10:28:04 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-30 05:29:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{78DBD22D-1789-4E5C-8629-34A5AD48B4BA}

2012-07-30 05:28:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{85A7A9A2-C6B6-4B15-AAC0-37B967D223D1}

2012-07-29 17:28:16 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{159B28E9-40B8-4E3D-980C-A1028B2C68D7}

2012-07-29 17:27:53 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{FD368396-22D8-433B-A101-DB914E0F4FA4}

2012-07-29 05:27:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{337544D9-2DC0-4292-8DC5-E427A13CD7DD}

2012-07-29 05:27:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C32A417E-BB2B-4EC9-90A2-5F60FAA62FEB}

2012-07-28 17:26:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6D265A40-49C3-4913-B258-30CDED8BB59A}

2012-07-28 17:26:20 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F7FE290C-8CDF-49B4-BCE6-F12A372E75CD}

2012-07-28 05:25:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9A47CB7C-0784-46BE-A9E7-E2BBA0B25A4B}

2012-07-28 05:25:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{023A6F4E-6699-4FB1-BFF7-E731F408D7C2}

2012-07-27 17:25:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{12DDA58D-A402-4ACF-9EE5-7526A8980E6A}

2012-07-27 17:24:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A75FDC00-1C9D-4B90-844C-C86E631735EF}

2012-07-27 05:24:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{755A5476-CC78-4FED-96A1-A8AC73D119C5}

2012-07-27 05:24:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D64988D1-197B-4D77-93F9-B2C97CA1D306}

2012-07-26 17:23:25 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E583F511-51AE-4C5E-B341-090BFD6AE47D}

2012-07-26 17:23:02 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5845E1E4-95C3-41FB-B306-60F0CB7C2330}

2012-07-26 05:22:37 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F9A93FAB-66D4-461E-A574-515AFFBDA885}

2012-07-26 05:22:14 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{80738819-E7C1-4D7A-99DD-2FD5854D4673}

2012-07-25 17:21:50 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{190ED281-1CDC-4C6E-8294-811F5C5CB255}

2012-07-25 17:21:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1CD56FC7-9B7D-42E5-AD3D-92E95F83A251}

2012-07-25 05:21:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BB45A82B-434A-46F0-B3DD-172A8150116D}

2012-07-25 05:20:41 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{184DD765-30C2-47F4-872B-06287893CE27}

2012-07-24 17:20:18 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{67094822-F382-4425-BB4C-35BEBCA9AB8D}

2012-07-24 17:19:55 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C2D73A27-53E8-4541-8737-6E0FDC877954}

2012-07-24 05:19:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4CBEBC53-FB5A-43A2-AAB2-582064BA4ABF}

2012-07-24 05:19:00 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{834EBA7D-E67C-4C05-816A-43AEDBC1E554}

2012-07-21 10:42:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{72FE733B-778E-44EF-AA57-3959A11B2AE9}

2012-07-21 10:42:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{40EA613D-3742-4C8E-8562-0B4E2E4767CC}

2012-07-20 22:42:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E70BA3C6-328C-4571-B6BF-60EE46281BB2}

2012-07-20 22:41:43 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{14EBBD78-BB2C-46DD-B97A-5D898A0B689F}

2012-07-20 22:41:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{88BC58A3-63E6-4515-999E-A7D91135301F}

2012-07-20 22:41:00 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BDBC1621-3CF6-46AF-8BFE-0026F617D53A}

2012-07-20 10:40:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7CC7F2D0-37F4-4746-A538-0A840DA5AE79}

2012-07-20 10:40:01 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F1C6E5A7-184E-4C89-931B-859B6C4258B4}

2012-07-19 22:39:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{32CE78B5-D7DA-469D-B870-278C28C4E119}

2012-07-19 22:39:03 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{712021A6-32E9-499E-B5A9-192E5724C63B}

2012-07-19 10:38:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E49ABA4A-0BF6-462E-9E0F-1FE391CFE7C1}

2012-07-19 10:38:07 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BF57964D-506F-4BAC-876D-1453CADC2958}

2012-07-18 22:37:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C5BCB3FF-6DC9-422D-8FDD-D5EBF440CB42}

2012-07-18 22:37:12 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7E3D655E-D576-4CBE-B231-1230F3419C13}

2012-07-18 10:36:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6B31D44D-5632-40CF-8DDC-0FB9F3B9FDA1}

2012-07-18 10:36:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5F003752-80A8-4C86-8365-BE58E26E7538}

2012-07-17 22:35:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BBC91CEA-2852-4AA1-B84E-0FD11C805B9F}

2012-07-17 22:35:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{91CBE701-6384-4DC4-8A31-4689DB704DA6}

2012-07-17 10:35:00 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1619E885-E8D1-48D3-81F3-283B8E377E39}

2012-07-17 10:34:38 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{208AEAD1-C911-44C8-8818-F209288B2C40}

.

==================== Find3M ====================

.

2012-08-04 10:48:56 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-02 12:02:28 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll

2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-06-07 03:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-22 12:21:37 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-22 12:21:37 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 2:14:50.14 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 旗艦版

Boot Device: \Device\HarddiskVolume1

Install Date: 20/2/2011 2:18:13 AM

System Uptime: 16/8/2012 1:54:32 AM (1 hours ago)

.

Motherboard: BIOSTAR Group | | TA890FXE

Processor: AMD Phenom™ II X6 1055T Processor | CPU 1 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 235 GiB total, 59.618 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 699 GiB total, 499.199 GiB free.

F: is FIXED (NTFS) - 466 GiB total, 6.164 GiB free.

G: is FIXED (NTFS) - 1863 GiB total, 4.563 GiB free.

H: is FIXED (NTFS) - 466 GiB total, 0.052 GiB free.

I: is FIXED (NTFS) - 466 GiB total, 317.487 GiB free.

J: is FIXED (NTFS) - 75 GiB total, 24.419 GiB free.

K: is FIXED (NTFS) - 466 GiB total, 0.271 GiB free.

L: is FIXED (NTFS) - 932 GiB total, 0.247 GiB free.

M: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP270: 12/7/2012 3:01:08 AM - Windows Update

RP271: 20/7/2012 1:00:16 AM - 排定的檢查點

RP274: 3/8/2012 4:59:57 PM - 排定的檢查點

RP275: 11/8/2012 12:11:52 AM - Removed Adobe Reader X (10.1.3) - Chinese Traditional.

RP276: 11/8/2012 3:07:21 AM - Removed NVIDIA PhysX

RP277: 14/8/2012 4:04:03 AM - 已移除 RAIDXpert

RP278: 14/8/2012 5:17:37 AM - 已安裝 ITECIR

RP279: 14/8/2012 5:24:04 AM - Installed Realtek Ethernet Controller Driver For Windows Vista a刁09A

RP280: 14/8/2012 5:55:01 AM - 還原操作

RP281: 14/8/2012 7:08:17 AM - Installed Adobe Reader X (10.1.0) - Chinese Traditional.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

?速土豆 1.40.19.0

7-Zip 9.15 beta

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3) - Chinese Traditional

Advertising Center

All Video Fixer 8.9

Amazon Add to Wish List IE Extension 1.1

AMD USB Filter Driver

AMD VISION Engine Control Center

Antiphishing Domain Advisor

Any Video Converter 3.4.2

Apple Software Update

Apple 應用程式支援

Arena CAH Death Match

Battlefield 3? Open Beta

Battlelog Web Plugins

BFME1->BFME2 Map Pack BETA

BIO-Remote

BIOScreen

BiosNotice

BitComet(比特彗星) 1.29

CA Yahoo! Anti-Spy (remove only)

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Complitly

CyberLink PowerDirector 10

CyberPower PowerPanel Personal Edition 1.2.3

D3DX10

DAEMON Tools Lite

DolbyFiles

Ease Audio Converter 5.21

eHOT Line

erLT

ESN Sonar

Fraps

Free YouTube Downloader 3.3.115

GameRanger

HydraVision

ImagXpress

iTudou 2.7.2.1

Java Auto Updater

Java™ 6 Update 32

JDownloader

Junk Mail filter update

LightScribe System Software

Logitech Webcam 軟體

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Menu Templates - Starter Kit

Microsoft .NET Framework 1.1

Microsoft AppLocale

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# .NET Redistributable Package 1.1

MobTime Cell Phone Manager V6.6.5

Movie Templates - Starter Kit

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Need For Speed Most Wanted

Need For Speed Underground

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

NETGEAR WN121T wireless USB 2.0 adapter

NVIDIA PhysX

OpenAL

Origin

PPStream V2.7.0.1336 Final

PunkBuster Services

QuickTime

RAIDXpert

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Rise of the Witch King Unofficial Patch 2.02

Saints Row The Third

SAMSUNG Intelli-studio

Search Toolbar

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SmartSound Quicktracks 5

SpeedFan (remove only)

T-Utility Green Power Utility II

TeamViewer 7

The Lord of the Rings - Conquest?

Tom Clancy's Rainbow Six Vegas 2

TOVERCLOCKER

Tseries BIOS Update

U2.02 Chinese Language Pack

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Video Fixer 3.23

VLC media player 1.1.7

Watson

WinAVI Video Converter

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Live 程式集

Windows Live 影像中心

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Mail Advisor

Yahoo! Software Update

Yahoo! Toolbar

Zombie Driver 1.1.6b

中世?2全面??之王?游?完美?化版

流星蝴蝶劍

富甲天下四

童話

蜓樅毞狟5 楛极笢恅V1.03唳

跡宒馱釦 2.70

影音之星 5.3

適用遠端連線的 Windows Live Mesh ActiveX 控制項

魔戒中土戰爭II 巫王的崛起

.

==== End Of File ===========================

I also provide a picture , so anyone can help?

post-116678-0-23037500-1345110058.jpg

post-116678-0-12669200-1345110201.jpg

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.