Jump to content

malwarebytes blocked potentially malicious website


Recommended Posts

Hi there.

I have this recurring popup every couple of minutes from MalwareBytes saying MalwareBytes has successfully blocked access to a potentially malicious website "219.139.81.6".

type:outgoing

port: 62274

process:svchost.exe

and sometimes this: "process:mdnresponder.exe"

The problem I facing now is, I couldn't connect to Facebook, Twitter and Youtube by using Google Chrome, Internet Explorer and Firefox. Sometimes I could log in to Facebook, but just for a couple minutes. In Google Chromes, it stated that

Oops! Google Chrome could not connect to www.facebook.com

Suggestions:

Access a cached copy of www.­facebook.­com/­

Try reloading: www.­facebook.­com/­

Search on Google:

BUT I can connect to other webpages.

***********

By the way, this is my Malwarebytes' scan report:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7504

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

19/8/2011 4:52:50 PM

mbam-log-2011-08-19 (16-52-50).txt

Scan type: Full scan (C:\|D:\|F:\|)

Objects scanned: 568115

Time elapsed: 1 hour(s), 32 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*****

and this is my Avira antivirus scan log:

Avira AntiVir Personal

Report file date: Friday, 19 August, 2011 16:56

Scanning for 3268970 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (Service Pack 1) [6.1.7601]

Boot mode : Normally booted

Username : User

Computer name : USER-PC

Version information:

BUILD.DAT : 10.2.0.700 35934 Bytes 2011/7/21 17:12:00

AVSCAN.EXE : 10.3.0.7 484008 Bytes 2011/8/19 05:36:45

AVSCAN.DLL : 10.0.5.0 47464 Bytes 2011/8/19 05:36:45

LUKE.DLL : 10.3.0.5 45416 Bytes 2011/8/19 05:36:45

LUKERES.DLL : 10.0.0.1 12648 Bytes 2010/2/10 16:40:49

AVSCPLR.DLL : 10.3.0.7 119656 Bytes 2011/8/19 05:36:45

AVREG.DLL : 10.3.0.9 88833 Bytes 2011/8/19 05:36:45

VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009/11/6 02:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010/12/14 23:53:55

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011/2/9 23:53:56

VBASE003.VDF : 7.11.5.225 1980416 Bytes 2011/4/7 03:30:38

VBASE004.VDF : 7.11.8.178 2354176 Bytes 2011/5/31 03:30:40

VBASE005.VDF : 7.11.10.251 1788416 Bytes 2011/7/7 03:30:41

VBASE006.VDF : 7.11.13.60 6411776 Bytes 2011/8/16 05:21:30

VBASE007.VDF : 7.11.13.61 2048 Bytes 2011/8/16 05:21:30

VBASE008.VDF : 7.11.13.62 2048 Bytes 2011/8/16 05:21:30

VBASE009.VDF : 7.11.13.63 2048 Bytes 2011/8/16 05:21:30

VBASE010.VDF : 7.11.13.64 2048 Bytes 2011/8/16 05:21:31

VBASE011.VDF : 7.11.13.65 2048 Bytes 2011/8/16 05:21:31

VBASE012.VDF : 7.11.13.66 2048 Bytes 2011/8/16 05:21:31

VBASE013.VDF : 7.11.13.95 166400 Bytes 2011/8/17 05:21:35

VBASE014.VDF : 7.11.13.125 209920 Bytes 2011/8/18 05:21:40

VBASE015.VDF : 7.11.13.126 2048 Bytes 2011/8/18 05:21:40

VBASE016.VDF : 7.11.13.127 2048 Bytes 2011/8/18 05:21:40

VBASE017.VDF : 7.11.13.128 2048 Bytes 2011/8/18 05:21:41

VBASE018.VDF : 7.11.13.129 2048 Bytes 2011/8/18 05:21:41

VBASE019.VDF : 7.11.13.130 2048 Bytes 2011/8/18 05:21:41

VBASE020.VDF : 7.11.13.131 2048 Bytes 2011/8/18 05:21:41

VBASE021.VDF : 7.11.13.132 2048 Bytes 2011/8/18 05:21:42

VBASE022.VDF : 7.11.13.133 2048 Bytes 2011/8/18 05:21:42

VBASE023.VDF : 7.11.13.134 2048 Bytes 2011/8/18 05:21:42

VBASE024.VDF : 7.11.13.135 2048 Bytes 2011/8/18 05:21:42

VBASE025.VDF : 7.11.13.136 2048 Bytes 2011/8/18 05:21:43

VBASE026.VDF : 7.11.13.137 2048 Bytes 2011/8/18 05:21:43

VBASE027.VDF : 7.11.13.138 2048 Bytes 2011/8/18 05:21:43

VBASE028.VDF : 7.11.13.139 2048 Bytes 2011/8/18 05:21:43

VBASE029.VDF : 7.11.13.140 2048 Bytes 2011/8/18 05:21:44

VBASE030.VDF : 7.11.13.141 2048 Bytes 2011/8/18 05:21:44

VBASE031.VDF : 7.11.13.144 2048 Bytes 2011/8/18 05:21:44

Engineversion : 8.2.6.32

AEVDF.DLL : 8.1.2.1 106868 Bytes 2011/4/20 23:53:28

AESCRIPT.DLL : 8.1.3.74 1622393 Bytes 2011/8/19 05:22:46

AESCN.DLL : 8.1.7.2 127349 Bytes 2011/4/20 23:53:27

AESBX.DLL : 8.2.1.34 323957 Bytes 2011/7/20 03:29:54

AERDL.DLL : 8.1.9.13 639349 Bytes 2011/7/20 03:29:53

AEPACK.DLL : 8.2.9.5 676214 Bytes 2011/7/20 03:29:53

AEOFFICE.DLL : 8.1.2.13 201083 Bytes 2011/8/19 05:22:37

AEHEUR.DLL : 8.1.2.155 3617144 Bytes 2011/8/19 05:22:35

AEHELP.DLL : 8.1.17.7 254327 Bytes 2011/8/19 05:21:56

AEGEN.DLL : 8.1.5.7 401778 Bytes 2011/8/19 05:21:53

AEEMU.DLL : 8.1.3.0 393589 Bytes 2011/4/20 23:53:14

AECORE.DLL : 8.1.22.4 196983 Bytes 2011/7/20 03:29:42

AEBB.DLL : 8.1.1.0 53618 Bytes 2011/4/20 23:53:14

AVWINLL.DLL : 10.0.0.0 19304 Bytes 2011/4/20 23:53:36

AVPREF.DLL : 10.0.3.2 44904 Bytes 2011/8/19 05:36:45

AVREP.DLL : 10.0.0.10 174120 Bytes 2011/8/19 05:36:45

AVARKT.DLL : 10.0.26.1 255336 Bytes 2011/8/19 05:36:45

AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 2011/8/19 05:36:45

SQLITE3.DLL : 3.6.19.0 355688 Bytes 2011/7/20 08:40:24

AVSMTP.DLL : 10.0.0.17 63848 Bytes 2011/4/20 23:53:36

NETNT.DLL : 10.0.0.0 11624 Bytes 2011/4/20 23:53:46

RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 2011/8/19 05:36:45

RCTEXT.DLL : 10.0.64.0 97640 Bytes 2011/8/19 05:36:45

Configuration settings for the scan:

Jobname.............................: Local Drives

Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp

Logging.............................: Default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:, E:, F:, I:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: Advanced

Start of the scan: Friday, 19 August, 2011 16:56

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'QvodTerminal.exe' - '1' Module(s) have been scanned

Scan process 'QvodPlayer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'chrome.exe' - '1' Module(s) have been scanned

Scan process 'TFGui.exe' - '1' Module(s) have been scanned

Scan process 'NASvc.exe' - '1' Module(s) have been scanned

Scan process 'TFTray.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'acrotray.exe' - '1' Module(s) have been scanned

Scan process 'NBAgent.exe' - '1' Module(s) have been scanned

Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned

Scan process 'PPAP.exe' - '1' Module(s) have been scanned

Scan process 'PPSAP.exe' - '1' Module(s) have been scanned

Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned

Scan process 'LXCZbmgr.exe' - '1' Module(s) have been scanned

Scan process 'GUI.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'TFService.exe' - '1' Module(s) have been scanned

Scan process 'nvSCPAPISvr.exe' - '1' Module(s) have been scanned

Scan process 'RichVideo.exe' - '1' Module(s) have been scanned

Scan process 'PsiService_2.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'PassThruSvr.exe' - '1' Module(s) have been scanned

Scan process 'raysat_3dsmax2010_64server.exe' - '1' Module(s) have been scanned

Scan process 'mdm.exe' - '1' Module(s) have been scanned

Scan process 'GPCommonService.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'armsvc.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '231' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'D:\'

Begin scan in 'E:\'

Search path E:\ could not be opened!

System error [21]: The device is not ready.

Begin scan in 'F:\' <SAN10GM>

Begin scan in 'I:\'

Search path I:\ could not be opened!

System error [21]: The device is not ready.

End of the scan: Friday, 19 August, 2011 18:46

Used time: 1:49:27 Hour(s)

The scan has been done completely.

45498 Scanned directories

1506783 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

1506783 Files not concerned

10168 Archives were scanned

0 Warnings

0 Notes

I am panic! Please tell me what to do now in order to get your attention please...

Thank you! :)

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Hi. I downloaded both DDS. When I run one of the DDS, it opened a notepad written: MZ ÿÿ ¸ @ Ø º ´ Í!¸LÍ!This program cannot be run in DOS mode.

There're lots of unknown characters after that.

I restart my computer, disable AVIRA by right click the icon and untick ENABLE, the umbrella is close now.

And then I disconnect from internet, double click on the DDS icon, it still come out with notepad written the program cannot be run in DOS mode....

:unsure::unsure::unsure:

Link to post
Share on other sites

Please run this scan instead.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL.txt

OTL logfile created on: 21/8/2011 5:02:08 PM - Run 1

OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

5.98 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.33% Memory free

11.97 Gb Paging File | 9.82 Gb Available in Paging File | 82.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 244.04 Gb Total Space | 103.59 Gb Free Space | 42.45% Space Free | Partition Type: NTFS

Drive D: | 221.62 Gb Total Space | 106.49 Gb Free Space | 48.05% Space Free | Partition Type: NTFS

Drive F: | 498.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/21 17:01:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

PRC - [2011/08/19 13:36:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/08/06 10:21:27 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2011/08/05 17:16:22 | 000,442,232 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/05/27 18:15:02 | 000,267,952 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\ProgramData\Thunder Network\Thunder\addins\InMediaAddin\ThunderMinisite.exe

PRC - [2011/05/27 18:14:58 | 001,002,672 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe

PRC - [2011/05/27 18:14:56 | 000,173,744 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\ThunderPlatform.exe

PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/03/17 18:49:26 | 000,570,760 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\QvodPlayer\QvodTerminal.exe

PRC - [2011/03/17 15:00:20 | 002,622,856 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\QvodPlayer\QvodPlayer.exe

PRC - [2011/02/22 11:49:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/10/08 10:24:12 | 000,090,112 | ---- | M] (Green Packet Inc.) -- C:\Program Files\P1\P1 4G\GPCommonService.exe

PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/04/03 01:27:32 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe

PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe

PRC - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

PRC - [2007/02/09 06:52:06 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe

PRC - [2007/02/09 06:51:54 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/06 10:21:25 | 000,400,440 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll

MOD - [2011/08/06 10:21:24 | 004,118,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\pdf.dll

MOD - [2011/08/06 10:19:58 | 000,104,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\avutil-50.dll

MOD - [2011/08/06 10:19:56 | 000,203,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\avformat-52.dll

MOD - [2011/08/06 10:19:55 | 001,846,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\avcodec-52.dll

MOD - [2011/08/06 08:29:30 | 006,338,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\13.0.782.112\gcswf32.dll

MOD - [2011/08/05 17:07:30 | 000,395,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\MngModule.dll

MOD - [2011/08/02 15:11:10 | 000,243,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\TipsClient.dll

MOD - [2011/08/02 15:11:10 | 000,143,720 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\kernel\FWUpnp.dll

MOD - [2011/05/27 18:14:32 | 000,052,400 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\XLCrypto.dll

MOD - [2011/05/27 18:14:18 | 000,015,336 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\dl_uac_tool.dll

MOD - [2011/05/27 18:14:18 | 000,015,336 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\dl_uac_tool.dll

MOD - [2011/05/27 18:13:30 | 000,319,488 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\sqlite3.dll

MOD - [2011/05/27 18:13:30 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libpng13.dll

MOD - [2011/05/27 18:13:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\libexpat.dll

MOD - [2011/05/27 18:13:30 | 000,143,360 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\libexpat.dll

MOD - [2011/05/27 18:13:30 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\zlib1.dll

MOD - [2011/05/27 18:13:30 | 000,059,904 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\zlib1.dll

MOD - [2011/05/27 18:13:30 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Thunder Network\Thunder\Program\minizip.dll

MOD - [2011/05/27 18:13:30 | 000,018,432 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\minizip.dll

MOD - [2011/05/27 18:13:30 | 000,012,288 | ---- | M] () -- c:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.67_1111\mini_unzip_dll.dll

MOD - [2010/10/24 14:58:12 | 002,457,671 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll

MOD - [2010/10/22 19:02:40 | 000,385,091 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll

MOD - [2010/10/22 10:41:36 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll

MOD - [2010/10/21 20:50:40 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll

MOD - [2010/10/19 20:27:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll

MOD - [2010/10/19 10:59:46 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll

MOD - [2010/09/30 08:45:46 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll

MOD - [2010/06/24 15:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll

MOD - [2010/06/10 15:52:24 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll

MOD - [2010/03/12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll

MOD - [2010/03/12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll

MOD - [2010/01/12 17:09:20 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll

MOD - [2009/12/22 16:52:04 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll

MOD - [2009/10/21 14:07:06 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll

MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU

MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

MOD - [2008/05/07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll

MOD - [2008/03/25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe

MOD - [2003/02/14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/02 00:31:08 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010/10/08 10:24:34 | 000,111,104 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\P1\P1 4G\GPCommonServicex64.exe -- (GPCommonService(64))

SRV:64bit: - [2010/10/08 10:24:12 | 000,090,112 | ---- | M] (Green Packet Inc.) [Auto | Running] -- C:\Program Files\P1\P1 4G\GPCommonService.exe -- (GPCommonService)

SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)

SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV:64bit: - [2007/02/09 06:51:08 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)

SRV - [2011/08/19 13:36:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/05/27 18:14:32 | 000,083,120 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Thunder Network\Thunder\Program\DctSer.dll -- (XLDoctor Service)

SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/02/22 11:49:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/02/21 19:26:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/06/13 04:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)

SRV - [2007/02/09 06:50:33 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxczcoms.exe -- (lxcz_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 13:36:45 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011/08/19 13:36:45 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011/05/06 12:32:26 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/16 00:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/12 07:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/09/03 13:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/07/27 09:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/07/27 09:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/07/05 10:39:12 | 000,154,112 | ---- | M] (MediaTek Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mt7118vu_x64.sys -- (MT7118VU)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/04/26 12:23:04 | 000,018,432 | ---- | M] (MediaTek Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mtkwmptv_x64.sys -- (MTKWMPROT)

DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV - [2011/08/21 12:39:13 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2011/08/21 12:39:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.155.com/?id=104295

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.6

FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.3.2.0

FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2011/04/25 19:32:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/04 18:49:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/05 20:32:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/03/15 00:08:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions

[2011/03/15 08:51:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/06/09 10:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions

[2011/04/10 08:57:41 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\v50v3vaf.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}

[2011/03/16 21:48:28 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\searchplugins\mywebsearch.xml

[2011/08/06 13:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/03/28 22:03:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011/08/06 13:00:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

File not found (No name found) --

[2011/07/04 18:49:35 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/08/06 12:59:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/05/09 19:05:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/06/08 14:51:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2011/02/21 19:25:18 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll (ShenZhen Xunlei Networking Technologies,LTD)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll (深圳市迅雷网络技术有限公司)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (ѸÀ×ÏÂÔØÖúÊÖ) - {B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll (ShenZhen Xunlei Networking Technologies,LTD)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime Alternative\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)

O4 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)

O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: facebook.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: pps.tv ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: ppstream.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1060712862-2128723342-4021548419-1000\..Trusted Domains: webscache.com ([]http in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 219.139.81.6 168.95.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/04/01 23:19:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2004/10/04 07:27:26 | 000,143,360 | R--- | M] () - F:\AUTORUN.EXE -- [ CDFS ]

O32 - AutoRun File - [2004/06/05 19:51:02 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{09c71d0c-5fe5-11e0-bea7-1c6f65a97709}\Shell - "" = AutoRun

O33 - MountPoints2\{09c71d0c-5fe5-11e0-bea7-1c6f65a97709}\Shell\AutoRun\command - "" = F:\P14GSetup.exe

O33 - MountPoints2\{0e74674b-5d49-11e0-87dd-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{0e74674b-5d49-11e0-87dd-806e6f6e6963}\Shell\AutoRun\command - "" = F:\P14GSetup.exe

O33 - MountPoints2\{9d2bf369-5f9a-11e0-8a0c-001ffb143984}\Shell - "" = AutoRun

O33 - MountPoints2\{9d2bf369-5f9a-11e0-8a0c-001ffb143984}\Shell\AutoRun\command - "" = J:\iStudio.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 16:59:45 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2011/08/21 09:53:50 | 000,607,017 | ---- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr

[2011/08/19 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira

[2011/08/19 13:12:46 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/08/19 13:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/19 13:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011/08/19 13:11:06 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011/08/19 13:11:06 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011/08/19 13:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011/08/19 13:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2011/08/19 09:54:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/08/19 09:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2011/08/14 00:32:02 | 000,000,000 | ---D | C] -- C:\FavoriteVideo

[2011/08/14 00:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPLive

[2011/08/14 00:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Jlcm

[2011/08/14 00:30:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PPLive

[2011/08/14 00:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLive

[2011/08/14 00:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PPLiveNetwork

[2011/08/14 00:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PPLive

[2011/08/12 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG

[2011/08/12 16:40:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG10

[2011/08/12 16:04:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2011/08/12 16:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2011/08/12 16:03:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

[2011/08/12 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2011/08/12 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2011/08/12 12:10:58 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/08/12 00:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft

[2011/08/12 00:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Kingsoft

[2011/08/12 00:52:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\nsklog

[2011/08/12 00:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft

[2011/08/12 00:33:30 | 000,153,632 | ---- | C] (youku.com) -- C:\Windows\SysWow64\ikutm.dll

[2011/08/12 00:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\youku

[2011/08/11 18:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2011/08/11 07:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/08/11 07:27:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Yahoo

[2011/08/11 07:27:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Yahoo!

[2011/08/10 17:10:53 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011/08/10 17:10:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/08/10 17:10:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/08/10 17:10:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/08/10 17:10:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/08/10 17:10:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/08/10 17:10:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/08/10 17:01:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2011/08/10 17:01:19 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2011/08/10 17:01:19 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2011/08/10 17:01:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2011/08/10 17:01:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2011/08/10 17:01:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2011/08/10 17:01:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2011/08/10 17:01:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2011/08/10 17:01:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2011/08/10 17:01:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2011/08/10 16:53:46 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2011/08/10 16:53:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2011/08/10 16:53:46 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2011/08/10 16:53:45 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2011/08/10 16:53:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2011/08/10 16:53:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2011/08/10 16:53:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2011/08/10 16:53:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2011/08/10 16:53:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2011/08/10 16:53:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2011/08/10 16:53:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2011/08/10 16:53:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2011/08/10 16:53:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2011/08/10 16:53:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2011/08/10 16:53:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2011/08/10 16:53:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2011/08/10 16:53:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2011/08/10 16:53:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2011/08/10 16:53:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2011/08/10 16:53:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2011/08/10 16:53:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2011/08/10 16:53:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2011/08/10 16:53:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2011/08/10 16:53:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2011/08/10 16:53:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2011/08/10 16:53:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2011/08/10 16:53:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2011/08/10 16:53:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2011/08/10 16:53:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2011/08/10 16:53:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2011/08/10 16:53:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2011/08/10 16:46:00 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2011/08/10 16:45:59 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2011/08/10 16:45:59 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2011/08/06 22:28:09 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011/08/06 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sunbelt Software

[2011/08/06 21:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011/08/06 13:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/08/06 13:00:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/08/06 13:00:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/08/06 13:00:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/08/05 22:13:11 | 049,089,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe

[2011/08/05 20:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/08/05 09:34:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro

[2011/08/05 09:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft ScreenHunter 5 Pro

[2011/08/05 09:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Pro

[2011/08/01 09:10:14 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\NG AH TECK

[2011/07/26 00:08:36 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\3dsMaxDesign

[2011/07/25 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\3ds Max Design 2010 Tutorials

[2011/07/25 23:27:18 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2011/07/25 23:27:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2011/07/25 23:27:18 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2011/07/25 23:27:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2011/07/25 23:27:17 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2011/07/25 23:27:17 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2011/07/24 02:42:14 | 000,000,000 | ---D | C] -- C:\GVODMedia

[2011/07/24 02:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\捃畦GVOD畦溫

[2011/07/24 02:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\GVODPlayer

[2011/07/24 02:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GVOD

[2011/07/22 20:46:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\World-Loom

[2011/02/26 16:28:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll

[2011/02/26 16:28:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll

[2011/02/26 16:28:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll

[2011/02/26 16:28:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll

[2011/02/26 16:28:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll

[2011/02/26 16:28:50 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe

[2011/02/26 16:28:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll

[2011/02/26 16:28:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll

[2011/02/26 16:28:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll

[2011/02/26 16:28:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe

[2011/02/26 16:28:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe

[2011/02/26 16:28:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll

[2011/02/26 16:28:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll

[2011/02/26 16:28:48 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll

[2011/02/26 16:28:48 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/21 17:01:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

[2011/08/21 16:15:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/08/21 15:15:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/08/21 12:46:11 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/08/21 12:46:11 | 000,020,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/08/21 12:39:13 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys

[2011/08/21 12:39:13 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref

[2011/08/21 12:39:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys

[2011/08/21 12:38:49 | 004,303,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/08/21 12:38:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/08/21 12:38:20 | 523,833,343 | -HS- | M] () -- C:\hiberfil.sys

[2011/08/21 12:24:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011/08/21 09:53:46 | 000,607,017 | ---- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr

[2011/08/19 19:28:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\admovie.jpg

[2011/08/19 13:36:45 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011/08/19 13:36:45 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011/08/19 13:28:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/19 13:11:15 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/08/19 10:30:48 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/08/17 21:58:39 | 001,209,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/08/17 21:58:39 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/08/17 21:58:39 | 000,380,576 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat

[2011/08/17 21:58:39 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/08/17 21:58:39 | 000,099,980 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat

[2011/08/15 15:01:20 | 005,153,452 | ---- | M] () -- C:\Users\User\Documents\HOME FEET.skp

[2011/08/15 14:46:53 | 005,152,341 | ---- | M] () -- C:\Users\User\Documents\HOME FEET.skb

[2011/08/15 14:03:17 | 000,026,337 | ---- | M] () -- C:\Users\User\Desktop\1b.jpg

[2011/08/15 14:03:14 | 000,026,337 | ---- | M] () -- C:\Users\User\Desktop\1b2.jpg

[2011/08/14 14:25:19 | 001,872,502 | ---- | M] () -- C:\Users\User\Documents\HOME.skp

[2011/08/14 00:30:56 | 000,001,116 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk

[2011/08/12 00:33:29 | 000,153,632 | ---- | M] (youku.com) -- C:\Windows\SysWow64\ikutm.dll

[2011/08/11 18:02:47 | 001,245,184 | ---- | M] () -- C:\Users\User\Desktop\setup_11.0.0.1245.x01_2011_08_11_13_09.exe

[2011/08/11 07:19:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2011/08/10 09:29:34 | 001,226,402 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/10 09:16:28 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011/08/06 22:28:51 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2011/08/06 22:28:51 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2011/08/06 22:28:09 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011/08/06 12:59:52 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2011/08/06 12:59:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2011/08/06 12:59:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2011/08/06 12:59:52 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2011/08/05 09:44:07 | 000,000,055 | ---- | M] () -- C:\Windows\ScreenHunter.INI

[2011/08/05 09:34:22 | 000,001,983 | ---- | M] () -- C:\Users\User\Desktop\ScreenHunter 5.1 Pro.lnk

[2011/08/02 15:11:00 | 000,709,992 | ---- | M] () -- C:\Windows\SysWow64\kindling.dll

[2011/07/25 23:29:20 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 64-bit.lnk

[2011/07/25 11:19:03 | 001,879,623 | ---- | M] () -- C:\Users\User\Documents\HOME.skb

[2011/07/24 09:01:07 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\cid_store.dat

[2011/07/23 23:16:33 | 000,001,369 | ---- | M] () -- C:\Users\User\Desktop\metric handbook - Shortcut.lnk

[2011/07/23 23:15:27 | 000,001,334 | ---- | M] () -- C:\Users\User\Desktop\neufert3th - Shortcut.lnk

[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 19:28:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\admovie.jpg

[2011/08/19 13:12:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/08/19 13:11:15 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2011/08/15 14:03:14 | 000,026,337 | ---- | C] () -- C:\Users\User\Desktop\1b2.jpg

[2011/08/15 14:00:34 | 000,026,337 | ---- | C] () -- C:\Users\User\Desktop\1b.jpg

[2011/08/14 14:27:05 | 005,152,341 | ---- | C] () -- C:\Users\User\Documents\HOME FEET.skb

[2011/08/14 14:26:01 | 005,153,452 | ---- | C] () -- C:\Users\User\Documents\HOME FEET.skp

[2011/08/14 00:30:56 | 000,001,116 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\PPTV .lnk

[2011/08/11 18:02:09 | 001,245,184 | ---- | C] () -- C:\Users\User\Desktop\setup_11.0.0.1245.x01_2011_08_11_13_09.exe

[2011/08/10 09:30:14 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2011/08/06 22:28:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011/08/06 22:28:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2011/08/05 09:43:56 | 000,000,055 | ---- | C] () -- C:\Windows\ScreenHunter.INI

[2011/08/05 09:34:22 | 000,001,983 | ---- | C] () -- C:\Users\User\Desktop\ScreenHunter 5.1 Pro.lnk

[2011/08/02 15:11:00 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll

[2011/07/25 23:29:20 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 64-bit.lnk

[2011/07/24 09:13:36 | 001,226,402 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/07/24 02:46:54 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\cid_store.dat

[2011/07/23 23:00:02 | 001,879,623 | ---- | C] () -- C:\Users\User\Documents\HOME.skb

[2011/07/23 22:50:37 | 001,872,502 | ---- | C] () -- C:\Users\User\Documents\HOME.skp

[2011/07/09 17:44:50 | 000,000,031 | ---- | C] () -- C:\Windows\wininit.ini

[2011/06/18 17:36:20 | 000,000,460 | ---- | C] () -- C:\Users\User\AppData\Roaming\Poladroid prefs.plist

[2011/06/06 20:35:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\tg0157b.ini

[2011/06/06 20:35:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\tg0157a.ini

[2011/06/06 20:35:55 | 000,000,016 | ---- | C] () -- C:\Windows\tg0157c.ini

[2011/06/06 20:35:55 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\22BSKDRK.dll

[2011/06/06 15:22:51 | 001,741,886 | ---- | C] () -- C:\Windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe

[2011/06/06 15:12:36 | 001,520,566 | ---- | C] () -- C:\Windows\Chicken Invaders 4 Uninstaller.exe

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/04/03 02:42:06 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat

[2011/03/28 22:17:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/03/16 10:00:19 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/06 15:38:44 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2011/02/26 16:45:36 | 000,000,092 | ---- | C] () -- C:\Windows\Lexstat.ini

[2011/02/26 16:28:53 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll

[2011/02/26 16:28:52 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll

[2011/02/23 09:51:35 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm

[2011/02/22 11:49:34 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/02/22 11:49:29 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/02/21 20:20:20 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011/02/21 20:20:20 | 000,000,088 | RHS- | C] () -- C:\ProgramData\B076AA7B14.sys

[2011/02/21 13:42:19 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/02/21 10:33:32 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/02/21 10:33:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/02/21 10:33:31 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/02/21 10:33:31 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/02/21 10:33:31 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/02/21 09:46:24 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys

[2011/02/21 09:37:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/02/21 09:34:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2009/08/27 15:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Files - Unicode (All) ==========

[2011/08/14 11:52:22 | 000,015,161 | ---- | M] ()(C:\Users\User\Documents\2002年度第94??班.docx) -- C:\Users\User\Documents\2002年度第94毕业班.docx

[2011/08/14 11:49:19 | 000,015,161 | ---- | C] ()(C:\Users\User\Documents\2002年度第94??班.docx) -- C:\Users\User\Documents\2002年度第94毕业班.docx

[2011/07/31 22:28:55 | 000,000,749 | ---- | M] ()(C:\Users\User\Desktop\第七?香妃城大???? - Shortcut.lnk) -- C:\Users\User\Desktop\第七届香妃城大专联谊会 - Shortcut.lnk

[2011/07/27 00:02:54 | 000,000,749 | ---- | C] ()(C:\Users\User\Desktop\第七?香妃城大???? - Shortcut.lnk) -- C:\Users\User\Desktop\第七届香妃城大专联谊会 - Shortcut.lnk

[2011/02/27 21:21:05 | 000,002,040 | ---- | M] ()(C:\Users\User\Desktop\千千?听.lnk) -- C:\Users\User\Desktop\千千静听.lnk

[2011/02/27 21:21:05 | 000,002,040 | ---- | C] ()(C:\Users\User\Desktop\千千?听.lnk) -- C:\Users\User\Desktop\千千静听.lnk

[2011/02/22 11:46:34 | 000,002,090 | ---- | M] ()(C:\Users\Public\Desktop\Need for Speed? Undercover.lnk) -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk

[2011/02/22 11:46:34 | 000,002,090 | ---- | C] ()(C:\Users\Public\Desktop\Need for Speed? Undercover.lnk) -- C:\Users\Public\Desktop\Need for Speed™ Undercover.lnk

(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音?入法) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法

(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\三?志 X) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\三国志 X

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Link to post
Share on other sites

Extra.txt

OTL Extras logfile created on: 21/8/2011 5:02:08 PM - Run 1

OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\User\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

5.98 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.33% Memory free

11.97 Gb Paging File | 9.82 Gb Available in Paging File | 82.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 244.04 Gb Total Space | 103.59 Gb Free Space | 42.45% Space Free | Partition Type: NTFS

Drive D: | 221.62 Gb Total Space | 106.49 Gb Free Space | 48.05% Space Free | Partition Type: NTFS

Drive F: | 498.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)

Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)

Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java 6 Update 26 (64-bit)

"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64

"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64

"{420461EA-8522-0409-B836-C9BFC6137A6D}" = Autodesk 3ds Max Design 2010 64-bit Components

"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English

"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{625855ED-DB93-4927-8C48-4BAB4C2C41B9}_is1" = P1 4G Connection Manager

"{64A3A4F4-B792-11D6-A78A-00B0D0160260}" = Java SE Development Kit 6 Update 26 (64-bit)

"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64

"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4

"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4

"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4

"{94D463D0-2B13-4181-9512-B27004B1151A}" = Autodesk Revit Architecture 2011 x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C9E49EC1-F125-0409-A5D1-452B98A1530A}" = Autodesk 3ds Max Design 2010 64-bit

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)

"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4

"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AutoCAD 2010 - English" = AutoCAD 2010 - English

"Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010 64-bit

"Autodesk Revit Architecture 2011 SP2" = Autodesk Revit Architecture 2011 x64 Update 2

"Autodesk Revit Architecture 2011 x64" = Autodesk Revit Architecture 2011 x64

"CCleaner" = CCleaner

"Lexmark 1200 Series" = Lexmark 1200 Series

"Lexmark Fax Solutions" = Lexmark Fax Solutions

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{1159F14B-1E9F-417F-925E-E0242276FEBB}_is1" = Shank

"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729

"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4

"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin

"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4

"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2

"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit

"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets

"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1

"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4

"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV

"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4

"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support

"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4

"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4

"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{7021CBFE-9C50-4BE0-A299-8F173E751302}" = Autodesk 3ds Max Design 2010 Tutorials Files

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4

"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®

"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4

"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4

"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007

"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007

"{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{923E3957-F939-453A-BD55-41CFB8D7F211}" = HTC Sync

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4

"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran蓷is, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.166

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4

"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4

"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content

"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect

"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729

"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module

"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C4F3587C-964E-466F-92BA-8F8DB9C509E9}_is1" = NBA 2K11

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{C90ACAB5-D36E-406B-B59D-164694BE9B17}" = 仙劍奇俠傳四

"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw

"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4

"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM

"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover

"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup

"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4

"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"1489-3350-5074-6281" = JDownloader 0.9

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection

"Autodesk Design Review 2011" = Autodesk Design Review 2011

"Autorun Eater_is1" = Autorun Eater v2.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Chicken Invaders 4" = Chicken Invaders 4

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Cooking Dash 3 - Thrills and Spills - Collectors Edition1.0.1.145" = Cooking Dash 3 - Thrills and Spills - Collectors Edition

"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1

"Dead Rising 2_is1" = Dead Rising 2

"Diner Dash 5 Boom Collector's Edition H33T" = Diner Dash 5 Boom Collector's Edition H33T

"EA Download Manager" = EA Download Manager

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Farm Frenzy 3: Madagascar" = Farm Frenzy 3: Madagascar

"Fiddler2" = Fiddler2

"Fix-It-Up Eighties - Meet Kate's Parents" = Fix-It-Up Eighties - Meet Kate's Parents

"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2

"GOM Player" = GOM Player

"Google Chrome" = Google Chrome

"GVOD_is1" = 捃畦GVOD畦溫

"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1

"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{C90ACAB5-D36E-406B-B59D-164694BE9B17}" = 仙劍奇俠傳四

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.8.0

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)

"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Picasa 3" = Picasa 3

"PPLive" = PPTV V3.0.4.0008

"PPSGame" = PPS蚔牁 V1.0.1.322

"PPStream" = PPStream V2.7.0.1226 Final

"PRJPRO" = Microsoft Office Project Professional 2007

"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2

"RealAlt_is1" = Real Alternative 2.0.2

"Soap Opera Dash1.0.1.128" = Soap Opera Dash

"Sogou Input" = 搜狗拼音输入法 5.2正式版

"SpongeBob DinerDash 21.0" = SpongeBob DinerDash 2

"thunder_is1" = 捃濘7

"TTPlayer" = 千千静听 5.7正式版

"VISPRO" = Microsoft Office Visio Professional 2007

"V-Ray for SketchUp 1.48.89" = V-Ray for SketchUp

"Wedding Dash 4-Ever1.0.1.174" = Wedding Dash 4-Ever

"WinLiveSuite" = Windows Live Essentials

"Wisdom-soft Set up ScreenHunter 5.1 Pro" = Wisdom-soft Set up ScreenHunter 5.1 Pro

"Yahoo! Messenger" = Yahoo! Messenger

"富甲天下5 中文完美破解版_is1" = 富甲天下5

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 13/8/2011 12:10:19 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Reseting to Probing: 16 User-PC.local.

AAAA FE80:0000:0000:0000:315D:AC49:41FC:AF2E

Error - 13/8/2011 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: Received from 192.168.1.5:49152 4 user-PC.local.

Addr 192.168.1.5

Error - 13/8/2011 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 User-PC.local.

Addr 192.168.1.2

Error - 13/8/2011 12:10:20 PM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = Local Hostname User-PC.local already in use; will try User-PC-2.local

instead

Error - 18/8/2011 10:02:13 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/8/2011 10:02:13 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9984

Error - 18/8/2011 10:02:13 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9984

Error - 18/8/2011 9:53:27 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 18/8/2011 9:54:53 PM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary SASKUTIL. System Error: The system cannot find the file specified. .

Error - 20/8/2011 11:41:44 PM | Computer Name = User-PC | Source = Application Error | ID = 1000

Description = Faulting application name: QvodTerminal.exe, version: 3.5.0.65, time

stamp: 0x4d81e605 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time

stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x00034388 Faulting process

id: 0x55c Faulting application start time: 0x01cc5fb4360d9b01 Faulting application

path: C:\QvodPlayer\QvodTerminal.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

Id: 7cfb93ac-cba7-11e0-8732-1c6f65a97709

[ Media Center Events ]

Error - 6/5/2011 10:00:40 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 10:00:40 PM - Error connecting to the internet. 10:00:40 PM - Unable

to contact server..

Error - 6/5/2011 10:00:51 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 10:00:45 PM - Error connecting to the internet. 10:00:45 PM - Unable

to contact server..

Error - 9/5/2011 3:08:57 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 3:08:56 PM - Error connecting to the internet. 3:08:57 PM - Unable

to contact server..

Error - 9/5/2011 3:09:06 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 3:09:02 PM - Error connecting to the internet. 3:09:02 PM - Unable

to contact server..

Error - 9/5/2011 4:09:11 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 4:09:11 PM - Error connecting to the internet. 4:09:11 PM - Unable

to contact server..

Error - 9/5/2011 4:09:17 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 4:09:16 PM - Error connecting to the internet. 4:09:16 PM - Unable

to contact server..

Error - 9/5/2011 5:09:21 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 5:09:21 PM - Error connecting to the internet. 5:09:21 PM - Unable

to contact server..

Error - 9/5/2011 5:09:27 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 5:09:26 PM - Error connecting to the internet. 5:09:26 PM - Unable

to contact server..

Error - 9/5/2011 6:09:31 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 6:09:31 PM - Error connecting to the internet. 6:09:31 PM - Unable

to contact server..

Error - 9/5/2011 6:09:37 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0

Description = 6:09:36 PM - Error connecting to the internet. 6:09:36 PM - Unable

to contact server..

[ System Events ]

Error - 20/8/2011 9:41:34 PM | Computer Name = User-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 20/8/2011 9:42:20 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 20/8/2011 9:58:44 PM | Computer Name = User-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 20/8/2011 9:59:40 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 20/8/2011 11:27:44 PM | Computer Name = User-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 20/8/2011 11:28:47 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 21/8/2011 12:08:44 AM | Computer Name = User-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 21/8/2011 12:09:36 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

Error - 21/8/2011 12:38:12 AM | Computer Name = User-PC | Source = sptd | ID = 262148

Description = Driver detected an internal error in its data structures for .

Error - 21/8/2011 12:39:05 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

sptd

< End of report >

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Sorry, it produced some chinese font, does it matter?

If yes, I change the display language (system locale of mine is traditional chinese) later. :)

Here is the LOG produced:

ComboFix 11-08-21.01 - User 8/2011 Sun 18:46:03.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4386 [GMT 8:00]

執行位置: c:\users\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功創造新還原點

.

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf

c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf

c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf

c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf

c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf

c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf

c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf

c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf

c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf

c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg

c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf

c:\favoritevideo\InvisibleFolder\20110801123635_guangqichuanqi110801zhu15s3.swf

c:\favoritevideo\InvisibleFolder\20110801123818_guangqichuanqi110801zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110801124028_guangqichuanqi11081cha15s.swf

c:\favoritevideo\InvisibleFolder\20110801185425_newbalance110801zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg

c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110804143802_shasha110804zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110804143934_shasha110804cha15s.swf

c:\favoritevideo\InvisibleFolder\20110804144043_shasha110804zanting.swf

c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg

c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf

c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf

c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf

c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf

c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf

c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf

c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf

c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf

c:\favoritevideo\InvisibleFolder\20110811182334_ludingji110812zanting.swf

c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812114240_kelingklei110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812114622_kelingklei110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf

c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf

c:\favoritevideo\InvisibleFolder\20110812131909_taobao110815qipao.swf

c:\favoritevideo\InvisibleFolder\20110812132155_taobao110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110812132502_taobao110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110812161119_qijishijie110814zanting.jpg

c:\favoritevideo\InvisibleFolder\20110812161335_qijishijie110814qipao.swf

c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812164719_zhengtu2110814qipao.swf

c:\favoritevideo\InvisibleFolder\20110812165402_zhengtu2110814zanting.swf

c:\favoritevideo\InvisibleFolder\20110812175654_paipaiwang110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812175859_paipaiwang110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812195519_yitiantulong110814zanting.swf

c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110813224859_baojun110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110814093631_shenmozhetian110814zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110814093818_shenmozhetian110814zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110814094956_shenmozhetian110814cha15s.swf

c:\favoritevideo\InvisibleFolder\20110815092802_yougouwang110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110815093313_yougouwang110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110815135603_aiyaya110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815135947_zhongsheng110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140135_bishengyuan110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140531_panpan110815jiaobiao1.swf

c:\favoritevideo\InvisibleFolder\20110815140632_kefaang110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140813_hanmei110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140855_panpan110815jiaobiao2.swf

c:\favoritevideo\InvisibleFolder\20110815141015_panpan110815jiaobiao3.swf

c:\favoritevideo\InvisibleFolder\20110815141052_ruizhou110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815141129_panpan110815jiaobiao4.swf

c:\favoritevideo\InvisibleFolder\20110815141241_panpan110815jiaobiao5.swf

c:\favoritevideo\InvisibleFolder\20110815141244_didou110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815141400_panpan110815jiaobiao6.swf

c:\favoritevideo\InvisibleFolder\20110815141528_panpan110815jiaobiao7.swf

c:\favoritevideo\InvisibleFolder\20110815141643_panpan110815jiaobiao8.swf

c:\favoritevideo\InvisibleFolder\20110815141649_bishengyuan110815jiaobao.swf

c:\favoritevideo\InvisibleFolder\20110815193655_aodili110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110815223356_baojun110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110816092049_qixiong110816zanting.swf

c:\favoritevideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110816130435_panpan110816jiaobiao1.swf

c:\favoritevideo\InvisibleFolder\20110816130634_panpan110816jiaobiao2.swf

c:\favoritevideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110816160943_lvsezhengtu110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816163807_taobao110818zanting.swf

c:\favoritevideo\InvisibleFolder\20110816164011_taobao110818qipao.swf

c:\favoritevideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110816171330_yingxiongwudi110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816173522_maibaobao110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110816181632_baojun110816zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110816182446_yitiantulong110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816182600_yitiantulong110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817093542_furenguo110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817093713_furenguo110817zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110817100238_furenguo110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110817131256_yingxiongwudi110817zantingnew.swf

c:\favoritevideo\InvisibleFolder\20110817161308_1haodian110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110817162100_1haodian110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817162445_chuanqi110817zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110817162636_chuanqi110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817162811_1haodian110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817163335_chuanqi110817zhu15sa.swf

c:\favoritevideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf

c:\favoritevideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf

c:\favoritevideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf

c:\favoritevideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf

c:\favoritevideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf

c:\favoritevideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf

c:\favoritevideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf

c:\favoritevideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf

c:\favoritevideo\InvisibleFolder\oplayer.ocx

c:\favoritevideo\InvisibleFolder\peer.dll

c:\favoritevideo\InvisibleFolder\pplss2.swf

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

c:\windows\SysWow64\User

c:\windows\SysWow64\User\User.dat

c:\windows\SysWow64\User\User.sav

c:\windows\SysWow64\User\users\controller_settings.bin

c:\windows\SysWow64\User\users\graphics_settings.bin

c:\windows\SysWow64\User\vuid

c:\windows\SysWow64\User\wins\and_it_continues

c:\windows\SysWow64\User\wins\father_forgive_me

c:\windows\SysWow64\User\wins\getting_started

c:\windows\SysWow64\User\wins\making_a_name

c:\windows\SysWow64\User\wins\revenge_is_sweet

c:\windows\SysWow64\User\wins\scars_from_the_past

c:\windows\SysWow64\User\wins\the_meating

c:\windows\SysWow64\User\wins\the_wrong_guy

.

.

((((((((((((((((((((((((( 2011-07-21 至 2011-08-21 的新的檔案 )))))))))))))))))))))))))))))))

.

.

2011-08-21 10:53 . 2011-08-21 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira

2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira

2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee

2011-08-13 16:32 . 2011-08-21 10:53 -------- d-----w- C:\FavoriteVideo

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive

2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG

2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files

2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10

2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG

2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG

2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData

2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft

2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft

2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog

2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft

2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku

2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll

2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp

2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo!

2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll

2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software

2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft

2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro

2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll

2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll

2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll

2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll

2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia

2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD

2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer

2011-07-22 12:46 . 2011-07-22 12:46 -------- d-----w- c:\users\User\AppData\Roaming\World-Loom

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-21 10:56 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-08-21 10:56 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys

2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll

2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp

2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll

2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe

2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe

2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ SOGOUPY.IME

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360]

S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104]

S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x]

S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-21 30528]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

‘計劃任務’ 文件夾 裡的內容

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- 而外的掃描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.155.com/?id=104295

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: facebook.com

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: webscache.com

TCP: DhcpNameServer = 219.139.81.6 168.95.1.1

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

BHO-{B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*]

"hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a,

6f,62,00,84

"gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d,

6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\

"iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69,

63,70,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ 其他運行進程 ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\GIGABYTE\ET6\GUI.exe

c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe

.

**************************************************************************

.

完成時間: 2011-08-21 19:01:56 - 電腦已重新啟動

ComboFix-quarantined-files.txt 2011-08-21 11:01

.

Pre-Run: 119,272,247,296 bytes free

Post-Run: 118,869,110,784 bytes free

.

- - End Of File - - 31E3E3F8001E55947876B04180C7B626

Link to post
Share on other sites

Here is the C:\Combofix.txt

Is it the same as i posted above?

ComboFix 11-08-21.01 - User 8/2011 Sun 18:46:03.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4386 [GMT 8:00]

執行位置: c:\users\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功創造新還原點

.

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\20101014160145_sasa101014jiao15s1.swf

c:\favoritevideo\InvisibleFolder\20101112103740_taobao101112cha15s.swf

c:\favoritevideo\InvisibleFolder\20101119115856_taobao101119cha15sman.swf

c:\favoritevideo\InvisibleFolder\20101119120106_taobao101119cha15swoman.swf

c:\favoritevideo\InvisibleFolder\20110128170117_wopaiwang110128zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110128172504_panpan110201jiaobiao.swf

c:\favoritevideo\InvisibleFolder\20110323093215_pptv110323zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110628183241_ipad110628zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110628183325_ipad110628zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110701201118_haiyanggongyuan110704cha15s.swf

c:\favoritevideo\InvisibleFolder\20110701201256_haiyanggongyuan110704zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110701201555_haiyanggongyuan110704jiao15s.swf

c:\favoritevideo\InvisibleFolder\20110705150125_pinganchexian110705zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110708110551_alibaba110711zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110714133021_pinganchexian110714zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110715105349_shenghuojia110715zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110715105538_shenghuojia110715zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110718115546_xinhuanzhugege110718zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110721145327_hushubao110701zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110721145938_hushubao110701cha15s.swf

c:\favoritevideo\InvisibleFolder\20110722215436_dongpeng110723jiaobiao.swf

c:\favoritevideo\InvisibleFolder\20110726144544_modengxinrenlei110726zanting.jpg

c:\favoritevideo\InvisibleFolder\20110726144832_modengxinrenlei110726zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110726145145_modengxinrenlei110726cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110726145412_xinhuanzhugege110726cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110729164352_maibaobao110801cha15s.swf

c:\favoritevideo\InvisibleFolder\20110801123635_guangqichuanqi110801zhu15s3.swf

c:\favoritevideo\InvisibleFolder\20110801123818_guangqichuanqi110801zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110801124028_guangqichuanqi11081cha15s.swf

c:\favoritevideo\InvisibleFolder\20110801185425_newbalance110801zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110803172239_xinshuihu110803zhu15s.jpg

c:\favoritevideo\InvisibleFolder\20110803172440_xinshuihu110803zanting15s.jpg

c:\favoritevideo\InvisibleFolder\20110803172633_xinshuihu110803cha15s.jpg

c:\favoritevideo\InvisibleFolder\20110804143802_shasha110804zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110804143934_shasha110804cha15s.swf

c:\favoritevideo\InvisibleFolder\20110804144043_shasha110804zanting.swf

c:\favoritevideo\InvisibleFolder\20110805164138_shandongliantong110805zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110809092713_tianzi110809zanting.jpg

c:\favoritevideo\InvisibleFolder\20110809192159_1haodian110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110809192620_1haodian110810zanting.swf

c:\favoritevideo\InvisibleFolder\20110809194200_guangqi110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110809194320_guangqi110810zanting.swf

c:\favoritevideo\InvisibleFolder\20110809194437_guangqi110810zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110810155839_renbaochexian110810houtie.swf

c:\favoritevideo\InvisibleFolder\20110810160157_renbaochexian110810cha15s.swf

c:\favoritevideo\InvisibleFolder\20110810160522_renbaochexian110810zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110810165108_maibaobao110811zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110810165314_maibaobao110811zanting.swf

c:\favoritevideo\InvisibleFolder\20110811104453_taobao110813qipao.swf

c:\favoritevideo\InvisibleFolder\20110811104812_taobao110813zanting.swf

c:\favoritevideo\InvisibleFolder\20110811105056_taobao110813cha15s.swf

c:\favoritevideo\InvisibleFolder\20110811115654_hrs110811cha15s.swf

c:\favoritevideo\InvisibleFolder\20110811182334_ludingji110812zanting.swf

c:\favoritevideo\InvisibleFolder\20110812094740_tianzi110812zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812114240_kelingklei110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812114622_kelingklei110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110812114859_yiqizaixian110812zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812120801_yougou110812zanting.swf

c:\favoritevideo\InvisibleFolder\20110812120948_yougou110812cha15s.swf

c:\favoritevideo\InvisibleFolder\20110812131909_taobao110815qipao.swf

c:\favoritevideo\InvisibleFolder\20110812132155_taobao110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110812132502_taobao110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110812161119_qijishijie110814zanting.jpg

c:\favoritevideo\InvisibleFolder\20110812161335_qijishijie110814qipao.swf

c:\favoritevideo\InvisibleFolder\20110812163227_ludingji110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812164719_zhengtu2110814qipao.swf

c:\favoritevideo\InvisibleFolder\20110812165402_zhengtu2110814zanting.swf

c:\favoritevideo\InvisibleFolder\20110812175654_paipaiwang110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812175859_paipaiwang110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110812181724_tankeshijie110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110812195519_yitiantulong110814zanting.swf

c:\favoritevideo\InvisibleFolder\20110812195646_yitiantulong110813zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110813224859_baojun110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110814093631_shenmozhetian110814zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110814093818_shenmozhetian110814zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110814094956_shenmozhetian110814cha15s.swf

c:\favoritevideo\InvisibleFolder\20110815092802_yougouwang110815zanting.swf

c:\favoritevideo\InvisibleFolder\20110815093313_yougouwang110815cha15s.swf

c:\favoritevideo\InvisibleFolder\20110815135603_aiyaya110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815135947_zhongsheng110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140135_bishengyuan110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140531_panpan110815jiaobiao1.swf

c:\favoritevideo\InvisibleFolder\20110815140632_kefaang110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140813_hanmei110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815140855_panpan110815jiaobiao2.swf

c:\favoritevideo\InvisibleFolder\20110815141015_panpan110815jiaobiao3.swf

c:\favoritevideo\InvisibleFolder\20110815141052_ruizhou110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815141129_panpan110815jiaobiao4.swf

c:\favoritevideo\InvisibleFolder\20110815141241_panpan110815jiaobiao5.swf

c:\favoritevideo\InvisibleFolder\20110815141244_didou110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110815141400_panpan110815jiaobiao6.swf

c:\favoritevideo\InvisibleFolder\20110815141528_panpan110815jiaobiao7.swf

c:\favoritevideo\InvisibleFolder\20110815141643_panpan110815jiaobiao8.swf

c:\favoritevideo\InvisibleFolder\20110815141649_bishengyuan110815jiaobao.swf

c:\favoritevideo\InvisibleFolder\20110815193655_aodili110815zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110815223356_baojun110815zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110816092049_qixiong110816zanting.swf

c:\favoritevideo\InvisibleFolder\20110816105102_qixiong110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110816130435_panpan110816jiaobiao1.swf

c:\favoritevideo\InvisibleFolder\20110816130634_panpan110816jiaobiao2.swf

c:\favoritevideo\InvisibleFolder\20110816134856_xuanwu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110816135034_xuanwu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110816160943_lvsezhengtu110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816163807_taobao110818zanting.swf

c:\favoritevideo\InvisibleFolder\20110816164011_taobao110818qipao.swf

c:\favoritevideo\InvisibleFolder\20110816164144_taobao110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110816171330_yingxiongwudi110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816173522_maibaobao110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110816181632_baojun110816zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110816182446_yitiantulong110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110816182600_yitiantulong110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817093542_furenguo110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817093713_furenguo110817zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110817100238_furenguo110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817115739_lvsezhengtu110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110817131256_yingxiongwudi110817zantingnew.swf

c:\favoritevideo\InvisibleFolder\20110817161308_1haodian110817zanting.swf

c:\favoritevideo\InvisibleFolder\20110817162100_1haodian110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817162445_chuanqi110817zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110817162636_chuanqi110817cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817162811_1haodian110817zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110817163213_yingxiongwuni110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110817163335_chuanqi110817zhu15sa.swf

c:\favoritevideo\InvisibleFolder\20110817181142_yitiantulong110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818152939_lvsezhengtu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110818162336_shenmodalu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818164320_yitiantulong110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818164444_yitiantulong110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110818171218_lanmiu110818zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818171520_lanmiu110818chabo.swf

c:\favoritevideo\InvisibleFolder\20110818171801_lanmiu110818zanting.swf

c:\favoritevideo\InvisibleFolder\20110818175600_qixiong110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110818181154_renbaochexian110818houtie.swf

c:\favoritevideo\InvisibleFolder\20110818181759_renbaochexian110818zanting15s.swf

c:\favoritevideo\InvisibleFolder\20110818182016_renbaochexian110818cha15s.swf

c:\favoritevideo\InvisibleFolder\20110819103927_lvsezhengtu110820zanting.swf

c:\favoritevideo\InvisibleFolder\20110819104727_lvsezhengtu110821zanting.swf

c:\favoritevideo\InvisibleFolder\20110819113251_bingchuanyuanzheng110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819150436_ludingji110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819175742_qixiong110820zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819181933_hanghaizhiwang110819huanchong15s.swf

c:\favoritevideo\InvisibleFolder\20110819182537_huanghangzhiwang110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110819182835_hanghaizhiwang110819chabo.swf

c:\favoritevideo\InvisibleFolder\20110819185932_lanmiu110819zhu15s.swf

c:\favoritevideo\InvisibleFolder\20110819190159_lanmiu110819zanting.swf

c:\favoritevideo\InvisibleFolder\20110819190411_lanmiu110819chabo.swf

c:\favoritevideo\InvisibleFolder\oplayer.ocx

c:\favoritevideo\InvisibleFolder\peer.dll

c:\favoritevideo\InvisibleFolder\pplss2.swf

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

c:\windows\SysWow64\User

c:\windows\SysWow64\User\User.dat

c:\windows\SysWow64\User\User.sav

c:\windows\SysWow64\User\users\controller_settings.bin

c:\windows\SysWow64\User\users\graphics_settings.bin

c:\windows\SysWow64\User\vuid

c:\windows\SysWow64\User\wins\and_it_continues

c:\windows\SysWow64\User\wins\father_forgive_me

c:\windows\SysWow64\User\wins\getting_started

c:\windows\SysWow64\User\wins\making_a_name

c:\windows\SysWow64\User\wins\revenge_is_sweet

c:\windows\SysWow64\User\wins\scars_from_the_past

c:\windows\SysWow64\User\wins\the_meating

c:\windows\SysWow64\User\wins\the_wrong_guy

.

.

((((((((((((((((((((((((( 2011-07-21 至 2011-08-21 的新的檔案 )))))))))))))))))))))))))))))))

.

.

2011-08-21 10:53 . 2011-08-21 10:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira

2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira

2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee

2011-08-13 16:32 . 2011-08-21 10:53 -------- d-----w- C:\FavoriteVideo

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive

2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG

2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files

2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10

2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG

2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG

2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData

2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft

2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft

2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog

2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft

2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku

2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll

2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp

2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo!

2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll

2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software

2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft

2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro

2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll

2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll

2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll

2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll

2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia

2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD

2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer

2011-07-22 12:46 . 2011-07-22 12:46 -------- d-----w- c:\users\User\AppData\Roaming\World-Loom

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-21 10:56 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-08-21 10:56 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys

2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll

2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp

2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll

2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe

2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe

2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ SOGOUPY.IME

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360]

S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104]

S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x]

S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-21 30528]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

‘計劃任務’ 文件夾 裡的內容

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- 而外的掃描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.155.com/?id=104295

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: facebook.com

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: webscache.com

TCP: DhcpNameServer = 219.139.81.6 168.95.1.1

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

BHO-{B0E2F470-0B07-48f0-B3B1-5749505FAE9B} - c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*]

"hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a,

6f,62,00,84

"gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d,

6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\

"iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69,

63,70,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ 其他運行進程 ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\GIGABYTE\ET6\GUI.exe

c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe

.

**************************************************************************

.

完成時間: 2011-08-21 19:01:56 - 電腦已重新啟動

ComboFix-quarantined-files.txt 2011-08-21 11:01

.

Pre-Run: 119,272,247,296 bytes free

Post-Run: 118,869,110,784 bytes free

.

- - End Of File - - 31E3E3F8001E55947876B04180C7B626

By the way, I let it scan and away from my computer. After awhile, the log already produced, I aint sure there was installation of Microsoft Windows Recovery Console or not.

Link to post
Share on other sites

Hi.

After run COMBOFIX, I noticed that my Photoshop needs serial number to run it. I think I maybe going to restore my computer to previous point because I need a lot of Adobe softwares.

Can we have different solution to fix my computer problem (remove malwares)?

I forgot my serial number already. :(

I still have my AUTOCAD exactly....

Link to post
Share on other sites

Hi.

Here is the combofix log.

ComboFix 11-08-21.01 - User 8/2011 Mon 9:09.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.6127.4519 [GMT 8:00]

執行位置: c:\users\User\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\favoritevideo\InvisibleFolder

c:\favoritevideo\InvisibleFolder\20110819153240_jianerma110822zanting15s.swf.tpp

c:\favoritevideo\InvisibleFolder\20110819161639_jianeng110822zhu15s.swf.tpp

c:\favoritevideo\InvisibleFolder\20110819161910_jianeng110822zanting15s.swf.tpp

c:\favoritevideo\InvisibleFolder\20110820105015_taobao110822zanting.swf.tpp

c:\favoritevideo\InvisibleFolder\20110820105756_taobao110822qipao.swf.tpp

c:\favoritevideo\InvisibleFolder\20110820110008_taobao110822cha15s.swf.tpp

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll

.

.

((((((((((((((((((((((((( 2011-07-22 至 2011-08-22 的新的檔案 )))))))))))))))))))))))))))))))

.

.

2011-08-22 01:17 . 2011-08-22 01:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-19 08:55 . 2011-08-19 08:55 -------- d-----w- c:\users\User\AppData\Roaming\Avira

2011-08-19 05:12 . 2011-07-06 11:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-19 05:11 . 2011-08-19 05:36 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-19 05:11 . 2011-08-19 05:36 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\programdata\Avira

2011-08-19 05:11 . 2011-08-19 05:11 -------- d-----w- c:\program files (x86)\Avira

2011-08-19 01:05 . 2011-08-19 01:05 -------- d-----w- c:\programdata\McAfee

2011-08-13 16:32 . 2011-08-22 01:17 -------- d-----w- C:\FavoriteVideo

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\programdata\Jlcm

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\users\User\AppData\Roaming\PPLive

2011-08-13 16:30 . 2011-08-13 16:32 -------- d-----w- c:\programdata\PPLive

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork

2011-08-13 16:30 . 2011-08-13 16:30 -------- d-----w- c:\program files (x86)\PPLive

2011-08-12 13:17 . 2011-08-12 13:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG

2011-08-12 08:04 . 2011-08-12 08:04 -------- d--h--w- c:\programdata\Common Files

2011-08-12 08:03 . 2011-08-19 01:56 -------- d-----w- c:\programdata\AVG10

2011-08-12 08:03 . 2011-08-19 01:54 -------- d-----w- c:\windows\system32\drivers\AVG

2011-08-12 08:03 . 2011-08-19 01:52 -------- d-----w- c:\program files (x86)\AVG

2011-08-12 06:35 . 2011-08-19 01:55 -------- d-----w- c:\programdata\MFAData

2011-08-11 16:53 . 2011-08-11 16:53 -------- d-----w- c:\program files (x86)\Kingsoft

2011-08-11 16:52 . 2011-08-11 16:52 -------- d-----w- c:\program files (x86)\Common Files\Kingsoft

2011-08-11 16:52 . 2011-08-12 03:52 -------- d--h--w- c:\program files (x86)\Common Files\nsklog

2011-08-11 16:52 . 2011-08-11 16:54 -------- d-----w- c:\programdata\kingsoft

2011-08-11 16:33 . 2011-08-11 16:33 -------- d-----w- c:\programdata\youku

2011-08-11 16:33 . 2011-08-11 16:33 153632 ----a-w- c:\windows\SysWow64\ikutm.dll

2011-08-11 10:55 . 2011-08-11 10:55 -------- d-----w- c:\programdata\Kaspersky Lab

2011-08-11 09:48 . 2011-08-11 09:48 -------- d-----w- C:\kleaner.tmp

2011-08-10 23:34 . 2011-08-19 05:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Local\Yahoo

2011-08-10 23:27 . 2011-08-10 23:27 -------- d-----w- c:\users\User\AppData\Roaming\Yahoo!

2011-08-10 09:01 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 09:01 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2011-08-10 09:01 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll

2011-08-10 09:01 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll

2011-08-10 09:01 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll

2011-08-10 09:01 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll

2011-08-10 09:01 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll

2011-08-10 08:56 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 08:46 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 08:45 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-08-06 14:28 . 2011-08-06 14:28 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-06 13:57 . 2011-08-06 13:57 -------- d-----w- c:\users\User\AppData\Local\Sunbelt Software

2011-08-06 13:56 . 2011-08-06 13:56 -------- d-----w- c:\programdata\Lavasoft

2011-08-06 05:02 . 2011-08-06 05:02 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-08-05 12:59 . 2011-08-07 09:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-05 12:32 . 2011-08-06 04:59 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-08-05 01:34 . 2011-08-05 01:34 -------- d-----w- c:\program files (x86)\Wisdom-soft ScreenHunter 5 Pro

2011-08-02 07:11 . 2011-08-02 07:11 497080 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\mframe.dll

2011-08-02 07:11 . 2011-08-02 07:11 251400 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\pplugin2.dll

2011-08-02 07:11 . 2011-08-02 07:11 234944 ----a-w- c:\program files (x86)\Internet Explorer\PPLite\plugin\1.0.0.675\ppp.dll

2011-08-02 07:11 . 2011-08-02 07:11 709992 ----a-w- c:\windows\SysWow64\kindling.dll

2011-07-25 15:27 . 2008-07-12 00:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-07-25 15:27 . 2008-07-12 00:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll

2011-07-23 18:42 . 2011-08-06 03:58 -------- d-----w- C:\GVODMedia

2011-07-23 18:41 . 2011-08-08 14:03 -------- d-----w- c:\program files (x86)\GVOD

2011-07-23 18:41 . 2011-07-25 01:59 -------- d-----w- c:\programdata\GVODPlayer

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-22 01:05 . 2011-02-21 01:46 30528 ----a-w- c:\windows\GVTDrv64.sys

2011-08-22 01:05 . 2011-02-21 01:33 25640 ----a-w- c:\windows\gdrv.sys

2011-08-21 04:24 . 2011-06-05 01:57 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-12 04:10 . 2011-08-19 05:56 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04D59CD-0DB4-4619-ADCE-6809104FFDDC}\mpengine.dll

2011-08-06 04:59 . 2011-02-21 03:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-07-16 04:26 . 2011-08-10 08:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-08 01:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-08 01:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-07-06 11:52 . 2011-07-15 02:34 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy3576.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\system32\nsy3577.tmp

2011-06-25 01:19 . 2011-06-25 01:19 0 ----a-w- c:\windows\SysWow64\nsy1E4D.tmp

2011-06-18 15:30 . 2011-06-18 15:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-11 03:07 . 2011-07-13 04:46 3137536 ----a-w- c:\windows\system32\win32k.sys

2011-06-08 10:21 . 2011-07-20 11:23 157728 ----a-w- c:\windows\system32\ikutm.dll

2011-06-06 18:19 . 2011-06-06 18:19 224016 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-06-06 07:22 . 2011-06-06 07:22 1741886 ----a-w- c:\windows\Fix-It-Up Eighties - Meet Kate's Parents Uninstaller.exe

2011-06-06 07:12 . 2011-06-06 07:12 1520566 ----a-w- c:\windows\Chicken Invaders 4 Uninstaller.exe

2011-05-24 11:42 . 2011-06-29 10:03 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 11:14 . 2011-02-21 02:09 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:40 . 2011-06-29 10:03 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 10:03 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 10:03 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 10:03 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-21_10.55.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-21 01:53 . 2011-08-22 01:06 65930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-08-21 10:57 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-22 01:06 34362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-02-21 01:32 . 2011-08-22 01:06 14336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060712862-2128723342-4021548419-1000_UserData.bin

+ 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-22 05:18 . 2011-08-22 01:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-02-22 05:18 . 2011-08-21 10:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-02-22 05:18 . 2011-08-22 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-22 05:18 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-21 03:02 . 2011-08-21 10:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-21 03:02 . 2011-08-22 01:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-08-21 10:54 . 2011-08-21 10:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-22 01:18 . 2011-08-22 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2011-08-21 10:53 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-08-22 01:17 673788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-22 13:37 . 2011-08-21 16:47 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-02-22 13:37 . 2011-08-07 09:35 4930120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白與合法缺省登錄將不會被顯示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B0E2F470-0B07-48f0-B3B1-5749505FAE9B}]

c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PPS Accelerator"="d:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]

"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.exe" [2011-08-05 442232]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 295856]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

Ime File REG_SZ SOGOUPY.IME

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-01 1436424]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 136176]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-08-22 30528]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MT7118VU;MediaTek MT7118 WiMAX USB Card Driver for VISTA;c:\windows\system32\DRIVERS\mt7118vu_x64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 136360]

S2 GPCommonService(64);GPCommonService(64);c:\program files\P1\P1 4G\GPCommonServicex64.exe [2010-10-08 111104]

S2 GPCommonService;GPCommonService;c:\program files\P1\P1 4G\GPCommonService.exe [2010-10-08 90112]

S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

S2 MTKWMPROT;MediaTek WiMAX Modem Protocol Driver;c:\windows\system32\DRIVERS\mtkwmptv_x64.sys [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 XLDoctor Service;XLDoctor Service;c:\windows\system32\svchost [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

DoctorService REG_MULTI_SZ XLDoctor Service

.

‘計劃任務’ 文件夾 裡的內容

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-16 17:49]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 74672]

.

------- 而外的掃描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.155.com/?id=104295

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: facebook.com

Trusted Zone: pps.tv

Trusted Zone: ppstream.com

Trusted Zone: webscache.com

TCP: DhcpNameServer = 219.139.81.6 168.95.1.1

FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v50v3vaf.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e44dea8&i=23&tp=ab&nt=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1060712862-2128723342-4021548419-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A122DF8A-84A5-F6C8-0DEC-1D01CF115784}*]

"hahfeegjdflopjep"=hex:6a,61,66,63,70,69,6c,6f,63,61,67,6f,67,65,69,67,69,6a,

6f,62,00,84

"gakencjbkeakcc"=hex:61,63,6b,70,63,64,6b,69,67,6e,63,64,63,6e,68,6c,63,68,6d,

6d,66,69,64,66,61,6c,6b,6d,70,65,62,68,6f,67,63,64,65,68,6e,63,6e,67,65,6c,\

"iajfoedljdbnokckgp"=hex:6a,61,67,63,68,6a,6a,6e,62,67,6a,62,63,69,64,6a,6c,69,

63,70,00,00

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ 其他運行進程 ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Lexmark 1200 Series\lxczbmon.exe

.

**************************************************************************

.

完成時間: 2011-08-22 09:24:59 - 電腦已重新啟動

ComboFix-quarantined-files.txt 2011-08-22 01:24

ComboFix2.txt 2011-08-21 11:01

.

Pre-Run: 118,865,944,576 bytes free

Post-Run: 118,772,756,480 bytes free

.

- - End Of File - - 5BCF388512EE2A652F50E50F300AB25E

Link to post
Share on other sites

Hi again.

I still cannot connect to certain webpage that I used to visit. By the way, the description of I couldnt connect to those webpage had changed.

It changed to: DNS Lookup failed. (Previously I couldn't run DDS due to DNS too?)

I am using Google Chrome:

The server at www.facebook.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.

Link to post
Share on other sites

Dear elise,

Hi. I am unable to connect facebook right now.

IE stated that, Internet Explorer cannot display the webpage.

(So do Firefox)

At the same time, I using Google Chrome to connect Facebook, it works fine.

(For your information, sometimes I could connect Facebook, while sometimes couldn't)

Besides, I cannot play Facebook games too. (It cannot connect to that page once I click the game)

Google Chrome: Can open Facebook, no Twitter, no Youtube.

Internet Explorer: Twitter only, no Facebook, no Youtube.

Firefox: Twitter only, no Facebook, no Youtube. (same as IE)

Link to post
Share on other sites

Hi again.

I restart my computer, this is the changes:

Google Chrome: Cannot open Facebook at first and then now can(even can run Facebook games now). yes Twitter, yes Youtube.

IE: Cannot for all Facebook, Twitter and Youtube.

Firefox: Yes Facebook, yes Twitter, no Youtube.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.