Jump to content

Virus with torrent file, please help

justniice
 Share

Recommended Posts

justniice

justniice

Posted
Posted

Hello.

I think my computer has been infected with a codec virus that comes with a torrent file. I had downloaded the file from this website: http://magamovietorrents.blogspot.sg/2013/01/despicable-me-2-2013-english-dvdrip-ac3.html

and it contains one video file that is not working and the virus file, x264 video codec xp-win7.exe. I tried to install the codec file, hoping for a good video quality, but got a virus instead.  My antivirus program shows that a keylogger has been installed on my computer after a while when I tried to log onto facebook, and I have been searching for a solution since. My computer is now unable to connect to any network due to an apparent "The dependency service or group failed to start" and I am now typing from another computer. Please help me! I really need a good computer. Thank you very much in advance.

 

Can you please tell me whether this virus would transmit over thumbdrives? Else, I would not be able to move dds.exe over to that computer.

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Skip DDS.
 
Download the following on your clean machine and scan the sick one.
When staying in Recovery Environment, Your thumbdrive won´t be harmed so it is safe to transfer the scan log to the clean computer. :)
 
 
 
Scan with FRST


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt



  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.


It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

I have completed the steps. On selecting users, I found that I have 3 users in the computer while I had only setup 1. The new users are: HomeGroupUser$ and Updatus User.

 

Below is the logs I got:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by SYSTEM on 04-07-2013 19:17:25
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2012-11-05] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2012-11-05] (IDT, Inc.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO [121648 2011-09-15] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [360Safetray] "D:\360\360Safe\safemon\360Tray.exe" /start [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-14] (Apple Inc.)
HKLM-x32\...\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe [577400 2012-08-29] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-14] (LogMeIn Inc.)
HKLM-x32\...\Run: [systray] C:\Windows\syswow64\systray.exe [8192 2009-07-13] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Services (Whitelisted) =================
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [397176 2012-08-29] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2012-08-29] (BlueStack Systems, Inc.)
S2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-15] (Portrait Displays, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-03] (Malwarebytes Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
S3 wlcommsvc; C:\Program Files (x86)\MSN\Service\wlcommsvc.exe [202048 2013-01-09] (Just Orange)
S3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [92616 2013-01-20] (ShenZhen Xunlei Networking Technologies,LTD)
S2 360js; "D:\360\360jishi\360js.exe" /service [x]
S2 ZhuDongFangYu; "D:\360\360Safe\deepscan\zhudongfangyu.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [70336 2013-06-23] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [304312 2013-05-08] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40688 2012-05-22] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [225976 2013-05-14] (360.cn)
S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [61120 2013-04-03] (360.cn)
S3 AVerAVF2; C:\Windows\System32\DRIVERS\AVerAVF2.sys [1212416 2010-11-10] (AVerMedia TECHNOLOGIES, Inc.)
S1 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV64.SYS [190136 2013-05-06] (360.cn)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-29] (BlueStack Systems)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [74616 2012-08-29] (BlueStack Systems)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-24] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-23] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-18] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-11-18] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
S3 BAPIDRV64; \??\D:\360\360Safe\firstaid\Fix\BAPIDRV64.sys [x]
S3 BeepMbr; \??\D:\360\360Safe\firstaid\Fix\BeepMbr64.sys [x]
S2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-04 19:17 - 2013-07-04 19:17 - 00000000 ____D C:\FRST
2013-07-03 05:42 - 2013-07-03 05:42 - 00000120 ____A C:\Windows\wininit.ini
2013-07-03 04:29 - 2010-11-19 12:17 - 00176128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-03 04:09 - 2013-07-03 05:15 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360SuperKiller
2013-07-02 07:11 - 2013-07-02 07:11 - 00426416 ____A C:\Users\dou dou\Downloads\MC_Open_Launcher.jar
2013-07-02 07:11 - 2013-07-02 07:11 - 00000000 ____D C:\Users\dou dou\minecraft
2013-07-02 07:09 - 2013-07-02 07:09 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-02 07:09 - 2013-07-02 07:09 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Malwarebytes
2013-07-02 07:09 - 2013-07-02 07:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 07:09 - 2013-07-02 07:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:09 - 2013-04-03 22:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-02 07:08 - 2013-07-02 07:08 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\dou dou\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-02 06:44 - 2013-07-02 06:44 - 00029601 ____A C:\ComboFix.txt
2013-07-02 06:34 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-02 06:34 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-02 06:34 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-02 06:34 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-02 06:34 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-02 06:34 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-02 06:34 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-02 06:34 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-02 06:32 - 2013-07-02 06:45 - 00000000 ____D C:\Qoobox
2013-07-02 06:30 - 2013-07-02 06:42 - 00000000 ____D C:\Windows\erdnt
2013-07-02 06:30 - 2013-07-02 06:30 - 05085043 ____R (Swearware) C:\Users\dou dou\Downloads\ComboFix.exe
2013-07-02 05:38 - 2013-07-02 05:38 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-07-01 06:14 - 2013-07-01 06:14 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-01 06:13 - 2013-07-01 06:14 - 56534464 ____A (Microsoft Corporation) C:\Users\dou dou\Downloads\proofingtools_zh-cn-x64.exe
2013-07-01 05:46 - 2013-07-01 05:46 - 01506773 ____A C:\Users\dou dou\Downloads\Shi Wenyi 2P 22.cwp
2013-06-29 05:21 - 2013-06-29 05:21 - 01340928 ____A C:\Users\dou dou\Downloads\NiE_8Apr2013.ppt
2013-06-27 22:31 - 2013-06-27 22:31 - 00000207 ____A C:\Users\dou dou\Downloads\accs.txt
2013-06-26 19:31 - 2013-06-26 19:31 - 00001987 ____A C:\Users\UpdatusUser\Desktop\Cobalt.lnk
2013-06-26 19:31 - 2013-06-26 19:31 - 00000000 ____D C:\Program Files (x86)\Oxeye Games
2013-06-26 19:27 - 2013-06-26 19:30 - 256277155 ____A C:\Users\dou dou\Downloads\CobaltInstaller.exe
2013-06-24 05:04 - 2013-06-24 05:04 - 00766721 ____A C:\Users\dou dou\Downloads\Calamity by Moesh (v1.0).zip
2013-06-21 19:27 - 2013-06-21 19:28 - 12973435 ____A C:\Users\dou dou\Downloads\craftbukkit-1.5.2-R1.0.jar
2013-06-19 19:05 - 2013-06-19 19:05 - 00000000 ____D C:\Users\dou dou\Documents\Rockstar Games
2013-06-19 17:51 - 2013-06-19 17:51 - 00000000 ____D C:\Users\dou dou\AppData\Local\Rockstar Games
2013-06-18 17:19 - 2013-06-18 17:19 - 00000000 ____D C:\Program Files (x86)\Arab-GB
2013-06-17 04:15 - 2013-06-17 04:35 - 00000000 ____D C:\Program Files (x86)\GTA4
2013-06-17 02:09 - 2013-06-17 04:35 - 00000861 ____A C:\Users\UpdatusUser\Desktop\????4.lnk
2013-06-15 06:00 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 06:00 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 06:00 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 06:00 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 06:00 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 06:00 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 06:00 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 06:00 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 06:00 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 06:00 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 06:00 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 06:00 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 06:32 - 2013-06-13 06:34 - 00000000 ____D C:\Users\dou dou\Desktop\National Geographic and other Educational Books
2013-06-12 17:14 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:14 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:14 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:14 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:11 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:11 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 02:32 - 2013-07-03 05:11 - 00120044 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??08.????????]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg
2013-06-12 02:32 - 2013-07-02 06:18 - 3236171776 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??08.????????]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td
2013-06-11 17:33 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 17:30 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 17:30 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 17:28 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 17:28 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 17:28 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 17:28 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 17:28 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 17:27 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 17:27 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 17:27 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 17:27 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 17:27 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 17:23 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-11 17:23 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-11 17:23 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-11 17:23 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-11 17:23 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-11 17:23 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-11 17:23 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 17:23 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 17:23 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 17:23 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-11 17:23 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-11 17:23 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-11 17:23 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-11 17:23 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 17:22 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-11 17:22 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-11 17:22 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-11 17:22 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 17:22 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 00:44 - 2013-06-11 00:44 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??08.????????]The.Complete.National.Geographic.Secrets.Of.Titanic.cue
2013-06-11 00:12 - 2013-06-11 00:12 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\poclbm
2013-06-10 20:55 - 2013-06-10 20:55 - 00000000 ____D C:\ProgramData\APN
2013-06-10 18:27 - 2013-06-10 18:27 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue
2013-06-10 18:27 - 2013-06-10 18:27 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue
2013-06-10 18:15 - 2013-06-10 18:15 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue
2013-06-10 06:33 - 2013-06-10 06:33 - 00001536 ____A C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat
2013-06-10 06:15 - 2013-06-10 06:15 - 00000891 ____A C:\Users\Public\Desktop\????.lnk
2013-06-10 06:15 - 2013-06-10 06:15 - 00000000 ____D C:\Program Files (x86)\Sketchpad5
2013-06-10 06:01 - 2013-06-10 06:01 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue
2013-06-10 03:23 - 2013-06-10 03:23 - 00000000 ____D C:\Users\dou dou\Documents\CompleteNatGeo
2013-06-10 03:23 - 2013-06-10 03:23 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
2013-06-10 02:17 - 2013-06-10 02:17 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??07.???]The.Complete.National.Geographic.Bonus.cue
2013-06-09 19:56 - 2013-06-09 19:56 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2013-06-09 17:02 - 2013-06-09 17:02 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue
2013-06-09 16:36 - 2013-07-03 05:11 - 01409748 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg
2013-06-09 16:36 - 2013-07-02 06:18 - 3824881664 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td
2013-06-09 16:34 - 2013-07-03 05:11 - 00106423 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??07.???]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg
2013-06-09 16:34 - 2013-07-02 06:18 - 2919178240 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??07.???]The.Complete.National.Geographic.Bonus.bin.emule.td
2013-06-09 04:50 - 2013-06-10 05:50 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue
2013-06-09 04:49 - 2013-06-09 04:49 - 00001241 ____A C:\Users\Public\Desktop\The Complete National Geographic.lnk
2013-06-09 04:49 - 2013-06-09 04:49 - 00000000 ____D C:\Program Files (x86)\National Geographic
2013-06-09 04:44 - 2013-07-02 06:28 - 00000000 ____D C:\Users\dou dou\Desktop\download
2013-06-09 04:44 - 2013-07-02 06:18 - 4086894592 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td
2013-06-09 04:40 - 2013-07-02 06:18 - 4085682176 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td
2013-06-09 04:39 - 2013-07-03 05:11 - 00781256 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg
2013-06-09 04:35 - 2013-07-02 06:18 - 4103639040 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td
2013-06-09 04:33 - 2013-07-03 05:11 - 01809193 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg
2013-06-09 04:32 - 2013-07-03 05:11 - 00726439 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg
2013-06-09 04:32 - 2013-07-03 05:11 - 00219230 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg
2013-06-09 04:32 - 2013-07-02 06:18 - 4113305600 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td
2013-06-09 04:28 - 2013-06-09 04:30 - 119554637 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??.????????1.59(???????????)]CNGViewer-1.59.air
2013-06-09 01:09 - 2013-06-12 04:32 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Bitcoin
2013-06-08 07:08 - 2013-06-08 07:09 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Armory
2013-06-07 00:34 - 2013-06-07 00:34 - 16590861 ____A C:\Users\dou dou\Downloads\Nail 1.4e.zip
2013-06-06 17:07 - 2013-06-06 17:07 - 00199825 ____A C:\Users\dou dou\Desktop\ModLoader.zip
2013-06-06 05:55 - 2013-06-06 05:55 - 00000404 ____A C:\Windows\Tasks\AllmyappsUpdateTask.job
2013-06-05 05:43 - 2013-03-02 04:29 - 00269389 ____A C:\Users\dou dou\Desktop\Minecraft AccountPassword List.txt
2013-06-05 05:41 - 2013-06-05 05:42 - 00000000 ____D C:\Users\dou dou\Desktop\acc check
 
==================== One Month Modified Files and Folders =======
 
2013-07-04 19:17 - 2013-07-04 19:17 - 00000000 ____D C:\FRST
2013-07-04 19:12 - 2012-06-17 19:41 - 00000000 ____D C:\ProgramData\Recovery
2013-07-04 03:07 - 2012-05-05 23:18 - 02015840 ____A C:\Windows\PFRO.log
2013-07-04 03:06 - 2012-05-05 23:18 - 00072965 ____A C:\Windows\setupact.log
2013-07-04 03:05 - 2012-03-25 00:05 - 00000861 ____A C:\Users\dou dou\Desktop\360????.lnk
2013-07-04 02:54 - 2012-03-24 22:54 - 01425413 ____A C:\Windows\WindowsUpdate.log
2013-07-04 02:26 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 02:26 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 02:19 - 2012-10-13 05:56 - 00000000 ____D C:\Users\dou dou\AppData\Local\LogMeIn Hamachi
2013-07-04 02:19 - 2012-05-28 06:41 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-07-03 06:35 - 2012-08-25 21:47 - 00000000 ____D C:\Users\dou dou\AppData\Local\Apps\2.0
2013-07-03 06:18 - 2013-01-22 06:06 - 00000000 ____D C:\Users\dou dou\Desktop\Stuff
2013-07-03 06:12 - 2012-03-25 00:06 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360safe
2013-07-03 05:42 - 2013-07-03 05:42 - 00000120 ____A C:\Windows\wininit.ini
2013-07-03 05:29 - 2012-09-13 03:46 - 00016384 __ASH C:\Users\dou dou\Thumbs.db
2013-07-03 05:15 - 2013-07-03 04:09 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360SuperKiller
2013-07-03 05:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-07-03 05:11 - 2013-06-12 02:32 - 00120044 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??08.????????]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg
2013-07-03 05:11 - 2013-06-09 16:36 - 01409748 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg
2013-07-03 05:11 - 2013-06-09 16:34 - 00106423 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??07.???]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg
2013-07-03 05:11 - 2013-06-09 04:39 - 00781256 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg
2013-07-03 05:11 - 2013-06-09 04:33 - 01809193 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg
2013-07-03 05:11 - 2013-06-09 04:32 - 00726439 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg
2013-07-03 05:11 - 2013-06-09 04:32 - 00219230 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg
2013-07-03 05:11 - 2013-05-30 02:47 - 00000825 ____A C:\Users\dou dou\Desktop\??7.lnk
2013-07-03 04:59 - 2013-02-07 05:17 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360DiagnoseScan
2013-07-03 04:57 - 2012-03-25 00:05 - 00000000 ____D C:\ProgramData\360safe
2013-07-03 04:24 - 2009-07-13 20:54 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2013-07-03 04:24 - 2009-07-13 20:54 - 00000174 ___SH C:\Users\Public\desktop.ini
2013-07-03 04:24 - 2009-07-13 20:54 - 00000174 ___SH C:\users\desktop.ini
2013-07-03 04:24 - 2009-07-13 20:54 - 00000174 ___SH C:\Program Files (x86)\desktop.ini
2013-07-03 04:24 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-03 04:23 - 2012-03-30 18:05 - 00000000 ____D C:\Users\dou dou\AppData\Local\CrashDumps
2013-07-03 04:17 - 2013-02-07 05:17 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\SosClient
2013-07-03 04:15 - 2012-03-25 00:06 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\360Login
2013-07-03 03:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 07:42 - 2012-10-27 03:39 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\.minecraft
2013-07-02 07:11 - 2013-07-02 07:11 - 00426416 ____A C:\Users\dou dou\Downloads\MC_Open_Launcher.jar
2013-07-02 07:11 - 2013-07-02 07:11 - 00000000 ____D C:\Users\dou dou\minecraft
2013-07-02 07:11 - 2012-03-24 22:54 - 00000000 ____D C:\users\dou dou
2013-07-02 07:09 - 2013-07-02 07:09 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-02 07:09 - 2013-07-02 07:09 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Malwarebytes
2013-07-02 07:09 - 2013-07-02 07:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-02 07:09 - 2013-07-02 07:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 07:08 - 2013-07-02 07:08 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\dou dou\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-02 06:45 - 2013-07-02 06:32 - 00000000 ____D C:\Qoobox
2013-07-02 06:44 - 2013-07-02 06:44 - 00029601 ____A C:\ComboFix.txt
2013-07-02 06:44 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-07-02 06:42 - 2013-07-02 06:30 - 00000000 ____D C:\Windows\erdnt
2013-07-02 06:41 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2013-07-02 06:36 - 2013-02-07 23:57 - 00000000 ____D C:\Windows\Minidump
2013-07-02 06:30 - 2013-07-02 06:30 - 05085043 ____R (Swearware) C:\Users\dou dou\Downloads\ComboFix.exe
2013-07-02 06:28 - 2013-06-09 04:44 - 00000000 ____D C:\Users\dou dou\Desktop\download
2013-07-02 06:18 - 2013-06-12 02:32 - 3236171776 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??08.????????]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td
2013-07-02 06:18 - 2013-06-09 16:36 - 3824881664 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td
2013-07-02 06:18 - 2013-06-09 16:34 - 2919178240 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??07.???]The.Complete.National.Geographic.Bonus.bin.emule.td
2013-07-02 06:18 - 2013-06-09 04:44 - 4086894592 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td
2013-07-02 06:18 - 2013-06-09 04:40 - 4085682176 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td
2013-07-02 06:18 - 2013-06-09 04:35 - 4103639040 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td
2013-07-02 06:18 - 2013-06-09 04:32 - 4113305600 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td
2013-07-02 05:38 - 2013-07-02 05:38 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-07-02 03:23 - 2012-10-30 05:18 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleFordou dou.job
2013-07-01 06:14 - 2013-07-01 06:14 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-07-01 06:14 - 2013-07-01 06:13 - 56534464 ____A (Microsoft Corporation) C:\Users\dou dou\Downloads\proofingtools_zh-cn-x64.exe
2013-07-01 06:14 - 2012-03-25 04:34 - 00000000 ____D C:\Program Files\Microsoft Office
2013-07-01 06:14 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-01 05:56 - 2012-03-26 05:05 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-07-01 05:55 - 2012-04-16 05:03 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-01 05:54 - 2012-03-26 05:02 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\HP Support Assistant
2013-07-01 05:54 - 2012-03-26 04:54 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\HpUpdate
2013-07-01 05:46 - 2013-07-01 05:46 - 01506773 ____A C:\Users\dou dou\Downloads\Shi Wenyi 2P 22.cwp
2013-06-30 06:16 - 2012-10-14 19:14 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Skype
2013-06-29 18:18 - 2012-04-23 05:55 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\GarenaPlus
2013-06-29 18:18 - 2012-04-23 05:53 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2013-06-29 18:18 - 2012-04-23 05:52 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-06-29 18:16 - 2013-05-31 05:05 - 00035158 ____A C:\Users\dou dou\Documents\keyfile_u
2013-06-29 18:16 - 2013-05-31 05:05 - 00000016 ____A C:\Users\dou dou\Documents\keyfile
2013-06-29 05:21 - 2013-06-29 05:21 - 01340928 ____A C:\Users\dou dou\Downloads\NiE_8Apr2013.ppt
2013-06-27 22:31 - 2013-06-27 22:31 - 00000207 ____A C:\Users\dou dou\Downloads\accs.txt
2013-06-27 01:29 - 2012-06-02 05:05 - 00000915 ____A C:\Users\dou dou\AppData\Roaming\coreavc.ini
2013-06-26 19:31 - 2013-06-26 19:31 - 00001987 ____A C:\Users\UpdatusUser\Desktop\Cobalt.lnk
2013-06-26 19:31 - 2013-06-26 19:31 - 00000000 ____D C:\Program Files (x86)\Oxeye Games
2013-06-26 19:30 - 2013-06-26 19:27 - 256277155 ____A C:\Users\dou dou\Downloads\CobaltInstaller.exe
2013-06-25 20:52 - 2012-04-18 01:59 - 00000000 _RSHD C:\360SANDBOX
2013-06-25 03:53 - 2012-03-25 01:09 - 00000000 ____D C:\Users\Public\Thunder Network
2013-06-24 18:58 - 2012-07-24 05:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-24 15:53 - 2012-04-23 06:01 - 05635016 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2013-06-24 15:45 - 2012-04-23 06:01 - 00005588 ____A C:\Windows\SysWOW64\nppt9x.vxd
2013-06-24 05:04 - 2013-06-24 05:04 - 00766721 ____A C:\Users\dou dou\Downloads\Calamity by Moesh (v1.0).zip
2013-06-23 18:42 - 2012-05-10 19:19 - 00070336 ____A (360.cn) C:\Windows\System32\Drivers\360AntiHacker64.sys
2013-06-21 19:28 - 2013-06-21 19:27 - 12973435 ____A C:\Users\dou dou\Downloads\craftbukkit-1.5.2-R1.0.jar
2013-06-19 19:05 - 2013-06-19 19:05 - 00000000 ____D C:\Users\dou dou\Documents\Rockstar Games
2013-06-19 18:02 - 2013-06-01 07:21 - 00000000 ____D C:\ProgramData\Tunngle
2013-06-19 17:52 - 2012-05-19 18:50 - 00000000 ____D C:\Users\dou dou\AppData\Local\MSNProject
2013-06-19 17:51 - 2013-06-19 17:51 - 00000000 ____D C:\Users\dou dou\AppData\Local\Rockstar Games
2013-06-18 18:13 - 2013-05-24 05:42 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-18 18:13 - 2013-05-24 05:42 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-06-18 18:13 - 2013-01-17 03:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-06-18 17:19 - 2013-06-18 17:19 - 00000000 ____D C:\Program Files (x86)\Arab-GB
2013-06-17 17:26 - 2012-05-24 00:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 04:35 - 2013-06-17 04:15 - 00000000 ____D C:\Program Files (x86)\GTA4
2013-06-17 04:35 - 2013-06-17 02:09 - 00000861 ____A C:\Users\UpdatusUser\Desktop\????4.lnk
2013-06-17 04:13 - 2012-05-24 00:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-17 04:13 - 2011-11-17 23:44 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-17 01:44 - 2009-07-13 21:13 - 00803968 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-13 06:34 - 2013-06-13 06:32 - 00000000 ____D C:\Users\dou dou\Desktop\National Geographic and other Educational Books
2013-06-13 06:04 - 2012-03-29 07:16 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 04:32 - 2013-06-09 01:09 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Bitcoin
2013-06-11 00:44 - 2013-06-11 00:44 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??08.????????]The.Complete.National.Geographic.Secrets.Of.Titanic.cue
2013-06-11 00:12 - 2013-06-11 00:12 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\poclbm
2013-06-10 20:55 - 2013-06-10 20:55 - 00000000 ____D C:\ProgramData\APN
2013-06-10 18:27 - 2013-06-10 18:27 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue
2013-06-10 18:27 - 2013-06-10 18:27 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue
2013-06-10 18:15 - 2013-06-10 18:15 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue
2013-06-10 06:33 - 2013-06-10 06:33 - 00001536 ____A C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat
2013-06-10 06:15 - 2013-06-10 06:15 - 00000891 ____A C:\Users\Public\Desktop\????.lnk
2013-06-10 06:15 - 2013-06-10 06:15 - 00000000 ____D C:\Program Files (x86)\Sketchpad5
2013-06-10 06:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system
2013-06-10 06:01 - 2013-06-10 06:01 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue
2013-06-10 05:50 - 2013-06-09 04:50 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue
2013-06-10 03:23 - 2013-06-10 03:23 - 00000000 ____D C:\Users\dou dou\Documents\CompleteNatGeo
2013-06-10 03:23 - 2013-06-10 03:23 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
2013-06-10 02:17 - 2013-06-10 02:17 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??07.???]The.Complete.National.Geographic.Bonus.cue
2013-06-09 20:56 - 2013-06-01 07:21 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Tunngle
2013-06-09 19:56 - 2013-06-09 19:56 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2013-06-09 17:02 - 2013-06-09 17:02 - 00000071 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue
2013-06-09 04:49 - 2013-06-09 04:49 - 00001241 ____A C:\Users\Public\Desktop\The Complete National Geographic.lnk
2013-06-09 04:49 - 2013-06-09 04:49 - 00000000 ____D C:\Program Files (x86)\National Geographic
2013-06-09 04:30 - 2013-06-09 04:28 - 119554637 ____A C:\Users\dou dou\Desktop\[????????1888-2008?DVD??.????????1.59(???????????)]CNGViewer-1.59.air
2013-06-08 07:09 - 2013-06-08 07:08 - 00000000 ____D C:\Users\dou dou\AppData\Roaming\Armory
2013-06-08 06:08 - 2013-06-15 06:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-15 06:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-15 06:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-15 06:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-15 06:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-15 06:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-15 06:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-15 06:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-15 06:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-15 06:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-15 06:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-15 06:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 00:34 - 2013-06-07 00:34 - 16590861 ____A C:\Users\dou dou\Downloads\Nail 1.4e.zip
2013-06-06 17:07 - 2013-06-06 17:07 - 00199825 ____A C:\Users\dou dou\Desktop\ModLoader.zip
2013-06-06 05:55 - 2013-06-06 05:55 - 00000404 ____A C:\Windows\Tasks\AllmyappsUpdateTask.job
2013-06-05 05:42 - 2013-06-05 05:41 - 00000000 ____D C:\Users\dou dou\Desktop\acc check
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-06-25 17:00:25
Restore point made on: 2013-07-02 03:30:39
Restore point made on: 2013-07-03 03:30:23
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 8172.31 MB
Available physical RAM: 6942.7 MB
Total Pagefile: 8170.51 MB
Available Pagefile: 6923.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:912.05 GB) (Free:568.33 GB) NTFS (Disk=0 Partition=2)
Drive e: (HP_RECOVERY) (Fixed) (Total:19.37 GB) (Free:1.18 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]
Drive g: (HYUNDAI) (Removable) (Total:1.95 GB) (Free:1.74 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.12 GB) (Free:0.12 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 8B3B0114)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=912 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 016250D5)
Partition 1: (Active) - (Size=2 GB) - (Type=06)
 
 
LastRegBack: 2013-06-25 00:24
 
==================== End Of Log ============================
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Run: [360Safetray] "D:\360\360Safe\safemon\360Tray.exe" /start [x]S2 360js; "D:\360\360jishi\360js.exe" /service [x]S2 ZhuDongFangYu; "D:\360\360Safe\deepscan\zhudongfangyu.exe" [x]S3 BAPIDRV64; \??\D:\360\360Safe\firstaid\Fix\BAPIDRV64.sys [x]S3 BeepMbr; \??\D:\360\360Safe\firstaid\Fix\BeepMbr64.sys [x]S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [70336 2013-06-23] (360.cn)S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [304312 2013-05-08] (360.cn)S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40688 2012-05-22] (360.cn)S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [225976 2013-05-14] (360.cn)S1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [61120 2013-04-03] (360.cn)S2 TMAgent;C:\Users\dou dou\AppData\Roaming\360SuperKillerC:\Users\dou dou\AppData\Roaming\360DiagnoseScanC:\Users\dou dou\AppData\Roaming\360safeD:\360C:\ProgramData\360safeC:\Windows\System32\Drivers\360AntiHacker64.sysC:\Windows\System32\DRIVERS\360Box64.sysC:\Windows\System32\Drivers\360Camera64.sysC:\Windows\System32\DRIVERS\360FsFlt.sysC:\Windows\System32\DRIVERS\360netmon.sysC:\Users\dou dou\AppData\Roaming\360LoginC:\360SANDBOX


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

Reboot your computer in safe mode with networking.

 

 

 

Combofix


Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

For some reason, now I actually do have internet on the infected computer. Thanks a lot!

Here is the logs:

ComboFix 13-07-02.02 - dou dou 3/07/04 周四  22:30:11.2.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.936.65.1033.18.8172.6761 [GMT 8:00]
执行位置: c:\users\dou dou\Downloads\ComboFix.exe
SP: 360安全卫士 *Disabled/Updated* {1B9CA0DF-D058-CF02-4191-CE0E96A510E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dou dou\AppData\Local\Microsoft\Windows\Temporary Internet Files\tipcondition_v1.2.dat
c:\users\dou dou\AppData\Roaming\360SE
c:\users\dou dou\AppData\Roaming\360SE\data\360sefav.db
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_03_26.favdb
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_02.favdb
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_06.favdb
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_07.favdb
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_08.favdb
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_09.favdb
c:\users\dou dou\AppData\Roaming\360SE\data\DailyBackup\360sefav_2012_04_12.favdb
c:\users\dou dou\AppData\Roaming\poclbm
c:\users\dou dou\AppData\Roaming\poclbm\poclbm.ini
c:\users\dou dou\AppData\Roaming\SogouExplorer
c:\users\dou dou\AppData\Roaming\SogouExplorer\sogou_explorer_silent_3.2.0.4716_2170.exe
c:\windows\Downloaded Program Files\655368
c:\windows\Downloaded Program Files\655368\SetupAx.dll
c:\windows\PFRO.log
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
c:\windows\wininit.ini
D:\360Downloads
d:\360downloads\360极速浏览器.exe
d:\360downloads\Adobe Flash Player for IE_11.5.exe
d:\360downloads\Adobe Flash Player Plugin_11.5.exe
d:\360downloads\Adobe Reader XI_11.0.exe
d:\360downloads\Daemon_Tools_4.46.1.327.exe
d:\360downloads\Hamachi_2.1.0.296.msi
d:\360downloads\iTunesSetup_11.0.1.12.exe
d:\360downloads\Notepad_6.2.3.exe
d:\360downloads\Skype_5.10正式版.exe
.
.
(((((((((((((((((((((((((  2013-06-04 至 2013-07-04 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-07-05 03:17 . 2013-07-05 03:17 -------- d-----w- C:\FRST
2013-07-04 14:38 . 2013-07-04 14:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-04 14:38 . 2013-07-04 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-04 14:36 . 2013-05-08 09:27 304312 ----a-w- c:\windows\system32\drivers\360Box64.sys
2013-07-04 14:33 . 2013-04-03 09:29 61120 ----a-w- c:\windows\system32\drivers\360netmon.sys
2013-07-04 14:33 . 2012-05-22 09:56 40688 ----a-w- c:\windows\system32\drivers\360Camera64.sys
2013-07-04 14:33 . 2013-06-24 02:42 70336 ----a-w- c:\windows\system32\drivers\360AntiHacker64.sys
2013-07-04 14:33 . 2013-05-15 07:03 225976 ----a-w- c:\windows\system32\drivers\360FsFlt.sys
2013-07-04 14:32 . 2013-07-04 14:32 -------- d-----w- c:\users\dou dou\AppData\Roaming\360Login
2013-07-04 14:32 . 2013-07-04 14:33 -------- d-----w- c:\users\dou dou\AppData\Roaming\360Safe
2013-07-02 15:11 . 2013-07-02 15:11 -------- d-----w- c:\users\dou dou\minecraft
2013-07-02 15:09 . 2013-07-02 15:09 -------- d-----w- c:\users\dou dou\AppData\Roaming\Malwarebytes
2013-07-02 15:09 . 2013-07-02 15:09 -------- d-----w- c:\programdata\Malwarebytes
2013-07-02 15:09 . 2013-07-02 15:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-02 15:09 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-02 13:38 . 2013-07-02 13:38 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-02 13:38 . 2013-07-02 13:38 -------- d-----w- c:\program files (x86)\x264 Video Codec
2013-07-02 11:30 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1445541-DDE9-4448-9F65-E33D45DE79D2}\mpengine.dll
2013-07-01 14:14 . 2013-07-01 14:14 -------- d-----w- c:\program files (x86)\MSECache
2013-06-27 03:31 . 2013-06-27 03:31 -------- d-----w- c:\program files (x86)\Oxeye Games
2013-06-20 01:51 . 2013-06-20 01:51 -------- d-----w- c:\users\dou dou\AppData\Local\Rockstar Games
2013-06-19 01:19 . 2013-06-19 01:19 -------- d-----w- c:\program files (x86)\Arab-GB
2013-06-17 12:15 . 2013-06-17 12:35 -------- d-----w- c:\program files (x86)\GTA4
2013-06-13 01:14 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 01:14 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-13 01:14 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-13 01:14 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 01:11 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-13 01:11 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 01:33 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 01:30 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 01:30 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 01:28 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 01:28 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 01:28 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 01:28 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 01:28 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 01:27 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 01:27 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 01:27 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 01:27 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 01:27 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 01:22 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-12 01:22 . 2013-05-17 00:58 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 01:22 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 01:22 . 2013-05-17 01:25 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 01:22 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 01:22 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 01:22 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-12 01:22 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 04:55 . 2013-06-11 04:55 -------- d-----w- c:\programdata\APN
2013-06-10 14:15 . 2013-06-10 14:15 -------- d-----w- c:\program files (x86)\Sketchpad5
2013-06-10 11:23 . 2013-06-10 11:23 -------- d-----w- c:\users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
2013-06-09 12:49 . 2013-06-09 12:49 -------- d-----w- c:\program files (x86)\National Geographic
2013-06-09 09:09 . 2013-06-12 12:32 -------- d-----w- c:\users\dou dou\AppData\Roaming\Bitcoin
2013-06-08 15:08 . 2013-06-08 15:09 -------- d-----w- c:\users\dou dou\AppData\Roaming\Armory
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-24 23:53 . 2012-04-23 14:01 5635016 ----a-w- c:\windows\SysWow64\GameMon.des
2013-06-24 23:45 . 2012-04-23 14:01 5588 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2013-06-17 12:13 . 2012-05-24 08:33 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-17 12:13 . 2011-11-18 07:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 14:04 . 2012-03-29 15:16 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-30 10:48 . 2013-05-30 10:48 0 ----a-w- c:\windows\system32\nsd5AFF.tmp
2013-05-30 10:48 . 2013-05-30 10:48 0 ----a-w- c:\windows\SysWow64\nsy5959.tmp
2013-05-29 15:26 . 2013-05-29 15:26 0 ----a-w- c:\windows\SysWow64\shoC47C.tmp
2013-05-28 08:07 . 2013-05-28 08:07 5316720 ----a-w- c:\windows\system32\SogouPY.ime
2013-05-28 08:07 . 2013-05-28 08:07 3074160 ----a-w- c:\windows\SysWow64\SogouPY.ime
2013-05-24 13:34 . 2013-05-24 13:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-24 13:34 . 2012-06-20 07:20 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-24 13:34 . 2012-04-26 14:18 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-24 13:29 . 2013-05-24 13:29 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-05-24 13:29 . 2013-05-24 13:30 311200 ----a-w- c:\windows\system32\javaws.exe
2013-05-24 13:29 . 2013-05-24 13:29 188832 ----a-w- c:\windows\system32\javaw.exe
2013-05-24 13:29 . 2013-05-24 13:29 188320 ----a-w- c:\windows\system32\java.exe
2013-05-24 13:29 . 2012-07-08 13:21 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-24 13:29 . 2012-07-08 13:21 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-24 13:27 . 2013-05-24 13:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-05-11 14:38 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-06 09:12 . 2012-03-25 08:06 190136 ----a-w- c:\windows\system32\drivers\BAPIDRV64.SYS
2013-05-01 18:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 19:59 . 2013-04-30 19:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-04-30 19:59 . 2013-04-30 19:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 02:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 02:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 02:41 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 02:41 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 02:41 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 02:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:30 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 02:44 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 02:44 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 02:42 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]
2013-01-21 02:51 88520 ----a-w- d:\thunder network\BHO\XlBrowserAddin1.0.8.71.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-11-14 11:32 251856 ----a-w- c:\program files (x86)\Common Files\Thunder Network\Kankan\xappex.1.1.1.62.(987).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-09-15 121648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-08-29 577400]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"Systray"="c:\windows\syswow64\systray.exe" [2009-07-14 8192]
"360Safetray"="d:\360\360Safe\safemon\360Tray.exe" [2013-05-24 881584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-26 1137952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File REG_SZ         SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VAGP ATX Chipset]
@="Driver Group"
.
R1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]
R1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]
R1 BAPIDRV;BAPIDRV;c:\windows\System32\Drivers\BAPIDRV64.SYS;c:\windows\SYSNATIVE\Drivers\BAPIDRV64.SYS [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys;c:\windows\SYSNATIVE\DRIVERS\AVerAVF2.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NWWakeFilterV;NextWindow Remote Wake Blocker (V);c:\windows\system32\drivers\NWWakeFilterV.sys;c:\windows\SYSNATIVE\drivers\NWWakeFilterV.sys [x]
R3 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\skype\Updater\Updater.exe;c:\program files (x86)\skype\Updater\Updater.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wlcommsvc;wlcommsvc;c:\program files (x86)\MSN\Service\wlcommsvc.exe;c:\program files (x86)\MSN\Service\wlcommsvc.exe [x]
R3 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost;c:\windows\SYSNATIVE\svchost [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S3 NWVoltron;NextWindow Voltron Touch Screen;c:\windows\system32\drivers\NWVoltron.sys;c:\windows\SYSNATIVE\drivers\NWVoltron.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ   XLServicePlatform
.
 ‘计划任务’ 文件夹 里的内容
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 12:13]
.
2013-06-06 c:\windows\Tasks\AllmyappsUpdateTask.job
- c:\users\dou dou\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe [2013-05-13 13:55]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core.job
- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000Core1cdf098e1994741.job
- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46]
.
2012-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA.job
- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1113064780-694992294-3566763946-1000UA1cdf098e2774e71.job
- c:\users\dou dou\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 13:46]
.
2013-07-02 c:\windows\Tasks\HPCeeScheduleFordou dou.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2013-01-21 02:51 628680 ----a-w- d:\thunder network\BHO\XunleiBHO647.2.13.3882.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\360UDiskGuard Icon Overlay]
@="{CC00F81D-5262-450A-B1FA-D6BEE3406263}"
[HKEY_CLASSES_ROOT\CLSID\{CC00F81D-5262-450A-B1FA-D6BEE3406263}]
2013-02-05 09:34 219768 ----a-w- d:\360\360Safe\safemon\360UDiskGuard64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-11-05 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-05 1424896]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 5.109.141.61:25565
IE: &ê1ó?&??à×à??????? - d:\thunder network\BHO\OfflineDownload.htm
IE: &使用&迅雷下载 - d:\thunder network\BHO\GetUrl.htm
IE: &使用&迅雷下载全部链接 - d:\thunder network\BHO\GetAllUrl.htm
IE: &使用&迅雷离线下载 - d:\thunder network\BHO\OfflineDownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀N}廬
@="d:\\Thunder Network\\BHO\\GetUrl.htm"
"Contexts"=dword:00000022
"Name"="xl_geturl"
.
[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀N}廻Q钀]
@="d:\\Thunder Network\\BHO\\GetAllUrl.htm"
"Contexts"=dword:000000f3
"Name"="xl_getallurl"
.
[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀粂縹N}廬
@Allowed: (Read) (RestrictedCode)
@="d:\\Thunder Network\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\MenuExt\&*艔鳀N}?RKb:g]
@Allowed: (Read) (RestrictedCode)
"Contexts"=dword:00000022
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\燨譾sf?*]
"DisplayName"="侠盗猎车4"
"UninstallString"="c:\\Program Files (x86)\\GTA4\\uninst.exe"
"DisplayIcon"="c:\\Program Files (x86)\\GTA4\\NoRGSC.exe"
"Publisher"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\dou dou\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
完成时间: 2013-07-04  22:46:32 - 电脑已重新启动
ComboFix-quarantined-files.txt  2013-07-04 14:46
ComboFix2.txt  2013-07-02 14:44
.
Pre-Run: 610,311,335,936 bytes free
Post-Run: 608,691,372,032 bytes free
.
- - End Of File - - 618096A74D4F89F234B7BB3187200CEF
D41D8CD98F00B204E9800998ECF8427E
Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by SYSTEM at 2013-07-04 22:22:25 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\360Safetray => Value deleted successfully.
360js => Service deleted successfully.
ZhuDongFangYu => Service deleted successfully.
BAPIDRV64 => Service deleted successfully.
BeepMbr => Service deleted successfully.
360AntiHacker => Service deleted successfully.
360Box64 => Service deleted successfully.
360Camera => Service deleted successfully.
360FsFlt => Service deleted successfully.
360netmon => Service deleted successfully.
S2 TMAgent; => Service not found.
C:\Users\dou dou\AppData\Roaming\360SuperKiller => Moved successfully.
C:\Users\dou dou\AppData\Roaming\360DiagnoseScan => Moved successfully.
C:\Users\dou dou\AppData\Roaming\360safe => Moved successfully.
"D:\360" => File/Directory not found.
C:\ProgramData\360safe => Moved successfully.
C:\Windows\System32\Drivers\360AntiHacker64.sys => Moved successfully.
C:\Windows\System32\DRIVERS\360Box64.sys => Moved successfully.
C:\Windows\System32\Drivers\360Camera64.sys => Moved successfully.
C:\Windows\System32\DRIVERS\360FsFlt.sys => Moved successfully.
C:\Windows\System32\DRIVERS\360netmon.sys => Moved successfully.
C:\Users\dou dou\AppData\Roaming\360Login => Moved successfully.
C:\360SANDBOX => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

When I start up the computer, it says that it is "Checking file system on c:\. The type of the file system is NTFS. Volume label is OS.

One of your disks needs to be checked for consistency".

It deleted a corrupted attribute record from file record segment 2287 (128 " ").

Is this normal? Or has my computer been destroyed by the virus badly?

Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

This is the logs:

ComboFix 13-07-04.01 - dou dou 3/07/05 周五  19:30:21.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.936.65.1033.18.8172.7206 [GMT 8:00]
执行位置: C:\Users\dou dou\Downloads\ComboFix.exe
Command switches used :: C:\Users\dou dou\Downloads\CFScript.txt
SP: 360安全卫士 *Disabled/Updated* {1B9CA0DF-D058-CF02-4191-CE0E96A510E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
 
FILE ::
"c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys"
"c:\windows\SYSNATIVE\Drivers\360Camera64.sys"
"c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys"
"c:\windows\SYSNATIVE\Drivers\BAPIDRV64.SYS"
"c:\windows\system32\drivers\360AntiHacker64.sys"
"c:\windows\system32\drivers\360Box64.sys"
"c:\windows\system32\drivers\360Camera64.sys"
"c:\windows\system32\drivers\360FsFlt.sys"
"c:\windows\system32\drivers\360netmon.sys"
"c:\windows\system32\nsd5AFF.tmp"
"c:\windows\system32\SogouPY.ime"
"c:\windows\SysWow64\GameMon.des"
"c:\windows\SysWow64\nppt9x.vxd"
"c:\windows\SysWow64\nsy5959.tmp"
"c:\windows\SysWow64\shoC47C.tmp"
"c:\windows\SysWow64\SogouPY.ime"
"c:\windows\Tasks\AllmyappsUpdateTask.job"
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Run Malwarebytes´ Antimalware.
  • Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

Here is the logs:

 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.06.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
dou dou :: DOUDOU-HP [administrator]
 
Protection: Enabled
 
2013/7/6 12:52:09
mbam-log-2013-07-06 (12-52-09).txt
 
Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 541011
Time elapsed: 59 minute(s), 31 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 7
C:\Qoobox\Quarantine\D\360\360Safe\360leakfixer.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\360\360Safe\360LeakFixPlugin.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\360\360Safe\leakrepair.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\360\360Safe\ipc\PatchCheck.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\360\360Safe\modules\360vulsetup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\360\360Safe\safemon\BootLeakFixer.tpi.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\D\360\360Safe\Utils\360leakfixerdll.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Download and run OTL

  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  4. Push the runscanbutton.png button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

Here are the logs. Thanks!

 

OTL.txt

 

OTL logfile created on: 2013/7/6 21:24:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dou dou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy/M/d
 
7.98 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 61.24% Memory free
15.96 Gb Paging File | 12.31 Gb Available in Paging File | 77.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.05 Gb Total Space | 568.30 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
Drive D: | 19.37 Gb Total Space | 2.24 Gb Free Space | 11.58% Space Free | Partition Type: NTFS
 
Computer Name: DOUDOU-HP | User Name: dou dou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/06 21:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dou dou\Downloads\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/06/19 11:38:49 | 009,873,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\dou dou\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/04/30 18:56:54 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/29 18:08:46 | 000,577,400 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/16 05:36:28 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
PRC - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/08/17 06:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/03/26 09:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/21 02:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/28 18:55:36 | 000,389,424 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
MOD - [2013/06/28 18:55:33 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/06/28 16:29:32 | 002,174,768 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
MOD - [2013/06/19 11:39:15 | 000,236,336 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
MOD - [2013/06/19 11:39:14 | 000,856,880 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/06/19 11:39:14 | 000,098,608 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
MOD - [2013/06/19 11:39:12 | 000,287,024 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll
MOD - [2013/06/19 11:39:12 | 000,133,936 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dll
MOD - [2013/06/19 11:39:03 | 001,903,920 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/06/19 11:38:49 | 009,873,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/06/14 23:25:35 | 013,140,872 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013/05/29 20:21:27 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 13:43:06 | 000,599,504 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 13:43:05 | 000,124,368 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/05/15 12:27:35 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\271ef233b83ada113cfea94ecbcff020\System.IdentityModel.ni.dll
MOD - [2013/05/15 12:27:34 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dcfb28a7d4951481319eaa4e3353d2b5\System.ServiceModel.ni.dll
MOD - [2013/05/15 12:26:38 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0303c10ed5a18fad23197179dad69829\ReachFramework.ni.dll
MOD - [2013/05/15 12:26:31 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ad4e3fd4f3bc61f9255b89853f9517d0\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 12:26:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\acb98d54c594f4736ac2d97c84db2bb4\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 10:35:21 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\982e2b96175ba7ec1ed584f81b362aca\PresentationCore.ni.dll
MOD - [2013/05/15 10:35:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a07737b92dff00eadb852a3fe654676\System.Windows.Forms.ni.dll
MOD - [2013/05/15 10:35:14 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7622c8820556cde07c1948f3f48e83df\System.Core.ni.dll
MOD - [2013/05/15 10:35:13 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\77aaf9593f460b4c6c72a2915c833161\WindowsBase.ni.dll
MOD - [2013/05/15 10:35:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\739dab9e00d22ebf960776ead08c8e73\System.Configuration.ni.dll
MOD - [2013/05/09 12:38:48 | 000,590,128 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dll
MOD - [2013/05/09 12:38:48 | 000,460,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll
MOD - [2013/05/09 12:38:48 | 000,194,864 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll
MOD - [2013/05/09 12:38:46 | 000,516,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2013/05/09 12:38:46 | 000,245,040 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2013/05/09 12:38:46 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/05/09 12:38:46 | 000,068,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2013/05/09 12:38:44 | 001,543,984 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/05/09 12:38:44 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/05/09 12:38:42 | 000,065,840 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2013/05/09 12:38:42 | 000,055,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2013/05/09 12:38:42 | 000,016,688 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2013/05/09 12:38:40 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/05/09 12:38:38 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/05/09 12:38:38 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/05/09 12:38:38 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2013/05/09 12:38:38 | 000,184,624 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2013/05/09 12:38:32 | 000,147,248 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\xIM.dll
MOD - [2013/05/09 12:38:32 | 000,026,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2013/05/09 12:38:30 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/05/09 12:38:30 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/05/09 12:38:30 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/05/09 12:38:28 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/05/09 12:38:24 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/05/09 12:38:24 | 000,121,648 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll
MOD - [2013/05/09 12:38:22 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/05/09 12:38:20 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/05/09 12:38:20 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/05/09 12:38:20 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/05/03 15:34:54 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\ggspawn.dll
MOD - [2013/04/30 18:56:54 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exe
MOD - [2013/04/20 06:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/02/01 13:42:28 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/11 20:10:33 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fce2acd42e271e44ef1c29ecfe03b030\SMDiagnostics.ni.dll
MOD - [2013/01/09 17:19:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cd38ddfac4535d1fc8b285244cfe2350\System.Xml.ni.dll
MOD - [2013/01/09 17:19:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d67ab5fb461b6917c67d587eca870c44\System.Drawing.ni.dll
MOD - [2013/01/09 17:18:59 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e19f70f3c84abc64e1f1b7e76333a372\System.ni.dll
MOD - [2013/01/09 17:18:55 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f86110621e29c00e2db8f462781529fe\mscorlib.ni.dll
MOD - [2012/12/12 13:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 18:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 18:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/08/31 18:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
MOD - [2011/10/18 09:54:24 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
MOD - [2011/02/16 03:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
MOD - [2010/11/21 11:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/21 11:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/11 05:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/05 20:44:31 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/11/05 20:44:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/03/26 09:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/10/11 18:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/25 18:03:50 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/06/17 20:13:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 06:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 09:28:54 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/01/10 10:49:48 | 000,202,048 | ---- | M] (Just Orange) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN\Service\wlcommsvc.exe -- (wlcommsvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/08/29 18:08:00 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/13 01:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/08 07:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/24 21:27:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/05 20:44:32 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/18 16:02:08 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/11/18 15:25:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/18 15:25:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/30 11:07:08 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/27 06:31:10 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/09/09 09:02:24 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/08/24 13:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/24 05:48:22 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)
DRV:64bit: - [2011/06/24 05:48:18 | 000,016,152 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011/06/24 05:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)
DRV:64bit: - [2011/05/05 08:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/26 10:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/26 10:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/26 10:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/26 10:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/26 10:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 12:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/10/20 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/13 20:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/23 11:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/08/29 18:08:28 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\dou dou\Downloads
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/goto?v=Af81002
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}: "URL" = http://www.baidu.com/s?wd={searchTerms}&tn=site888_1_pg&cl=3&ie=utf-8
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0007002"
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@360.cn/npnpsosalbum;version=1.0: D:\360\360jishi\np360album.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.14.0.101\npxbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(14).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: D:\360\360Safe\MobileMgr\np360MMPlugIn.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dll
CHR - plugin: 360\u7F51\u76FE (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: XunLei Plugin (Enabled) = D:\Thunder Network\data\npxunlei1.0.0.1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: AdBlock = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Thunder Download Extension for Chrome = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\
CHR - Extension: Skip video ads on Youtube = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanobjfgoogmilhpmlciifoaflmojigf\0.1.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/05 23:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (迅雷下载支持) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.5.4480.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (EyeOnIE Class) - {20E1725C-7237-41A9-954A-04DCCB1FD16C} - C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll (北京暴风科技股份有限公司)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (迅雷FLV视频嗅探及下载支持) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Thunder Network\BHO\XlBrowserAddin1.0.8.71.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (迅雷下载支持) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.5.4480.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\360\360Safe\safemon\safemon.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (迅雷BHO平台) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [systray] C:\Windows\SysWOW64\systray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000..\Run: [Thunder] C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe (深圳市迅雷网络技术有限公司)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Thunder Network\BHO\OfflineDownload.htm File not found
O8:64bit: - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: &迅雷下载到手机 - http://static.u.155.com/shoulei/shouleidl.htm File not found
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O8:64bit: - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Thunder Network\BHO\OfflineDownload.htm File not found
O8 - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: &迅雷下载到手机 - http://static.u.155.com/shoulei/shouleidl.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O8 - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053F7BFD-2D08-4426-8F68-504CBC8B65D3}: DhcpNameServer = 192.168.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6A295E-9AA0-47EC-A24C-B96F1DD0C4CF}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/06 14:51:51 | 005,635,016 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/07/06 14:26:28 | 000,000,000 | ---D | C] -- C:\迅雷下载
[2013/07/06 14:26:15 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp90.dll
[2013/07/06 14:26:14 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr90.dll
[2013/07/06 14:26:13 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl90.dll
[2013/07/06 14:25:54 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\Thunder Network
[2013/07/06 14:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thunder Network
[2013/07/06 12:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/05 23:21:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/05 23:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/05 11:17:07 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/03 20:29:42 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013/07/03 20:17:04 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360电脑专家优化工具
[2013/07/02 23:11:49 | 000,000,000 | ---D | C] -- C:\Users\dou dou\minecraft
[2013/07/02 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Malwarebytes
[2013/07/02 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/02 23:09:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/02 23:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/02 22:34:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/02 22:34:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/02 22:34:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/02 22:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/02 22:30:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/02 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264 Video Codec
[2013/07/01 22:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/06/27 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oxeye Games
[2013/06/21 03:05:36 | 000,035,272 | ---- | C] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.exe
[2013/06/21 03:05:34 | 000,080,328 | ---- | C] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.dll
[2013/06/20 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\Rockstar Games
[2013/06/20 09:51:04 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\Rockstar Games
[2013/06/19 09:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arab-GB
[2013/06/17 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA4
[2013/06/17 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdown
[2013/06/17 18:09:29 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdown
[2013/06/15 22:00:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/15 22:00:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/13 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\National Geographic and other Educational Books
[2013/06/13 09:14:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/13 09:14:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/13 09:14:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/13 09:11:46 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/13 09:11:46 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/12 09:30:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 09:30:14 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 09:28:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 09:28:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 09:28:06 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 09:27:58 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 09:27:58 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 09:27:58 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 09:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 09:23:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 09:23:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 09:23:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 09:23:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 09:23:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 09:23:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 09:23:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 09:23:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 09:23:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 09:23:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 09:23:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 09:23:00 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/11 12:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/06/10 22:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版
[2013/06/10 22:15:23 | 001,396,736 | ---- | C] (画板论坛) -- C:\Windows\System\jhhb5.ocx
[2013/06/10 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sketchpad5
[2013/06/10 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\CompleteNatGeo
[2013/06/10 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2013/06/09 20:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Geographic
[2013/06/09 20:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Geographic
[2013/06/09 20:44:05 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\download
[2013/06/09 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Bitcoin
[2013/06/08 23:08:17 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Armory
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/06 18:50:39 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 18:50:39 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 16:36:16 | 000,008,017 | ---- | M] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip
[2013/07/06 14:46:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/06 14:46:05 | 2132,000,767 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/06 14:25:45 | 000,002,446 | ---- | M] () -- C:\Users\dou dou\Desktop\迅雷7.lnk
[2013/07/06 14:25:45 | 000,002,287 | ---- | M] () -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk
[2013/07/05 23:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/05 21:15:22 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\config.properties
[2013/07/05 19:42:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/04 19:05:29 | 000,000,861 | ---- | M] () -- C:\Users\dou dou\Desktop\360软件管家.lnk
[2013/07/03 21:11:42 | 001,809,193 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg
[2013/07/03 21:11:42 | 000,726,439 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg
[2013/07/03 21:11:42 | 000,219,230 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg
[2013/07/03 21:11:42 | 000,106,423 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg
[2013/07/03 21:11:41 | 001,409,748 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg
[2013/07/03 21:11:41 | 000,781,256 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg
[2013/07/03 21:11:41 | 000,120,044 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg
[2013/07/02 23:09:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/02 22:18:50 | 3236,171,776 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td
[2013/07/02 22:18:49 | 4113,305,599 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td
[2013/07/02 22:18:49 | 4103,639,039 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td
[2013/07/02 22:18:49 | 4086,894,591 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td
[2013/07/02 22:18:49 | 4085,682,175 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td
[2013/07/02 22:18:48 | 3824,881,663 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td
[2013/07/02 22:18:48 | 2919,178,240 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td
[2013/07/02 19:23:44 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordou dou.job
[2013/06/30 10:16:57 | 000,035,158 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile_u
[2013/06/30 10:16:53 | 000,000,016 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile
[2013/06/27 17:29:27 | 000,000,915 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini
[2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013/06/25 07:45:13 | 000,005,588 | ---- | M] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013/06/21 03:05:36 | 000,035,272 | ---- | M] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.exe
[2013/06/21 03:05:34 | 000,080,328 | ---- | M] (深圳市迅雷技术有限公司) -- C:\Windows\xinstaller.dll
[2013/06/18 09:26:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/17 20:13:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/17 20:13:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/17 17:44:34 | 000,803,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/17 17:44:34 | 000,668,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/17 17:44:34 | 000,128,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 16:44:53 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue
[2013/06/11 10:27:25 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue
[2013/06/11 10:27:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue
[2013/06/11 10:15:39 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue
[2013/06/10 22:33:28 | 000,001,536 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat
[2013/06/10 22:15:24 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\几何画板.lnk
[2013/06/10 22:01:00 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue
[2013/06/10 21:50:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue
[2013/06/10 18:17:58 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue
[2013/06/10 11:56:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/06/10 09:02:48 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue
[2013/06/09 20:49:56 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk
[2013/06/09 20:30:22 | 119,554,637 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air
[2013/06/08 22:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 19:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/06 16:36:16 | 000,008,017 | ---- | C] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip
[2013/07/06 14:51:43 | 000,005,588 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013/07/05 21:14:46 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\config.properties
[2013/07/02 23:09:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/02 22:34:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/02 22:34:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/02 22:34:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/02 22:34:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/02 22:34:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/12 18:32:23 | 3236,171,776 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td
[2013/06/12 18:32:23 | 000,120,044 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg
[2013/06/11 16:44:53 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue
[2013/06/11 10:27:25 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue
[2013/06/11 10:27:16 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue
[2013/06/11 10:15:39 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue
[2013/06/10 22:33:28 | 000,001,536 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat
[2013/06/10 22:15:24 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\几何画板.lnk
[2013/06/10 22:01:00 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue
[2013/06/10 18:17:57 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue
[2013/06/10 11:56:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013/06/10 09:02:48 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue
[2013/06/10 08:36:29 | 3824,881,663 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td
[2013/06/10 08:36:29 | 001,409,748 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg
[2013/06/10 08:34:14 | 2919,178,240 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td
[2013/06/10 08:34:14 | 000,106,423 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg
[2013/06/09 20:50:24 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue
[2013/06/09 20:49:56 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk
[2013/06/09 20:44:21 | 4086,894,591 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td
[2013/06/09 20:40:05 | 4085,682,175 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td
[2013/06/09 20:39:50 | 000,781,256 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg
[2013/06/09 20:35:55 | 4103,639,039 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td
[2013/06/09 20:33:56 | 001,809,193 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg
[2013/06/09 20:32:10 | 000,726,439 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg
[2013/06/09 20:32:07 | 4113,305,599 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td
[2013/06/09 20:32:07 | 000,219,230 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg
[2013/06/09 20:28:58 | 119,554,637 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air
[2013/01/17 19:38:35 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/01/17 18:47:37 | 000,000,600 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\winscp.rnd
[2013/01/16 21:11:13 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/16 21:11:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/09 15:02:34 | 000,110,223 | ---- | C] () -- C:\Users\dou dou\final_bstSnapshot_36619.jpg
[2012/07/06 19:46:58 | 000,000,548 | ---- | C] () -- C:\Users\dou dou\test.trace.db
[2012/07/06 19:46:27 | 000,026,624 | ---- | C] () -- C:\Users\dou dou\test.h2.db
[2012/07/06 19:46:27 | 000,000,188 | ---- | C] () -- C:\Users\dou dou\.h2.server.properties
[2012/06/29 20:20:18 | 000,007,600 | ---- | C] () -- C:\Users\dou dou\AppData\Local\Resmon.ResmonCfg
[2012/06/02 21:05:06 | 000,000,915 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini
[2012/05/28 22:41:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/07 23:04:40 | 000,000,070 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.ini
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbt
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbs
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbp
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbm
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbj
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbe
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbc
[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbg
[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cba
[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cit
[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cib
[2012/04/04 18:52:37 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012/03/25 17:09:53 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/07 04:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/07/03 21:11:39 | 000,000,825 | ---- | M] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk
[2012/05/20 10:53:08 | 000,001,151 | ---- | M] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±?·?ó°ò?5.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk
[2012/05/20 10:53:08 | 000,001,151 | ---- | C] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±?·?ó°ò?5.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk
[2012/03/25 17:10:17 | 000,000,825 | ---- | C] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\èú?á1áí¨) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÈÚ»á¹áͨ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±?·?ó°ò?5) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±©·çÓ°Òô5
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??à×èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ѸÀ×Èí¼þ
 
< End of report >
Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

Extras.txt

 

OTL Extras logfile created on: 2013/7/6 21:24:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dou dou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy/M/d
 
7.98 Gb Total Physical Memory | 4.89 Gb Available Physical Memory | 61.24% Memory free
15.96 Gb Paging File | 12.31 Gb Available in Paging File | 77.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.05 Gb Total Space | 568.30 Gb Free Space | 62.31% Space Free | Partition Type: NTFS
Drive D: | 19.37 Gb Total Space | 2.24 Gb Free Space | 11.58% Space Free | Partition Type: NTFS
 
Computer Name: DOUDOU-HP | User Name: dou dou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "%ProgramFiles%\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B854114-F271-4DD6-B848-980884AB609E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1523F561-5E70-45EB-9AD8-07886DC33D42}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 
"{169FA98F-5F36-41A2-B1BB-8FD58A9BA3FC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{24CEEEFA-D2F4-4669-919D-A134C5C6502D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A945D2F-2541-483A-A43B-D4B74A5F9B02}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2F7D08A8-331F-4AFD-80B2-9BDE1E562BDB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3C74A485-3DCE-429B-926C-10BFD6DE20CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41205E5F-C891-4D8A-8A3E-5F2AD8602722}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{41B07F42-785A-4858-8732-4A72A8D9DEA8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FBF9C84-CD3F-43DC-9B80-A224B9332D40}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) | 
"{5B020B00-EC03-4EEB-9E2D-D623061ADF54}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{61601088-7D66-469B-AAEC-C18198EC1D8A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{67DC18A4-7C37-44F6-AB19-6D77E50FBAAF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7532EE77-E712-412D-A772-967F903337E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{761D7355-DF33-4DC5-BCDE-045381BDAD81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7B076082-C12E-4C12-9243-658BD1F686D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8E8703D7-C7F9-4947-88A7-A2FAAFE4DD9D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8F0058E7-46D0-490D-A52D-CA0501625C24}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F6079E7-90D7-410E-9523-DF184AE10218}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{B4D14B0C-BF93-4A3A-B3EE-82A4658B0866}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BFCF566F-2818-4238-BF15-16088BFC0483}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C58D780C-AF1E-4A5E-8CD0-474818DED999}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C70046B4-B493-44CE-A774-EEA54CA6B7D1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CDB76474-BFE7-45D0-9DE8-D0A2B8492758}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) | 
"{D754D409-B397-417C-A9C4-085EB349DA94}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DB29301A-DAEF-43E8-9269-C796ED5386CD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F34E72AE-2F80-4B3D-9D23-6CBE9CD098F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FFC53F45-0260-40D1-A8CC-6C1BB3CC8DD7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011E86B0-A185-42C6-9F72-11AB69BC927C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe | 
"{02C3E789-999D-49A7-8D7D-5E22A564AAF1}" = protocol=17 | dir=in | app=c:\users\dou dou\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{060507EF-7F4C-440E-9885-4B0239C7C912}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{060D41F3-410B-4A11-B202-35442E2B5A95}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\xlbugreport.exe | 
"{0631266E-650E-4710-9B40-8C4EB4C4A46C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{06A8121A-9BD5-48EC-A62C-69C019E627F3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{08712AB5-B95F-4C10-91CC-72BB66AA59F5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{09240F27-BAE0-4F1D-AD72-F53B9F356FDB}" = protocol=17 | dir=in | app=d:\360\360jishi\sosclient.exe | 
"{09A1B381-8AAD-4391-B40F-E87C09FD2BF4}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{0BFA51A9-5F23-48ED-A0A9-04468759133F}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{0C714508-1B66-42FB-8C1A-599A07E907C0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0D5248FE-CEB5-469C-88B2-30A2DAA6B542}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | 
"{0ECDBC7A-ED8A-45CB-9952-3F391AD7DEAB}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe | 
"{0F5500B7-0610-43B0-BF04-50516AF721A2}" = protocol=6 | dir=in | app=d:\thunder network\program\xbrowser.exe | 
"{110E0FAF-1944-4CD6-B612-2ED9F2D99665}" = protocol=6 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | 
"{11A5A4CE-A825-48F0-B594-11A53660A0DC}" = protocol=17 | dir=in | app=d:\360\360safe\netmon\360speedtest.exe | 
"{11A710F6-3BAB-4736-AEF7-2421F34528FC}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | 
"{12A2CE59-976F-444A-AC42-A66E591E0B61}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe | 
"{13A6B106-F504-43AA-9334-2E7005DD0495}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | 
"{14AF0A8B-F233-44D8-82D6-8FBAA28EA6C9}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe | 
"{14D1761A-4B5A-4E65-A81D-6D34BA133312}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{16B1A12B-5EC9-44F5-9188-FD9BBC2714D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18CEA925-7C5D-469A-B92C-1BCEF86AF969}" = protocol=17 | dir=in | app=c:\ace of spades\server.exe | 
"{18FF7609-FB73-4DD2-AF0C-9B06BBCD85E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A1ADB3A-99A9-4510-ADD3-29BBAE20BDFF}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{1E17DDAD-D6C5-440B-B8EA-9FDBDB7C89FC}" = protocol=6 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | 
"{1E295890-D8FD-4C49-868C-0673DD9FE0AA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{1EEEA16A-D62A-45B7-8474-0BFC735860FA}" = protocol=6 | dir=in | app=d:\360\360safe\safemon\360tray.exe | 
"{208AD42F-5153-43AC-8DCC-6ED74B01BDEF}" = protocol=17 | dir=in | app=d:\360\360jishi\winvnc.exe | 
"{21D12842-7DF6-457F-8A58-C8ADB4F2641F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{21F5E348-1A8F-4F45-8FAE-ED3CCFC063A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22FED010-9B05-4661-87B6-11754A718000}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | 
"{23DAF8C4-A354-4EB5-94B0-43F14BBD574C}" = protocol=6 | dir=out | app=system | 
"{25D28791-12F2-4B16-9A45-63BBB4B25FBD}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{2C5797B0-E861-43C2-BA56-C0AE3DD562AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2F3141B6-A0C0-452B-825A-3FE9CD3E7C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{3106A4B7-0A33-4613-B4B7-C019A7CF51BE}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{312BE606-828B-4F8D-8347-1336753BA0F0}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{3217E2F8-A0FC-4136-9A14-B7F7E9CAF74F}" = protocol=17 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | 
"{3255F331-F12C-4CE9-935D-1710A878600D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{365C7CC3-0AF4-4F9E-8635-41FC38360172}" = protocol=58 | dir=in | app=system | 
"{378866C1-1C62-427F-A124-B7606B351295}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe | 
"{37F8C60E-B2E0-4D7C-A3E3-D4E97A3CC13C}" = protocol=6 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | 
"{383B9F87-0DFE-4F81-BDE8-D80812E5FC99}" = protocol=17 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe | 
"{394340F5-88FE-490E-AD7D-20537712B39F}" = protocol=6 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | 
"{3AF1F6B5-AB01-4A50-93B0-748309477542}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3B8E3F8E-43E6-4CD0-A8B2-45554E0B7574}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe | 
"{3C246326-A691-4AAF-BA39-DE8F914BC285}" = protocol=17 | dir=in | app=d:\thunder network\program\thunder.exe | 
"{3C61E5E4-2EBE-4523-B515-690DCAB20129}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{3CEE7923-D1CB-44A3-B25A-00A1511C2D75}" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | 
"{3D9AD76A-FDD5-4C63-B142-36B0CC69309B}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{40475388-F816-42C2-9EDC-5F9037DC6D72}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | 
"{419A50B5-8548-478A-ACCA-459DD3C6ACE6}" = protocol=17 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | 
"{41F51C51-BC2C-441A-9B2D-36C6F33F69F6}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | 
"{43154DDA-8592-45D6-BD0E-11772CAE5106}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | 
"{4414141B-9CB7-47D7-88B4-A6D9E34B8935}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{445AACC6-82FE-4398-A14E-980B4485806A}" = protocol=6 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | 
"{454423F6-D27A-4873-99EB-70A6B020E7A8}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | 
"{470F7F1B-CA15-477F-9AAB-1DDB9BFAC810}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{492AAF0A-DA57-441D-A250-F8EECE47300F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderplatform.exe | 
"{49B858D8-4A10-4186-91B1-5BCF4613DECC}" = dir=in | app=c:\users\dou dou\appdata\roaming\allmyapps\allmyapps.exe | 
"{4A2A0970-68F5-4A9C-86C0-CDB60DF85849}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"{4B446B60-3143-4C82-8899-6A9777B4EC44}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | 
"{4B97C7B9-5DC7-4EB5-B960-4B768A6F3BEA}" = protocol=17 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | 
"{50A04B06-89FE-41DB-B43A-3CA033E20AFC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\xlbugreport.exe | 
"{51ECDD78-7BED-496F-AEE0-6E0A57BEB13E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderliveud.exe | 
"{5510128A-C21D-44DF-9107-F69D52CCCE70}" = protocol=17 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | 
"{5617FDC5-4A38-473E-BB46-31B2DE7BFEF8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{596F9A7F-9CC1-43D5-A903-462A75CA91CA}" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | 
"{597F9CE9-8508-40B9-B6F2-03EB646A7A5B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{59CBA5DC-1715-4C75-B439-6A4A78FFCF46}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe | 
"{5D645A6F-CE84-45D2-87CF-E4502C25DE48}" = protocol=6 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | 
"{5E1155DB-83C6-4952-9916-4DBE08861664}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderliveud.exe | 
"{5E5A0B3F-D632-4FDA-97F9-B887583E6C93}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
"{5EB9F892-9B60-42D5-A80B-66745DF13A0B}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | 
"{605E1E3B-649E-44F2-A3EB-71378F0DB2D4}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{60D854B5-3EC7-4762-9860-EBF11CEDC796}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{63C8A7B7-89C0-4D89-BDEA-8861D66714B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63CF4420-429D-4395-966F-64AE87C684E8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{63F440CE-FE86-48E6-9E86-9BA20B884189}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | 
"{6403B53B-2062-4C54-8D70-2C7A658CACA9}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | 
"{67894841-09AC-443E-AEA9-163874D37EE1}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe | 
"{67B8B213-9D35-41BA-AE55-33644739004B}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | 
"{6842E1AC-9AD7-4383-AEE8-BCF2A788B369}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6CB0E62E-8E6F-40C0-92F4-53DE134CBDDC}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | 
"{6CE99CA6-41EB-4480-9656-95A5CA0AD9CD}" = protocol=17 | dir=in | app=d:\360\360safe\liveupdate360.exe | 
"{6E3F15BC-5BDC-4993-9219-E362C46014B0}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{6E727537-7822-4D77-B5A3-95758E253906}" = protocol=6 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | 
"{6EB6C56D-977E-4470-AC78-7E923ADC3300}" = protocol=6 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | 
"{6F5FD1CA-7B61-495E-B218-668276835EBD}" = protocol=6 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | 
"{701BDF25-AB59-4853-AC7A-5DD359A199E5}" = protocol=17 | dir=in | app=d:\thunder network\program\thundermobileplatform.exe | 
"{703B458D-9EB7-48B2-BC51-0F61D4572428}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | 
"{7205899E-676B-4946-82F4-696A8332AC40}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{72EDF02E-66C9-4EDA-ACC4-FF23D793D1EC}" = protocol=17 | dir=in | app=d:\360\360safe\safemon\360tray.exe | 
"{7474B37D-96F8-4E29-950B-4F7833697D4A}" = protocol=17 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | 
"{76035385-0F33-401C-807D-3663E934591C}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{76309955-85AF-46E0-AA1A-24A9CBC89D6E}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{7652289A-FAAE-450B-B6EC-80C411C8CE49}" = protocol=6 | dir=in | app=d:\360\360safe\liveupdate360.exe | 
"{776C2B08-6864-4C69-935E-81424F424F7C}" = protocol=17 | dir=in | app=d:\360\360safe\safemon\360tray.exe | 
"{78FB5983-6FA1-433F-9E45-C8A7995D0D5C}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe | 
"{7A68EE9C-3A9E-4049-B816-BAB9B39F84C8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlliveud.exe | 
"{7CDAEEC5-5C14-43A2-962F-21B28172CB58}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{7D637D36-340D-4E7F-9B4C-AA2532AD90C1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7DEA79CA-0E59-4754-A14D-A35E22359354}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | 
"{7E1C2E3D-1C34-4842-8CFD-97AD1C0BBEB8}" = protocol=6 | dir=in | app=c:\users\dou dou\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{7F5ACD09-B562-4DB3-8C75-F2A13ABE9550}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | 
"{802CB4BC-D939-40D2-8751-27D9D1EA7D63}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{802E18E1-A400-476E-9BB6-12A989A04C42}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | 
"{808EC050-BC80-4CE5-86DA-A8CF2631CB48}" = protocol=6 | dir=in | app=d:\thunder network\program\thunderliveud.exe | 
"{80BA4350-6FAF-49E0-9D1D-DFA6D728000A}" = protocol=6 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | 
"{813F4FA0-5731-4D93-818A-51B45CA6BB6A}" = protocol=17 | dir=in | app=d:\thunder network\program\xbrowser.exe | 
"{83C7DF7C-CB16-48DE-A85B-B97367953D94}" = protocol=17 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | 
"{87C8BE84-9334-42BA-A342-CA3EBDA0ED4D}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"{8807CA16-1688-41DA-9957-1280A56FF0EB}" = protocol=17 | dir=in | app=d:\thunder network\program\thunderliveud.exe | 
"{88342CCA-E6F0-4E41-865E-50506E3DAB18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8987EB88-61B4-47A0-90E2-D1ED757582EF}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{8A799A3F-9294-41D7-94AA-DE440A8CD93C}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | 
"{8C13B557-71A2-4644-9980-C267C63ABE37}" = protocol=6 | dir=in | app=d:\360\360safe\safemon\360tray.exe | 
"{8D8B9A20-923B-4434-9510-4C0F0FFB472B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderplatform.exe | 
"{91B1150E-88E8-4B99-A32B-43A672D45908}" = protocol=6 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | 
"{91E1A5AC-DE40-45BE-AB6B-6265CA992768}" = protocol=17 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | 
"{91F7A310-4C81-4C5A-89D1-D1AF7D8FB0C6}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe | 
"{92CF889F-7D75-4EBA-B674-0E8EE1CCA604}" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | 
"{978603A8-F937-4BD8-9521-2E909F225370}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | 
"{97D2FE73-FA99-4197-BF9F-33E27FFECD0F}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{980472CE-0501-49AB-B857-660996765030}" = protocol=17 | dir=in | app=d:\360\360jishi\bbt_thinclient.exe | 
"{983A73D5-28A2-4C9E-A23A-1F1DFB61287E}" = protocol=6 | dir=in | app=d:\thunder network\program\thunder.exe | 
"{985B1BD7-9696-4759-AF88-741804A76504}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\hptouchsmartphoto.exe | 
"{98949E10-600A-4F1F-9D92-4BF4ECE3CFB5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderplatform.exe | 
"{98CCF77B-5936-4AD8-97EE-D1EC3C0A6B93}" = protocol=17 | dir=in | app=d:\thunder network\xldoctor\7.2.13.3882_2\program\xldoctorui.exe | 
"{991379C0-67D6-4270-9004-FF56EA0CADE1}" = protocol=6 | dir=in | app=c:\users\public\thunder network\xmp4\core\program\xmp.exe | 
"{99F173EA-32A0-4DE5-AF15-E3846FEE795E}" = protocol=6 | dir=in | app=c:\ace of spades\server.exe | 
"{9AAE73AC-4515-42FC-8E31-DB4FA1EB92D6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\xlbugreport.exe | 
"{9D5A1BF2-09BB-4F15-9690-4855312DD970}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9DF203F9-29C3-4BF9-858E-2AFEA1661CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderliveud.exe | 
"{9E379A3D-EF68-4908-B154-A686827AFCAE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9ECA79F4-E0C8-4733-9D15-6854FF3030D1}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe | 
"{9F349B0F-4A20-4620-BF24-3A414CEEB614}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A1796C9D-FF41-4A89-9271-10364C34D961}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | 
"{A1E25FAA-0097-4BDD-AA59-E978B012B7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{A22BC431-7F0E-4ADD-A494-D99AAC3B9D88}" = protocol=6 | dir=in | app=d:\360\360jishi\sosclient.exe | 
"{A302E55C-CA2B-44ED-9101-F43182AE9AF9}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | 
"{A383983E-8471-4D21-A315-9EF7B5482581}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A3DD17AD-688E-4DFE-89DA-7DEFB08CCD8E}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | 
"{A7F45B4E-E415-4B49-900A-BFAD18E918DB}" = protocol=17 | dir=in | app=d:\360\360safe\liveupdate360.exe | 
"{ABF26417-34CF-43F6-9AC9-86C2CA4B52BB}" = protocol=6 | dir=in | app=d:\thunder network\xldoctor\7.2.13.3882_2\program\xldoctorui.exe | 
"{AC071CCF-A748-4E90-B343-CB2FC758D2D0}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{AC3E5D02-7085-4F08-AC7D-5E01179EAF3E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{ACEABB1A-0875-4AE4-A281-6202B9690AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"{ADF6D7F9-14B9-494E-848B-8914C85DE42E}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlliveud.exe | 
"{AF506F58-03E3-4BC2-94C7-F21E0AFA9BA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{AF56B57C-8205-44BD-A279-8B6FC6D77C03}" = protocol=17 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | 
"{B12C81C8-5FDF-4E22-91C8-3462A3605586}" = protocol=6 | dir=in | app=d:\thunder network\program\thundermobileplatform.exe | 
"{B42FC21F-17FD-4C04-A79B-26ABD7A1036F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\xlbugreport.exe | 
"{B699C357-3625-4627-B533-76573F7C57D6}" = protocol=6 | dir=in | app=d:\360\360safe\liveupdate360.exe | 
"{B744B848-6DB8-4524-A9DE-49583F3AB3C7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe | 
"{B84EFC0F-D9E9-4B95-8602-D790E8EC2C17}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{BA50D887-E953-4130-9334-86DB2948B926}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | 
"{BB5150A8-3C17-4768-91FE-0650FB6F35F8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BB942F56-73AF-4544-B210-AA37E17F5826}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | 
"{BBCCC2A4-AE61-4864-BF7E-E65A2744EA28}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe | 
"{BD7A1738-E6FE-4139-98BF-DCC30103471A}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | 
"{BDB12B9A-AF8B-4CFA-8D19-E75763F651FD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BDF7C6C8-E8A2-4A21-AB3D-3187A360D2B2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BE211A47-5CF1-4D71-98BA-89D2E5AFB108}" = protocol=17 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | 
"{BE30C868-5516-4126-982A-48C112B54BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\stormplayer.exe | 
"{BE8D38D5-C6AC-4D03-88F4-F460EFC2374B}" = protocol=17 | dir=in | app=d:\360\360safe\netmon\360netman.exe | 
"{C0F007F5-117B-4568-A289-8282FD000FB3}" = protocol=6 | dir=in | app=d:\thunder network\netmon\net_monitor_i.exe | 
"{C328B809-EC22-46CD-9A1D-CB0D8390CD3D}" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"{C42D8213-F313-4712-8016-9D8B0A78AB4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCF74000-8AAE-499C-AFFE-BE4C979164F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CE88ED39-E79E-4815-9F05-36FBFDC7B5A9}" = protocol=6 | dir=in | app=d:\360\360jishi\bbt_thinclient.exe | 
"{D09B7173-62C4-4018-B8A0-AAC05D454020}" = protocol=6 | dir=in | app=d:\thunder network\netmon\lsp_check.exe | 
"{D3132DAB-AB0B-4629-AAFC-A8A5B51AABB2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{D31EA82F-CAFA-4079-A321-1E3BAB099CC6}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe | 
"{D37B9C1C-F89E-4A96-81D3-9E1EE86B9A8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4C0FF2E-C4F5-4E91-BD30-00F6CD69D1A6}" = protocol=6 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{D9A920EE-2F3C-479A-8FCF-D18C6F2ECC30}" = protocol=17 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | 
"{DAD3D7B4-F462-43B0-9FA7-EEF279746BDC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.203_1111\thunderliveud.exe | 
"{DB60D983-27FA-4334-B33F-8B7E71FDC050}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | 
"{DFE249F3-34BE-46F4-89D4-5E99D2C41A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe | 
"{E0ABF98D-33B7-4BEA-AB86-735C2E979F6E}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgdownload.exe | 
"{E0B4DCCA-9728-4EA4-A07D-387D7A8A8166}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe | 
"{E1115D31-FD01-4EB6-8606-557ADC503785}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | 
"{E2B5BD9D-64A0-4360-8CF9-63429BA2F561}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | 
"{E64C01DE-C2FA-47AC-8D4B-1E616483721F}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | 
"{E6DBDE53-219C-47A2-B666-0EB1BA42F5A6}" = protocol=17 | dir=in | app=d:\thunder network\fcminidownloader\minidownloader.exe | 
"{E76E3BBB-7E2A-43D9-ADF9-64C2A64B1D99}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\imeutil.exe | 
"{E7A1DDFA-CD35-4197-B5C7-E0B12CE6BF0F}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | 
"{E92ECDED-4137-4D09-9385-B997807410A1}" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"{EA1FF4F4-F39B-49ED-BE21-0CF135001943}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\photo\photoagent.exe | 
"{EBCAD361-9934-465D-AD25-2DC554EAC96A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EC553611-648B-4281-A6E4-578F8B5B7CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | 
"{EC8F9500-8E89-4035-B6A6-91757E03DE52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe | 
"{ED73B499-DC67-4E15-B05A-4E22D7A392EE}" = protocol=6 | dir=in | app=d:\360\360jishi\winvnc.exe | 
"{EE1EADA3-E50C-4779-88AB-EB6523965040}" = protocol=17 | dir=in | app=d:\program files\sogouinput\components\sogoucommgr.exe | 
"{EE8B7583-2988-43C3-9534-F95CA9E3C86C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFACA21B-E2FF-4D9C-88FE-8386AD4081D7}" = protocol=17 | dir=in | app=d:\thunder network\program\thunderbhostat.exe | 
"{F152D9E7-D917-484A-A4C9-81F871865A24}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{F1D8F277-7594-4DA2-A480-D48CE45C3004}" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\apps\blackshot\blackshot\system\blackshot.exe | 
"{F2B5C8AF-7324-43F7-9840-B21B714836C2}" = protocol=6 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | 
"{F58FBBC2-930A-437E-99F8-D230C27FFA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengupdate.exe | 
"{F65F7193-D7D6-4FEB-B09C-54B394EEB786}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.190_1111\thunderplatform.exe | 
"{F6A5A1BB-9EA9-4C81-B00D-7AC847C71D0D}" = protocol=17 | dir=in | app=c:\program files (x86)\simple port forwarding\spf.exe | 
"{F8C9DA40-0124-4DCE-850E-F3BA0B4DBE73}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\sgtool.exe | 
"{FB4B22F7-8F57-4CB6-829A-F94B288FDD3A}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe | 
"{FB7BA1C5-C595-4779-A794-FB331DD8935A}" = protocol=17 | dir=in | app=d:\program files\sogouinput\6.7.0.0163\pinyinup.exe | 
"{FD28C41B-DEDB-4E54-88D5-3B94DBF6A274}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe | 
"{FE08B257-A99D-4E49-B640-A162D39E643F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FFA1ADB4-163E-4ADF-9615-D896BEA837FF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\video\hptouchsmartvideo.exe | 
"TCP Query User{03E1A8B7-9161-4F51-8C24-032A8143BBD3}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{06BE37B7-8EB9-4D2D-BD0F-F777ACC86AFA}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{0D497B95-56B3-48BF-AA11-F680B8B39504}C:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{37913198-0B3D-457D-BB7A-F31135C00602}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"TCP Query User{46ABE50F-54AD-4696-9F7A-FC8FC7DB51F0}C:\program files (x86)\baofeng\stormplayer\baofengplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | 
"TCP Query User{47040877-6588-4D18-9ED2-42453BEE545A}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"TCP Query User{59C46918-480A-4BCF-996F-370DD03FB90A}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{68CC3870-AE5E-4B9F-81FD-4614B7BD90F9}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8D818F5C-A7FB-413B-82E0-3AD520A9DF85}C:\program files (x86)\gta4\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | 
"TCP Query User{9A0C4C77-287E-4F60-9B3E-65599653A567}D:\thunder network\program\thunder.exe" = protocol=6 | dir=in | app=d:\thunder network\program\thunder.exe | 
"TCP Query User{AF36A98D-135C-4085-9D88-EC398F40416A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{B4D808C5-AA2A-4ADB-8C6B-780BE6A6C495}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B5BC1DD1-6F06-411B-939E-19BC89F289F5}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"TCP Query User{EF1CAFE3-5E15-48E6-9826-453673FFE86D}C:\ace of spades\server.exe" = protocol=6 | dir=in | app=c:\ace of spades\server.exe | 
"TCP Query User{FC7DCD33-79E9-42A9-8164-059E813372C4}C:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | 
"UDP Query User{077CCC91-985D-4844-BB30-95141B805925}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{2B0CE82F-D3EA-445C-9ED3-CDFB7D6A29D8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{3BE4E53C-3998-4FB8-BB11-CD55F3F0F80F}C:\ace of spades\server.exe" = protocol=17 | dir=in | app=c:\ace of spades\server.exe | 
"UDP Query User{3D64215A-01EE-47CD-A5F7-C65D083A39CD}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"UDP Query User{4E8D4C33-7941-4875-B716-3B658A4C78EB}C:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arab-gb\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{57648FBD-EC9F-4BDB-8D3C-AEA48FCD284E}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{87E98095-587F-4284-94DF-F401FE4EC564}C:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\borderlands 2\binaries\win32\game.exe | 
"UDP Query User{93A0AD05-1063-4EEF-BEE8-1CDB45542B87}C:\program files (x86)\baofeng\stormplayer\baofengplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\baofeng\stormplayer\baofengplatform.exe | 
"UDP Query User{B1CBAEFF-0212-40B5-99A9-65BE6B783C9E}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{B6F90531-4324-4435-8EC2-9E3246286216}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{D65A350F-BC50-4754-A335-757748BD9A93}D:\thunder network\program\thunder.exe" = protocol=17 | dir=in | app=d:\thunder network\program\thunder.exe | 
"UDP Query User{D6CF0C68-0FAB-46B0-A669-C6056A99AB9D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | 
"UDP Query User{E43D2703-6C90-45EB-ABD2-7E8C051F9B03}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{EE318711-16D4-4979-86AD-036DEAC9C5A7}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{EF3B94DA-238D-4900-A5CA-A6C690598554}C:\program files (x86)\gta4\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gta4\gtaiv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Bluetooth by hp
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-001F-0804-1000-0000000FF1CE}" = Microsoft Office 校对工具 2013 - 简体中文
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.20 (64 位)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}" = LogMeIn Hamachi
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13759E40-CAD3-4654-8AF7-8C4F76CD8A8A}" = BlueStacks
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display TouchSmart Edition
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{27710506-32B1-49B3-B95B-B7C65FA6FA15}" = HP Photo Canvas
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{402F6F2E-5683-491C-977D-0CA599A07CAF}" = Adobe CS6 Design and Web Premium
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E575BFF-51A0-474E-A3BA-C0FCF82E6A78}" = HP Touch Browser
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.3
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{53D62BFD-049C-45F1-A54B-06A8232B6E56}" = iShowen
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5A71DABE-6A2B-47EA-A1F6-D66E7B08033C}_is1" = Borderlands 2
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple 应用程序支持
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C44DEFF-8638-49A4-B748-CA59B43F3265}" = Fritz 12
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{75781594-73D9-4D7B-997F-14D41BF1514E}" = HP TouchSmart Twitter
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed?World
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP Music
"{91B9368F-6C6F-3DB5-9CBA-6CAD56035B26}" = Google Talk Plugin
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93337CC5-9BC4-4FB0-B82E-38EC63E149F3}_is1" =  Leawo iTransfer version  1.4.0.1106
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A59442FF-D882-4F87-9231-5C9FA8F25FE8}" = ³õÈý»¯Ñ§ÉÏ(A)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-2052-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Chinese Simplified
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6F34AE0-0576-11d4-82FE-4491FCC00000}" = IconViewer
"{C912EFA0-0076-11d5-B04A-BD6C80DF2479}" = IconChanger
"{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP Photo
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DBAFF495-A33C-4B9C-81AA-6AAF3F60AE1F}_is1" = 几何画板 5.0最强中文版
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EEE791A8-4AB5-1540-FE9D-70EC70938AD2}" = The Complete National Geographic
"{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = Video
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F312B2F8-A700-46D2-A2DD-BB758313EA2F}" = Macromedia Extension Manager
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA 2" = ArmA 2 Free Uninstall
"AVerMedia MiniCard Hybrid TV Tuner" = AVerMedia MiniCard Hybrid TV Tuner 1.1.64.56
"Blacklight Retribution" = Blacklight Retribution
"BlackShot" = Garena - BlackShot
"Borderlands 2_is1" = Borderlands 2
"Cobalt" = Cobalt
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1" = The Complete National Geographic
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deep Fritz 12 DL" = Deep Fritz 12 DL
"HP Photo Creations" = HP Photo Creations
"HP Remote Solution" = HP Remote Solution
"im" = Garena Plus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP TouchSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP Music
"InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}" = HP Photo
"InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}" = Video
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP TouchSmart Video
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MSNProtect" = Windows Live Messenger 加强版组件
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Complete" = PDF Complete Special Edition
"Simple Port Forwarding" = Simple Port Forwarding
"Sogou Input" = 搜狗拼音输入法 6.7正式版
"Steam App 440" = Team Fortress 2
"StormPlayer" = 暴风影音5
"Thunder BHO Platform" = Thunder BHO Platform 2.2.0.1035
"thunder_is1" = 迅雷7
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite" = Windows Live 软件包
"winscp3_is1" = WinSCP 5.1.3
"国际象棋弗里茨" = 国际象棋弗里茨 12
"侠盗猎车4" = 侠盗猎车4
"迅雷看看播放器" = 迅雷看看播放器
"迅雷看看高清播放组件" = 迅雷看看高清播放组件
"自动优化工具" = 自动优化工具 1.0.0.48
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ac1ad94e2ed7c137" = TF2 Items Editor
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013/7/5 10:56:34 | Computer Name = doudou-HP | Source = VSS | ID = 8193
Description = 
 
Error - 2013/7/5 10:56:34 | Computer Name = doudou-HP | Source = System Restore | ID = 8193
Description = 
 
Error - 2013/7/5 11:11:55 | Computer Name = doudou-HP | Source = Application Error | ID = 1000
Description = Faulting application name: uninstall.exe_Setup Factory Runtime, version:
 9.0.4.0, time stamp: 0x4eeb8cb2  Faulting module name: uninstall.exe, version: 9.0.4.0,
 time stamp: 0x4eeb8cb2  Exception code: 0x40000015  Fault offset: 0x001c7ce7  Faulting
 process id: 0xbbc  Faulting application start time: 0x01ce7991f32ed17a  Faulting application
 path: C:\Windows\Simple Port Forwarding\uninstall.exe  Faulting module path: C:\Windows\Simple
 Port Forwarding\uninstall.exe  Report Id: 39f35e27-e585-11e2-b605-386077c8247e
 
Error - 2013/7/5 11:12:38 | Computer Name = doudou-HP | Source = Application Error | ID = 1000
Description = Faulting application name: uninstall.exe_Setup Factory Runtime, version:
 9.0.4.0, time stamp: 0x4eeb8cb2  Faulting module name: uninstall.exe, version: 9.0.4.0,
 time stamp: 0x4eeb8cb2  Exception code: 0x40000015  Fault offset: 0x001c7ce7  Faulting
 process id: 0x9c4  Faulting application start time: 0x01ce79920d299638  Faulting application
 path: C:\Windows\Simple Port Forwarding\uninstall.exe  Faulting module path: C:\Windows\Simple
 Port Forwarding\uninstall.exe  Report Id: 53cf3101-e585-11e2-b605-386077c8247e
 
Error - 2013/7/6 00:45:30 | Computer Name = doudou-HP | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
 service.  Service did not stop gracefully the last time it was run.     at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error - 2013/7/6 00:51:05 | Computer Name = doudou-HP | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1b1c    Start Time:
 01ce7a040dd66fc9    Termination Time: 5    Application Path: C:\Program Files (x86)\Malwarebytes'
 Anti-Malware\mbam.exe    Report Id: 9f4c5385-e5f7-11e2-83b7-d0df9aa61076  
 
Error - 2013/7/6 02:31:50 | Computer Name = doudou-HP | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 2013/7/6 02:37:02 | Computer Name = doudou-HP | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 2013/7/6 02:46:44 | Computer Name = doudou-HP | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
 service.  Service did not stop gracefully the last time it was run.     at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error - 2013/7/6 06:45:53 | Computer Name = doudou-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "d:\program files\sogouinput\6.7.0.0163\SGTool.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Hewlett-Packard Events ]
Error - 2012/8/6 09:34:27 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/8/13 09:25:05 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/8/20 00:44:05 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/8/27 05:17:48 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/9/3 00:09:27 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/9/10 08:59:24 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/9/17 05:32:22 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/9/24 04:56:22 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/10/1 02:01:44 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 2012/10/8 01:19:44 | Computer Name = doudou-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8172  Ram Utilization: 30  TargetSite: Void UpdateAndDetect()  
 
[ System Events ]
Error - 2013/7/6 00:46:44 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
 the following error:   %%1053
 
Error - 2013/7/6 00:47:00 | Computer Name = doudou-HP | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 25.189.153.13.  The computer with the IP address 25.79.12.131 did
 not allow the name to be claimed by  this computer.
 
Error - 2013/7/6 00:51:47 | Computer Name = doudou-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070002: Update for Microsoft .NET Framework 4 on XP, Server 2003,
 Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2836939).
 
Error - 2013/7/6 02:40:40 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7030
Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
Error - 2013/7/6 02:40:41 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the LogMeIn
 Hamachi Tunneling Engine service to connect.
 
Error - 2013/7/6 02:40:41 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Hamachi Tunneling Engine service failed to start due to
 the following error:   %%1053
 
Error - 2013/7/6 02:44:53 | Computer Name = doudou-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 2013/7/6 02:46:44 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7023
Description = The BlueStacks Android Service service terminated with the following
 error:   %%1064
 
Error - 2013/7/6 02:47:14 | Computer Name = doudou-HP | Source = bowser | ID = 8003
Description = 
 
Error - 2013/7/6 02:51:51 | Computer Name = doudou-HP | Source = Service Control Manager | ID = 7030
Description = The nProtect GameGuard Service service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
 
< End of report >
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...ch.asp?src=6&q={searchTerms}&crg=4.0007002"IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://123.sogou.com/goto?v=Af81002IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}: "URL" = http://www.baidu.com/s?wd={searchTerms}&tn=site888_1_pg&cl=3&ie=utf-8IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...ch.asp?src=6&q={searchTerms}&crg=4.0007002"FF - HKLM\Software\MozillaPlugins\@360.cn/npnpsosalbum;version=1.0: D:\360\360jishi\np360album.dll File not foundFF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayerFF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(14).dll (ShenZhen Thunder Networking Technologies Ltd.)FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\ThunderFF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: D:\360\360Safe\MobileMgr\np360MMPlugIn.dll File not foundFF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dllCHR - plugin: 360\u7F51\u76FE (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dllCHR - plugin: XunLei Plugin (Enabled) = D:\Thunder Network\data\npxunlei1.0.0.1.dllCHR - Extension: Thunder Download Extension for Chrome = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\O2:64bit: - BHO: (迅雷下载支持) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.5.4480.dll (深圳市迅雷网络技术有限公司)O2:64bit: - BHO: (EyeOnIE Class) - {20E1725C-7237-41A9-954A-04DCCB1FD16C} - C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll (北京暴风科技股份有限公司)O2 - BHO: (迅雷FLV视频嗅探及下载支持) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Thunder Network\BHO\XlBrowserAddin1.0.8.71.dll File not foundO2 - BHO: (迅雷下载支持) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.5.4480.dll (深圳市迅雷网络技术有限公司)O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\360\360Safe\safemon\safemon.dll File not foundO2 - BHO: (迅雷BHO平台) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll (深圳市迅雷网络技术有限公司)O3 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000..\Run: [Thunder] C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe (深圳市迅雷网络技术有限公司)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8:64bit: - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Thunder Network\BHO\OfflineDownload.htm File not foundO8:64bit: - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()O8:64bit: - Extra context menu item: &迅雷下载到手机 - http://static.u.155....i/shouleidl.htm File not foundO8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()O8:64bit: - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - D:\Thunder Network\BHO\OfflineDownload.htm File not foundO8 - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()O8 - Extra context menu item: &迅雷下载到手机 - http://static.u.155....i/shouleidl.htm File not foundO8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()O8 - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()O15 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA6A295E-9AA0-47EC-A24C-B96F1DD0C4CF}: DhcpNameServer = 7.254.254.254[2013/07/03 21:11:39 | 000,000,825 | ---- | M] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk[2012/05/20 10:53:08 | 000,001,151 | ---- | M] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±?·?ó°ò?5.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk[2012/05/20 10:53:08 | 000,001,151 | ---- | C] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±?·?ó°ò?5.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk[2012/03/25 17:10:17 | 000,000,825 | ---- | C] ()(C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\??à×7.lnk) -- C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\èú?á1áí¨) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÈÚ»á¹áͨ(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±?·?ó°ò?5) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±©·çÓ°Òô5(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??à×èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ѸÀ×Èí¼þ:filesC:\Program Files (x86)\Common Files\Thunder NetworkC:\迅雷下载C:\Users\dou dou\AppData\Local\Thunder NetworkC:\Program Files (x86)\Common Files\Thunder NetworkC:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360电脑专家优化工具C:\Windows\xinstaller.exeC:\Windows\xinstaller.dllC:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdownC:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdownC:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版C:\Windows\System\jhhb5.ocxC:\Users\dou dou\Desktop\迅雷7.lnkC:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnkC:\Users\dou dou\Desktop\360软件管家.lnk:servicesXLServicePlatform
  • Return to OTL, right click in the "Custom Scans/Fixes" section and choose Paste.
  • Click the red Run Fix button.
  • OTL may ask to reboot the machine. Please do so.
  • If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

    Also post a new OTL log.

 

 

 

 

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • You´ll find the log as RKreport[1].txt on your desktop also.
  • Exit/Close RogueKiller.

 

Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

Here is the logs after the fix finished:

 

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24588FA4-10F1-41D7-B19D-6E22361E47FA}\ not found.
Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@360.cn/npnpsosalbum;version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdyy\ deleted successfully.
C:\Program Files (x86)\Baidu\BaiduPlayer folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@xunlei.com/DapCtrl\ deleted successfully.
C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(14).dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@xunlei.com/npxluser\ deleted successfully.
C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2\ deleted successfully.
C:\Program Files (x86)\Thunder Network\Thunder\XMPInstaller folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\XLApp\XLVipBox folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\XLApp\SpeedTestApp folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\XLApp\LanSpeedViewerApp folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\XLApp\InitGuideApp folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\XLApp folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\tp\download_profiles folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\tp folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Thunder\Xar\ThunderApp folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Thunder\Xar folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Thunder folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\XmpIcon folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\xar\ThunderExternal\res folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\xar\ThunderExternal folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\xar folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Program\SpeedHistory scheduled to be moved on reboot.
C:\Program Files (x86)\Thunder Network\Thunder\Program\profiles folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\icon folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\DesktopSkin folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Program scheduled to be moved on reboot.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\XLGameBox folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Torrents folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\TipsAddin folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\ThunderSearch folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Offline folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\InMedia folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\GameMode folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\FlowMonitorAddin folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Emule scheduled to be moved on reboot.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\XMLPaint folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\VipAssistant folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\UserImages folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community\Achievements folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Community folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Profiles scheduled to be moved on reboot.
C:\Program Files (x86)\Thunder Network\Thunder\NetMon folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\LanSpeedViewer folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush\PreDownload folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush scheduled to be moved on reboot.
C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderDownloader folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\Online folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\yellow folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\violet folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\red folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\pink folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\green folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\gray folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\flash folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\cyan folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default\blue folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\default folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\autoskin\default folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin\autoskin folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\skin folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\SenceTipAddin folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\MainWndTabItem folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\AppCollection\Image folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\AppCollection folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder\Data scheduled to be moved on reboot.
C:\Program Files (x86)\Thunder Network\Thunder\BHO\xluser folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\BHO\image\waiting folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\BHO\image folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\BHO\Firefox\components folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\BHO\Firefox\chrome folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\BHO\Firefox folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\BHO folder moved successfully.
Folder move failed. C:\Program Files (x86)\Thunder Network\Thunder scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@360.cn/360MMPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@xunlei.com/npxluser\ deleted successfully.
File C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2\ deleted successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll moved successfully.
File C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dll not found.
File C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dll not found.
File D:\Thunder Network\data\npxunlei1.0.0.1.dll not found.
C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\_locales\zh_TW folder moved successfully.
C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\_locales\zh_CN folder moved successfully.
C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\_locales folder moved successfully.
C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\js folder moved successfully.
C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0\images folder moved successfully.
C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\2.1_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}\ deleted successfully.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.5.4480.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20E1725C-7237-41A9-954A-04DCCB1FD16C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20E1725C-7237-41A9-954A-04DCCB1FD16C}\ deleted successfully.
C:\Program Files (x86)\Baofeng\StormPlayer\MediaLibraryIcon64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283}\ deleted successfully.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.9.5.4480.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}\ deleted successfully.
File C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\IEPlatform.dll not found.
Registry value HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Thunder deleted successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\ deleted successfully.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\ deleted successfully.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\ deleted successfully.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&迅雷下载到手机\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send page to &Bluetooth Device...\ deleted successfully.
c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷看看播放器播放\ deleted successfully.
C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加当前页到迅雷看看播放器标签\ deleted successfully.
C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷离线下载\ not found.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载\ not found.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&使用&迅雷下载全部链接\ not found.
File C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&迅雷下载到手机\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用迅雷看看播放器播放\ not found.
File C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加当前页到迅雷看看播放器标签\ not found.
File C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14c1d00e-0b92-4379-880b-444fa2d740dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14c1d00e-0b92-4379-880b-444fa2d740dd}\ not found.
C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{24c1d00e-0b92-4379-880b-444fa2d740dd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c1d00e-0b92-4379-880b-444fa2d740dd}\ not found.
C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm moved successfully.
Registry value HKEY_USERS\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1979\\http deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA6A295E-9AA0-47EC-A24C-B96F1DD0C4CF}\\DhcpNameServer| /E : value set successfully!
C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk moved successfully.
C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk moved successfully.
File C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô5.lnk not found.
File C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\ѸÀ×7.lnk not found.
========== FILES ==========
C:\Program Files (x86)\Common Files\Thunder Network\xldqvideo\pusher folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\xldqvideo folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\UserAgent folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111\LiveUpdateLanguage folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP scheduled to be moved on reboot.
C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\ServiceLoadModule folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\ServiceDlls folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Pusher\XLUE folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\Kankan\Pusher folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\Kankan scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network scheduled to be moved on reboot.
C:\迅雷下载\Despicable.Me.2010.[2.8GB].[bDRip].[1920x1080p].[H.264].5.1CH-AAC-[HolyShitHD] folder moved successfully.
C:\迅雷下载 folder moved successfully.
File\Folder 载 not found.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderXMPAds\com folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderXMPAds\code folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderXMPAds folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderProfile\com folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderProfile folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderDownload\com folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderDownload\code folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package\ThunderDownload folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform\Package folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network\Thunder BHO Platform folder moved successfully.
C:\Users\dou dou\AppData\Local\Thunder Network folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1 scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\TP scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network\Kankan scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\Common Files\Thunder Network scheduled to be moved on reboot.
C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360电脑专家优化工具 folder moved successfully.
File\Folder 化工具 not found.
C:\Windows\xinstaller.exe moved successfully.
C:\Windows\xinstaller.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdown\侠盗猎车4 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yxdown folder moved successfully.
C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdown\侠盗猎车4 folder moved successfully.
C:\Users\dou dou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yxdown folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\网站支持 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\画板教程 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\画板实例 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版\主程序 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\几何画板 5.0最强中文版 folder moved successfully.
File\Folder 中文版 not found.
C:\Windows\System\jhhb5.ocx moved successfully.
C:\Users\dou dou\Desktop\迅雷7.lnk moved successfully.
C:\Users\dou dou\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk moved successfully.
File\Folder C:\Users\dou dou\Desktop\360软件管家.lnk not found.
File\Folder nk not found.
========== SERVICES/DRIVERS ==========
Service XLServicePlatform stopped successfully!
Service XLServicePlatform deleted successfully!
 
OTL by OldTimer - Version 3.2.69.0 log created on 07082013_165904
 
Files\Folders moved on Reboot...
C:\Program Files (x86)\Thunder Network\Thunder\Program\SpeedHistory folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Program folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles\Emule folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Profiles folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data\ThunderPush folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder\Data folder moved successfully.
C:\Program Files (x86)\Thunder Network\Thunder folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.203_1111 folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1 folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\TP folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network\Kankan folder moved successfully.
C:\Program Files (x86)\Common Files\Thunder Network folder moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
 
 
Still doing the other steps :) Thanks alot!
Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

Roguekiller 64bits logs:

 

RogueKiller V8.6.2 _x64_ [Jul  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dou dou [Admin rights]
Mode : Scan -- Date : 07/08/2013 17:04:47
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] AllmyappsUpdateTask : c:\users\dou - dou\appdata\roaming\allmyapps\allmyappsupdater.exe check startup [x][x][x] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST31000524AS +++++
--- User ---
[MBR] 7c8d92f9516dd8de55c8a716181ef9fe
[bSP] d8b81577af8db3df6caa698766db08b7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 933935 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1912905728 | Size: 19832 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] e64c63d12f65fa8a680c959b994254a0
[bSP] 8f916bd443e527a6d9b51580760f9cb8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo
 
Finished : << RKreport[0]_S_07082013_170447.txt >>
Link to post
Share on other sites
justniice

justniice

Posted
  • Author
Posted

New OTL logs, thanks again!

 

OTL logfile created on: 2013/7/8 17:09:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dou dou\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000804 | Country: People's Republic of China | Language: CHS | Date Format: yyyy/M/d
 
7.98 Gb Total Physical Memory | 5.51 Gb Available Physical Memory | 69.02% Memory free
15.96 Gb Paging File | 13.03 Gb Available in Paging File | 81.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 912.05 Gb Total Space | 566.19 Gb Free Space | 62.08% Space Free | Partition Type: NTFS
Drive D: | 19.37 Gb Total Space | 2.24 Gb Free Space | 11.58% Space Free | Partition Type: NTFS
 
Computer Name: DOUDOU-HP | User Name: dou dou | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/06 21:23:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dou dou\Downloads\OTL.exe
PRC - [2013/06/28 14:02:06 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013/05/28 16:07:20 | 000,260,208 | ---- | M] (Sogou.com Inc.) -- D:\Program Files\SogouInput\SogouExe\SogouExe.exe
PRC - [2013/05/27 12:30:16 | 005,715,568 | ---- | M] (Sogou.com Inc.) -- D:\Program Files\SogouInput\6.7.0.0163\SGTool.exe
PRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\dou dou\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/29 18:08:46 | 000,577,400 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/16 05:36:28 | 000,445,232 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
PRC - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/08/17 06:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/03/26 09:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/11/21 02:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/19 11:39:03 | 001,903,920 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/06/14 23:25:35 | 013,140,872 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
MOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 13:43:06 | 000,599,504 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 13:43:05 | 000,124,368 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/05/15 12:27:35 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\271ef233b83ada113cfea94ecbcff020\System.IdentityModel.ni.dll
MOD - [2013/05/15 12:27:34 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dcfb28a7d4951481319eaa4e3353d2b5\System.ServiceModel.ni.dll
MOD - [2013/05/15 12:26:38 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0303c10ed5a18fad23197179dad69829\ReachFramework.ni.dll
MOD - [2013/05/15 12:26:31 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ad4e3fd4f3bc61f9255b89853f9517d0\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 12:26:30 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\acb98d54c594f4736ac2d97c84db2bb4\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 10:35:21 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\982e2b96175ba7ec1ed584f81b362aca\PresentationCore.ni.dll
MOD - [2013/05/15 10:35:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a07737b92dff00eadb852a3fe654676\System.Windows.Forms.ni.dll
MOD - [2013/05/15 10:35:14 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7622c8820556cde07c1948f3f48e83df\System.Core.ni.dll
MOD - [2013/05/15 10:35:13 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\77aaf9593f460b4c6c72a2915c833161\WindowsBase.ni.dll
MOD - [2013/05/15 10:35:11 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\739dab9e00d22ebf960776ead08c8e73\System.Configuration.ni.dll
MOD - [2013/04/20 06:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/01/11 20:10:33 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\fce2acd42e271e44ef1c29ecfe03b030\SMDiagnostics.ni.dll
MOD - [2013/01/09 17:19:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cd38ddfac4535d1fc8b285244cfe2350\System.Xml.ni.dll
MOD - [2013/01/09 17:19:02 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\d67ab5fb461b6917c67d587eca870c44\System.Drawing.ni.dll
MOD - [2013/01/09 17:18:59 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e19f70f3c84abc64e1f1b7e76333a372\System.ni.dll
MOD - [2013/01/09 17:18:55 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\f86110621e29c00e2db8f462781529fe\mscorlib.ni.dll
MOD - [2012/12/12 13:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 18:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 18:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/08/31 18:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/16 03:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\ACPIDll.dll
MOD - [2010/11/21 11:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010/11/21 11:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/11 05:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/11/05 20:44:31 | 000,309,760 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/11/05 20:44:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/03/26 09:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/10/11 18:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/06/17 20:13:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/07 06:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 09:28:54 | 000,161,384 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013/01/10 10:49:48 | 000,202,048 | ---- | M] (Just Orange) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN\Service\wlcommsvc.exe -- (wlcommsvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/29 18:08:32 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/08/29 18:08:00 | 000,397,176 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/03/07 01:08:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/16 05:36:16 | 000,133,936 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/09/07 05:42:16 | 000,109,360 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/08/17 06:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/13 01:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/08 07:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 16:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/02 05:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/02 05:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/21 11:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/05/24 21:27:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/05 20:44:32 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/18 16:02:08 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/11/18 15:25:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/18 15:25:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/30 11:07:08 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/27 06:31:10 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/09/09 09:02:24 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/08/24 13:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/24 05:48:22 | 000,016,152 | ---- | M] (n/a) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NWWakeFilterV.sys -- (NWWakeFilterV)
DRV:64bit: - [2011/06/24 05:48:18 | 000,016,152 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011/06/24 05:48:16 | 000,028,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWVoltron.sys -- (NWVoltron)
DRV:64bit: - [2011/05/05 08:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/26 10:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/26 10:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/26 10:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/26 10:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/26 10:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 12:01:20 | 001,212,416 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV:64bit: - [2010/10/20 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/13 20:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/23 11:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/08/29 18:08:28 | 000,074,616 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\dou dou\Downloads
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\dou dou\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dou dou\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dll
CHR - plugin: 360\u7F51\u76FE (Enabled) = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo\1.0_0\plugin/360webshield.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dou dou\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: XunLei Plugin (Enabled) = D:\Thunder Network\data\npxunlei1.0.0.1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: AdBlock = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: Skip video ads on Youtube = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanobjfgoogmilhpmlciifoaflmojigf\0.1.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\dou dou\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/05 23:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [systray] C:\Windows\SysWOW64\systray.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1113064780-694992294-3566763946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.50
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053F7BFD-2D08-4426-8F68-504CBC8B65D3}: DhcpNameServer = 192.168.0.50
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/08 17:03:29 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\RK_Quarantine
[2013/07/08 16:59:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/08 11:53:45 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\PowerCinema
[2013/07/07 11:27:49 | 000,000,000 | --SD | C] -- C:\kankan
[2013/07/07 11:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
[2013/07/06 14:51:51 | 005,635,016 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/07/06 14:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/07/06 14:26:15 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp90.dll
[2013/07/06 14:26:14 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr90.dll
[2013/07/06 14:26:13 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl90.dll
[2013/07/06 12:46:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/05 23:21:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/05 23:07:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/05 11:17:07 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/03 20:29:42 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2013/07/02 23:11:49 | 000,000,000 | ---D | C] -- C:\Users\dou dou\minecraft
[2013/07/02 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Malwarebytes
[2013/07/02 23:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/02 23:09:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/02 23:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/02 22:34:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/02 22:34:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/02 22:34:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/02 22:32:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/02 22:30:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/02 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264 Video Codec
[2013/07/01 22:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/06/27 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oxeye Games
[2013/06/20 11:05:31 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\Rockstar Games
[2013/06/20 09:51:04 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Local\Rockstar Games
[2013/06/19 09:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arab-GB
[2013/06/17 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA4
[2013/06/15 22:00:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/15 22:00:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/13 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\National Geographic and other Educational Books
[2013/06/13 09:14:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/13 09:14:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/13 09:14:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/13 09:11:46 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/13 09:11:46 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/12 09:30:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 09:30:14 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 09:28:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 09:28:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 09:28:06 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 09:27:58 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 09:27:58 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 09:27:58 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 09:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/12 09:23:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/12 09:23:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/12 09:23:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/12 09:23:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/12 09:23:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/12 09:23:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/12 09:23:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/12 09:23:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/12 09:23:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 09:23:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/12 09:23:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/12 09:23:00 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/11 12:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/06/10 22:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sketchpad5
[2013/06/10 19:23:52 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Documents\CompleteNatGeo
[2013/06/10 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1
[2013/06/09 20:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Geographic
[2013/06/09 20:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Geographic
[2013/06/09 20:44:05 | 000,000,000 | ---D | C] -- C:\Users\dou dou\Desktop\download
[2013/06/09 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Bitcoin
[2013/06/08 23:08:17 | 000,000,000 | ---D | C] -- C:\Users\dou dou\AppData\Roaming\Armory
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/08 17:08:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/08 17:08:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/08 17:01:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordou dou.job
[2013/07/08 17:00:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/08 17:00:46 | 2132,000,767 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/08 17:00:14 | 4086,894,591 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td
[2013/07/08 17:00:14 | 4085,682,175 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td
[2013/07/08 17:00:14 | 3824,881,663 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td
[2013/07/08 14:31:38 | 001,630,666 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg
[2013/07/08 11:53:13 | 000,144,045 | ---- | M] () -- C:\Users\dou dou\Desktop\full ishow screen.gif
[2013/07/08 11:49:58 | 000,797,935 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg
[2013/07/08 09:48:03 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/07 20:01:49 | 4113,305,599 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td
[2013/07/07 20:01:49 | 3236,171,776 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td
[2013/07/07 20:01:49 | 2919,178,240 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td
[2013/07/07 20:01:49 | 000,258,423 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg
[2013/07/07 20:01:49 | 000,145,730 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg
[2013/07/07 20:01:49 | 000,111,049 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg
[2013/07/07 20:01:48 | 001,811,459 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg
[2013/07/07 17:46:55 | 000,035,350 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile_u
[2013/07/07 17:46:50 | 000,000,016 | ---- | M] () -- C:\Users\dou dou\Documents\keyfile
[2013/07/06 16:36:16 | 000,008,017 | ---- | M] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip
[2013/07/05 23:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/05 21:15:22 | 000,000,102 | ---- | M] () -- C:\Windows\SysWow64\config.properties
[2013/07/03 21:11:42 | 000,726,439 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg
[2013/07/02 23:09:02 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/02 22:18:49 | 4103,639,039 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td
[2013/06/27 17:29:27 | 000,000,915 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini
[2013/06/25 07:53:23 | 005,635,016 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013/06/25 07:45:13 | 000,005,588 | ---- | M] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013/06/18 09:26:38 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/17 20:13:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/17 20:13:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/17 17:44:34 | 000,803,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/17 17:44:34 | 000,668,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/17 17:44:34 | 000,128,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 16:44:53 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue
[2013/06/11 10:27:25 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue
[2013/06/11 10:27:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue
[2013/06/11 10:15:39 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue
[2013/06/10 22:33:28 | 000,001,536 | ---- | M] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat
[2013/06/10 22:15:24 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\几何画板.lnk
[2013/06/10 22:01:00 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue
[2013/06/10 21:50:16 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue
[2013/06/10 18:17:58 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue
[2013/06/10 11:56:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2013/06/10 09:02:48 | 000,000,071 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue
[2013/06/09 20:49:56 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk
[2013/06/09 20:30:22 | 119,554,637 | ---- | M] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air
[2013/06/08 22:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 19:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[10 C:\Users\dou dou\Desktop\*.tmp files -> C:\Users\dou dou\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/08 11:53:11 | 000,144,045 | ---- | C] () -- C:\Users\dou dou\Desktop\full ishow screen.gif
[2013/07/06 16:36:16 | 000,008,017 | ---- | C] () -- C:\Users\dou dou\Desktop\X-Ray-Mod-Fly-1.6.1.zip
[2013/07/06 14:51:43 | 000,005,588 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013/07/05 21:14:46 | 000,000,102 | ---- | C] () -- C:\Windows\SysWow64\config.properties
[2013/07/02 23:09:02 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/02 22:34:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/02 22:34:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/02 22:34:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/02 22:34:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/02 22:34:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/12 18:32:23 | 3236,171,776 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td
[2013/06/12 18:32:23 | 000,145,730 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.bin.emule.td.cfg
[2013/06/11 16:44:53 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集08.泰坦尼克号的秘密]The.Complete.National.Geographic.Secrets.Of.Titanic.cue
[2013/06/11 10:27:25 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.cue
[2013/06/11 10:27:16 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.cue
[2013/06/11 10:15:39 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集06]The.Complete.National.Geographic.Disc.6.1888.10-1925.05.cue
[2013/06/10 22:33:28 | 000,001,536 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\Sketchpad 5 Preferences.dat
[2013/06/10 22:15:24 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\几何画板.lnk
[2013/06/10 22:01:00 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.cue
[2013/06/10 18:17:57 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.cue
[2013/06/10 11:56:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013/06/10 09:02:48 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.cue
[2013/06/10 08:36:29 | 3824,881,663 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td
[2013/06/10 08:36:29 | 001,630,666 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集01]The.Complete.National.Geographic.Disc.1.1995.08-2008.12.bin.emule.td.cfg
[2013/06/10 08:34:14 | 2919,178,240 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td
[2013/06/10 08:34:14 | 000,111,049 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集07.赠送盘]The.Complete.National.Geographic.Bonus.bin.emule.td.cfg
[2013/06/09 20:50:24 | 000,000,071 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.cue
[2013/06/09 20:49:56 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\The Complete National Geographic.lnk
[2013/06/09 20:44:21 | 4086,894,591 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td
[2013/06/09 20:40:05 | 4085,682,175 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td
[2013/06/09 20:39:50 | 000,797,935 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集04]The.Complete.National.Geographic.Disc.4.1946.05-1963.02.bin.emule.td.cfg
[2013/06/09 20:35:55 | 4103,639,039 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td
[2013/06/09 20:33:56 | 001,811,459 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集05]The.Complete.National.Geographic.Disc.5.1925.06-1946.04.bin.emule.td.cfg
[2013/06/09 20:32:10 | 000,726,439 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集03]The.Complete.National.Geographic.Disc.3.1963.03-1978.12.bin.emule.td.cfg
[2013/06/09 20:32:07 | 4113,305,599 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td
[2013/06/09 20:32:07 | 000,258,423 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集02]The.Complete.National.Geographic.Disc.2.1979.01-1995.07.bin.emule.td.cfg
[2013/06/09 20:28:58 | 119,554,637 | ---- | C] () -- C:\Users\dou dou\Desktop\[美国国家地理杂志1888-2008年DVD合集.浏览器升级包版本1.59(有移动和旋转页面功能了)]CNGViewer-1.59.air
[2013/01/17 19:38:35 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013/01/17 18:47:37 | 000,000,600 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\winscp.rnd
[2013/01/16 21:11:13 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/16 21:11:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/09 15:02:34 | 000,110,223 | ---- | C] () -- C:\Users\dou dou\final_bstSnapshot_36619.jpg
[2012/07/06 19:46:58 | 000,000,548 | ---- | C] () -- C:\Users\dou dou\test.trace.db
[2012/07/06 19:46:27 | 000,026,624 | ---- | C] () -- C:\Users\dou dou\test.h2.db
[2012/07/06 19:46:27 | 000,000,188 | ---- | C] () -- C:\Users\dou dou\.h2.server.properties
[2012/06/29 20:20:18 | 000,007,600 | ---- | C] () -- C:\Users\dou dou\AppData\Local\Resmon.ResmonCfg
[2012/06/02 21:05:06 | 000,000,915 | ---- | C] () -- C:\Users\dou dou\AppData\Roaming\coreavc.ini
[2012/05/28 22:41:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/07 23:04:40 | 000,000,070 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.ini
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbt
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbs
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbp
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbm
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbj
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbe
[2012/04/07 23:04:40 | 000,000,032 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbc
[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cbg
[2012/04/07 23:04:40 | 000,000,026 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cba
[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cit
[2012/04/07 23:04:40 | 000,000,012 | ---- | C] () -- C:\Users\dou dou\Chess database for all good games.cib
[2012/04/04 18:52:37 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat
[2012/03/25 17:09:53 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/07 04:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\èú?á1áí¨) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÈÚ»á¹áͨ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±?·?ó°ò?5) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\±©·çÓ°Òô5
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??à×èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ѸÀ×Èí¼þ
 
< End of report >
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Do a new scan with roguekiller and hit delete afterwards.

Export and post up the report.

 

 

Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTLC:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
    D:\Program Files\SogouInput
    :commands
    [emptytemp]

  • Return to OTL, right click in the "Custom Scans/Fixes" section and choose Paste.
  • Click the red Run Fix button.
  • OTL may ask to reboot the machine. Please do so.
  • If OTL did not reboot the machine, click OK and the log will open. Post the contents of the log in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

    Also post a new OTL log.

 

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Run Malwarebytes´ Antimalware.
  • Once the program has loaded, select Perform full scan, mark all your hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites