also @ TechSpot: Cookie-blocking browser plugin Ghostery feeds data to the ad industry

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

I am so sorry again....i think i accidentally installed Yontoo, visual bee and deal ply...

Discussion in 'Virus and Malware Removal' started by Carmen__Tsamg, Feb 8, 2013.

Post New Reply

Page 1 of 3

Carmen__Tsamg TechSpot Enthusiast Posts: 103

It is me again, my bad!!! I don't know why but it just happened, ahhh help...I will post the 4 steps procedures as soon as possible

Carmen__Tsamg, Feb 8, 2013

#1
Broni Malware Annihilator Posts: 40,051 +187

Same computer as here?
http://www.techspot.com/community/topics/suspect-virus-infection-with-my-hp-netbook.189664/

Broni, Feb 8, 2013

#2
Carmen__Tsamg TechSpot Enthusiast Posts: 103

No, a different one, this is a lenovo laptop
PS the other computer at the first thread I started is still under the proccess for comfox? for at least 1 hours...

Carmen__Tsamg, Feb 8, 2013

#3
Carmen__Tsamg TechSpot Enthusiast Posts: 103

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.05.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kitty Tsang :: USER-THINK [administrator]
8/2/2013 15:39:23
mbam-log-2013-02-08 (15-39-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265175
Time elapsed: 9 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Carmen__Tsamg, Feb 8, 2013

#4
Carmen__Tsamg TechSpot Enthusiast Posts: 103

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Kitty Tsang at 15:49:51 on 2013-02-08
Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.4007.2033 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\svchost.exe -k PPTVServiceGroup
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files (x86)\PPStream\PPSAP.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe
C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\KITTYT~1\AppData\Local\Temp\{EF060B78-43CE-4D77-B9E8-D90B354F757A}\ISBEW64.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\PPStream\PPStream.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN21556502532854319&ctid=CT3284023
uURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
mURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: VideoUrlSniffer Class: {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(401).dll
BHO: 捃濘FLV弝凊抻摯狟婥盓厥: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: BrowserHelper: {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
BHO: 捃濘狟婥盓厥: {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll
BHO: Windows Live ID 登入協助程式: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468 Class: {ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
uRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe
uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" -background
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun: [UIExec] "C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\KITTYT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kitty Tsang\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\KITTYT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PPS.lnk - C:\Program Files (x86)\PPStream\PPStream.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &使用&迅雷下? - <no file>
IE: &使用&迅雷下?全部?接 - <no file>
IE: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 添加?前?到迅雷看看播放器?? - <no file>
IE: 發送圖像至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: 發送頁面至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
IE: {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{B5037CB4-5D75-4578-832C-3CC2AA2C729D} : DHCPNameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{CC116FF0-8393-46DB-AC08-B5C8082FBD42} : DHCPNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{E4E0554F-A08F-4922-896E-3DA12292EF90}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E4E0554F-A08F-4922-896E-3DA12292EF90}\46C696E6B6023762E6 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: 捃濘狟婥盓厥: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.10.3694.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [Soluto] C:\Program Files\Soluto\soluto.exe /init
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>
x64-Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
x64-Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-13 23664]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-13 37720]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-1-17 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-4-25 198784]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-4-17 98816]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-4-17 166016]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-4-17 425000]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-17 39464]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-17 317440]
R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\System32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 97280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-17 412776]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-9 167264]
S3 btusb64h;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\btusb64h.sys [2012-1-24 28728]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-7-17 11776]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\System32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 98304]
S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\Windows\System32\drivers\nokia_cs1x_cdc_ecm.sys [2010-4-22 53760]
S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\System32\drivers\nokia_cs1x_cpo.sys [2010-4-22 13824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-02-08 08:08:03--------d-----w-C:\Program Files (x86)\Yontoo
2013-02-08 08:07:59--------d-----w-C:\ProgramData\Tarma Installer
2013-02-08 08:05:50--------d-----w-C:\Program Files (x86)\DealPly
2013-02-08 07:54:46--------d-----w-C:\Program Files (x86)\Conduit
2013-02-08 07:53:19--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Conduit
2013-02-08 07:53:15--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Bart_Ubing
2013-02-08 07:53:10--------d-----w-C:\Program Files (x86)\VisualBee_V.1
2013-02-08 07:52:29--------d-----w-C:\Users\Kitty Tsang\AppData\Local\CRE
2013-02-08 07:51:24--------d-----w-C:\Users\Kitty Tsang\AppData\Local\VisualBeeClient
2013-02-08 07:51:11--------d-----w-C:\Users\Kitty Tsang\AppData\Local\VisualBeeExe
2013-02-08 07:50:18--------d-----w-C:\ProgramData\VisualBee
2013-02-07 05:24:55--------d-----w-C:\ProgramData\Tencent
2013-02-07 05:23:15--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Tencent
2013-02-07 05:20:3961440----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-02-07 05:20:3961440----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
2013-02-07 05:20:39106496----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-02-07 05:20:39106496----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-02-07 05:20:39106496----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-02-07 04:58:56--------d-----w-C:\Users\Kitty Tsang\AppData\Local\{CE18F04E-3F8F-4FD8-A23C-70FB5DAD9580}
2013-02-07 04:52:32--------d-----w-C:\Users\Kitty Tsang\AppData\Roaming\Tencent
2013-02-06 22:47:51--------d-sh--w-C:\$RECYCLE.BIN
2013-02-06 15:35:44--------d-----w-C:\Windows\ERUNT
2013-02-06 15:35:19--------d-----w-C:\JRT
2013-02-02 20:45:47--------d-----w-C:\Program Files\FreeFixer
2013-01-30 02:54:5587040----a-w-C:\Windows\System32\pdfcmnnt.dll
2013-01-30 02:54:55137000----a-w-C:\Windows\SysWow64\MSMAPI32.OCX
2013-01-30 02:54:5323552----a-w-C:\Windows\SysWow64\MSMPIDE.DLL
2013-01-30 02:54:53--------d-----w-C:\Program Files (x86)\PDFCreator
2013-01-30 02:52:50--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Updater21802
2013-01-30 02:11:44--------d-----w-C:\Program Files (x86)\Logon Loader
2013-01-24 19:44:36--------d-----w-C:\found.002
2013-01-12 02:11:3635328----a-w-C:\Windows\System32\ImHttpComm.dll
2013-01-12 02:11:361261936----a-w-C:\Windows\System32\dmwu.exe
2013-01-12 02:11:36--------d-----w-C:\Windows\System32\ARFC
2013-01-12 02:10:10--------d-----w-C:\Users\Kitty Tsang\AppData\Local\PutLockerDownloader
2013-01-12 02:09:57--------d-----w-C:\Program Files (x86)\PutLockerDownloader
2013-01-12 02:09:54--------d-----w-C:\Program Files (x86)\PutLockerDownloader.com
.
==================== Find3M ====================
.
2013-02-08 10:44:2374096----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 10:44:23697712----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-07 05:17:1218760----a-w-C:\Windows\SysWow64\QQVistaHelper.dll
2013-01-24 15:02:3037720----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2013-01-15 21:56:10477616----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-01-15 21:56:07473520----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-12-25 04:31:52505312----a-w-C:\Windows\SysWow64\PPTVSvc.dll
2012-12-25 04:31:50399968----a-w-C:\Windows\SysWow64\PPTVLauncher.exe
2012-12-25 04:31:50399968----a-w-C:\Windows\System32\PPTVLauncher.exe
2012-12-25 04:31:422585056----a-w-C:\Windows\System32\kindling.dll
2012-12-25 04:31:422299360----a-w-C:\Windows\SysWow64\kindling.dll
2012-12-16 17:11:2246080----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03367616----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:2034304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
2012-12-07 11:19:5721504----a-w-C:\Windows\System32\grb.rs
2012-12-07 11:19:5715360----a-w-C:\Windows\System32\djctq.rs
2012-12-07 11:19:5655296----a-w-C:\Windows\System32\cero.rs
2012-12-07 11:19:5551712----a-w-C:\Windows\System32\esrb.rs
2012-11-30 05:45:35362496----a-w-C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35243200----a-w-C:\Windows\System32\wow64.dll
2012-11-30 05:45:3513312----a-w-C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14215040----a-w-C:\Windows\System32\winsrv.dll
2012-11-30 05:43:1216384----a-w-C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07424448----a-w-C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:005120----a-w-C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48338432----a-w-C:\Windows\System32\conhost.exe
2012-11-30 02:44:0625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:047680----a-w-C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:0414336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:032048----a-w-C:\Windows\SysWow64\user.exe
2012-11-30 02:38:596144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:594608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:593584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:593072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:313149824----a-w-C:\Windows\System32\win32k.sys
2012-11-23 03:13:5768608----a-w-C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23800768----a-w-C:\Windows\System32\usp10.dll
2012-11-22 04:45:03626688----a-w-C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49307200----a-w-C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-11-16 20:34:3090112----a-w-C:\Windows\SysWow64\atl71.dll
2012-11-16 20:34:1879824----a-w-C:\Windows\xinstaller.dll
2012-11-16 20:34:1834768----a-w-C:\Windows\xinstaller.exe
2012-11-16 04:33:24111968----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:51:35.07 ===============

Carmen__Tsamg, Feb 8, 2013

#5

Carmen__Tsamg TechSpot Enthusiast Posts: 103

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家用進階版
Boot Device: \Device\HarddiskVolume1
Install Date: 15/7/2011 6:21:05
System Uptime: 8/2/2013 13:18:14 (2 hours ago)
.
Motherboard: LENOVO | | 114322B
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 155.22 GiB free.
D: is CDROM ()
H: is Removable
Q: is FIXED (NTFS) - 16 GiB total, 0.001 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP212: 6/2/2013 11:10:05 - ComboFix created restore point
RP213: 7/2/2013 17:01:02 - Clean
RP214: 7/2/2013 17:02:59 - OTL Restore Point - 7/2/2013 17:02:59
RP215: 7/2/2013 17:03:28 - OTL Restore Point - 7/2/2013 17:03:28
RP216: 7/2/2013 17:29:20 - Installed Java(TM) 6 Update 39
RP217: 8/2/2013 13:24:07 - 已設定 PowerDirector
.
==== Installed Programs ======================
.
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) - Chinese Traditional
Apple Mobile Device Support
Apple Software Update
Apple 應用程式支援
Auslogics Disk Defrag
AVG 2013
Bing Rewards Client Installer
Bonjour
Broadcom InConcert Maestro
BUFFALO TurboUSB for FLASH/HDD
Chinese Simplified Fonts Support For Adobe Reader X
Conexant HD Audio
Create Recovery Media
CyberLink PowerDirector 11
D3DX10
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
Dropbox
Duplicate Cleaner 2.0.6
Eusing Free Registry Cleaner
FreeFixer
Google Chrome
Google Update Helper
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Wireless Display
iTunes
Java Auto Updater
Java(TM) 6 Update 31 (64-bit)
Java(TM) 6 Update 39
Junk Mail filter update
jZip
K-Lite Codec Pack 7.2.0 (Full)
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Logon Loader 3.0
Malwarebytes Anti-Malware 版本 1.70.0.1100
Mesh Runtime
Message Center Plus
Messenger ??器插件
Messenger Companion
Messenger 分享元件
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (French) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Excel Viewer
Microsoft Office Groove MUI (Chinese (Traditional)) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office Language Pack 2010 - Chinese (Traditional)/中文(繁體)
Microsoft Office Language Pack 2010 - French/Francais
Microsoft Office O MUI (Chinese (Traditional)) 2010
Microsoft Office O MUI (French) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (French) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Chinese (Traditional)) 2010
Microsoft Office SharePoint Designer MUI (French) 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Office X MUI (Chinese (Traditional)) 2010
Microsoft Office X MUI (French) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
NirSoft BlueScreenView
Nokia Internet Modem
Norton Security Scan
OLYMPUS Digital Camera Updater
Olympus ib
OLYMPUS Viewer 2
On Screen Display
one2free Next G Connection Manager
OpenOffice.org 3.3
Pandora Service
PDFCreator
Picasa 3
PPSGame V1.0.1.452
PPStream V2.7.0.1499 Final
PPTV厙釐萇弝 V3.3.0.0061
QQ音?8.4
QuickBooks
QuickBooks Premier Edition 2010
QuickTime
RapidBoot
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
RealUpgrade 1.1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
RICOH Media Driver v2.10.18.02
Safari
Sage Simply Accounting 2012
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype? 6.0
Soluto
SupportSoft Assisted Service
System Update
Tencent QQ
The KMPlayer (remove only)
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Communications Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VisualBee for Microsoft PowerPoint
VisualBee V.1 Toolbar
Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
Windows Driver Package - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)
Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
Windows Live ?件包
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片?
Windows Live 影像中心
Windows 驅動程式封裝 - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
WinRAR 4.00 (32 位元)
WinRAR 4.00 (64 位元)
Yahoo! Install Manager
Yontoo 1.12.02
Youtube Downloader HD v. 2.9.4
Youtube Music Downloader V3.8.3
Youtube to MP3 Converter v. 1.4
YTD Toolbar v6.7
YTD Video Downloader 3.9
用于?程?接的 Windows Live Mesh ActiveX 控件(?体中文)
百度影音1.16.0.73
迅雷看看播放器
捃濘7
適用遠端連線的 Windows Live Mesh ActiveX 控制項
蹄僩秞氈2012
騰訊QQ2012
.
==== End Of File ===========================

Carmen__Tsamg, Feb 8, 2013

#6

Broni Malware Annihilator Posts: 40,051 +187
Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
Broni, Feb 8, 2013

#7
Carmen__Tsamg TechSpot Enthusiast Posts: 103

RogueKiller V8.5.0 [Feb 8 2013] tigzy 設計製作
電子郵件 : tigzyRK<at>gmail<dot>com
意見反應 : http://www.geekstogo.com/forum/files/file/413-roguekiller/
網站 : http://tigzy.geekstogo.com/roguekiller.php
部落格 : http://tigzyrk.blogspot.com/

作業系統 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
開始在 : 標準模式
使用者 : Kitty Tsang [系統管理員權限]
模式 : Remove -- 日期 : 02/08/2013 16:24:31
| ARK || FAK || MBR |

¤¤¤ 損壞的處理程序 : 0 ¤¤¤

¤¤¤ 系統登錄項目 : 6 ¤¤¤
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Kitty Tsang\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack -> 已刪除
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> 已刪除
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 已取代 (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> 已取代 (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 已取代 (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 已取代 (0)

¤¤¤ 特定檔案/資料夾: ¤¤¤

¤¤¤ 驅動程式 : [未載入] ¤¤¤

¤¤¤ HOSTS 檔: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR 檢查: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 68a7d29e4c1a2c50fa43131fedb8e6ad
[BSP] c9539f4342e8d6ab537d231c2b58eb58 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ee2077de975996c13db83dcb29a691d0
[BSP] 6e74cb94b5841094bdff1cb99ec1f724 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo

+++++ PhysicalDrive1: Ricoh MMC Disk Device +++++
--- User ---
[MBR] cef041724bdf61e1fea4eb34ba38357b
[BSP] 319ab95ab614f6c7eb4a926e9b11c54a : MBR Code unknown
Partition table:
Error reading LL1 MBR!
Error reading LL2 MBR!

完成 : << RKreport[2]_D_02082013_02d1624.txt >>
RKreport[1]_S_02082013_02d1618.txt ; RKreport[2]_D_02082013_02d1624.txt

Carmen__Tsamg, Feb 8, 2013

#8
Carmen__Tsamg TechSpot Enthusiast Posts: 103

RogueKiller V8.5.0 [Feb 8 2013] tigzy 設計製作
電子郵件 : tigzyRK<at>gmail<dot>com
意見反應 : http://www.geekstogo.com/forum/files/file/413-roguekiller/
網站 : http://tigzy.geekstogo.com/roguekiller.php
部落格 : http://tigzyrk.blogspot.com/

作業系統 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
開始在 : 標準模式
使用者 : Kitty Tsang [系統管理員權限]
模式 : 掃瞄 -- 日期 : 02/08/2013 16:18:38
| ARK || FAK || MBR |

¤¤¤ 損壞的處理程序 : 0 ¤¤¤

¤¤¤ 系統登錄項目 : 9 ¤¤¤
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Kitty Tsang\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack -> 找到
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> 找到
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 找到
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> 找到
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> 找到
[HJ] HKLM\[...]\System : EnableLUA (0) -> 找到
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 找到

¤¤¤ 特定檔案/資料夾: ¤¤¤

¤¤¤ 驅動程式 : [未載入] ¤¤¤

¤¤¤ HOSTS 檔: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR 檢查: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 68a7d29e4c1a2c50fa43131fedb8e6ad
[BSP] c9539f4342e8d6ab537d231c2b58eb58 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ee2077de975996c13db83dcb29a691d0
[BSP] 6e74cb94b5841094bdff1cb99ec1f724 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo

+++++ PhysicalDrive1: Ricoh MMC Disk Device +++++
--- User ---
[MBR] cef041724bdf61e1fea4eb34ba38357b
[BSP] 319ab95ab614f6c7eb4a926e9b11c54a : MBR Code unknown
Partition table:
Error reading LL1 MBR!
Error reading LL2 MBR!

完成 : << RKreport[1]_S_02082013_02d1618.txt >>
RKreport[1]_S_02082013_02d1618.txt

Carmen__Tsamg, Feb 8, 2013

#9
Broni Malware Annihilator Posts: 40,051 +187

I can also see Yontoo in your installed programs.
Did you try to simply uninstall it?

Broni, Feb 8, 2013

#10
Carmen__Tsamg TechSpot Enthusiast Posts: 103

Hi , I just did what you told me, simply unintall Yontoo, but I am not sure if it is really completely gone

Carmen__Tsamg, Feb 8, 2013

#11
Broni Malware Annihilator Posts: 40,051 +187

No problem. Go on with MBAR.

Broni, Feb 8, 2013

#12
Carmen__Tsamg TechSpot Enthusiast Posts: 103

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4201889792, free: 1642332160

------------ Kernel report ------------
02/08/2013 16:27:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nokia_cs1x_dc_enum.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007ccc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8007d1f920
Lower Device Driver Name: \Driver\risdxc\
Driver name found: risdxc
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006684060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005421050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.08.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006684980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006685040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800541cb20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005421050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xfffff8a011c4e370, 0xfffffa8006684060, 0xfffffa8009160580
Lower DeviceData: 0xfffff8a011fc0610, 0xfffffa8005421050, 0xfffffa80093da090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9B1CD53

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2457600
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2459648 Numsec = 941543416

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 944003072 Numsec = 32768000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d1f920, DeviceName: \Device\0000007d\, DriverName: \Driver\risdxc\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128450560 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2013\chjw\4e1aea7b1aea6007.dat" is sparse (flags = 32768)
Done!
Scan finished
=======================================

Carmen__Tsamg, Feb 8, 2013

#13
Carmen__Tsamg TechSpot Enthusiast Posts: 103

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_39
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4201889792, free: 1642332160
------------ Kernel report ------------
02/08/2013 16:27:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nokia_cs1x_dc_enum.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007ccc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8007d1f920
Lower Device Driver Name: \Driver\risdxc\
Driver name found: risdxc
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006684060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005421050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.08.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006684980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006685040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800541cb20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005421050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xfffff8a011c4e370, 0xfffffa8006684060, 0xfffffa8009160580
Lower DeviceData: 0xfffff8a011fc0610, 0xfffffa8005421050, 0xfffffa80093da090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9B1CD53
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2457600
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2459648 Numsec = 941543416
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 944003072 Numsec = 32768000
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d1f920, DeviceName: \Device\0000007d\, DriverName: \Driver\risdxc\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128450560 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2013\chjw\4e1aea7b1aea6007.dat" is sparse (flags = 32768)
Done!
Scan finished
=======================================

Carmen__Tsamg, Feb 8, 2013

#14
Broni Malware Annihilator Posts: 40,051 +187
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Feb 8, 2013

#15
Carmen__Tsamg TechSpot Enthusiast Posts: 103

ComboFix 13-02-07.02 - Kitty Tsang 02/2013 週五 17:08:58.3.4 - x64
Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.4007.2382 [GMT -5:00]
執行位置: c:\users\Kitty Tsang\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20121231182941_yingchao121231zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130201170743_xinmenghuanzhicheng130201zhuhuanchong15s1.swf
c:\favoritevideo\InvisibleFolder\20130201170821_xinmenghuanzhicheng130201zhuhuanchong15s2.swf
c:\favoritevideo\InvisibleFolder\20130201171914_chuangshisanguo130201zhuhuanchong15s3.swf
c:\favoritevideo\InvisibleFolder\20130201172152_chuangshisanguo130201yixingqipao3.swf
c:\favoritevideo\InvisibleFolder\20130204171757_itongyisucai130204zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130204172217_rtongyisucai130204zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130205112159_dongfengrichan130205zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130205170435_guangqichuanqi130205zhuhuanchong15snew.swf
c:\favoritevideo\InvisibleFolder\20130205170523_guangqichuanqi130205zhuztnew.swf
c:\favoritevideo\InvisibleFolder\20130206115102_37wan130208zhuztA.swf
c:\favoritevideo\InvisibleFolder\20130206140659_37wan130212zhuztA.swf
c:\favoritevideo\InvisibleFolder\20130206140702_37wan130212zhuztB.swf
c:\favoritevideo\InvisibleFolder\20130206152917_baidu130207zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130206154843_shenjiangsanguo130206zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206154911_shenjiangsanguo130206zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130206154950_shenjiangsanguo130206zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130206155125_shenjiangsanguo130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206155204_shenjiangsanguo130206qipao3.swf
c:\favoritevideo\InvisibleFolder\20130206155912_qingshiqiyuan130206zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130206160016_qingshiqingyuan130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206160046_qingshiqiyuan130206qipao2.swf
c:\favoritevideo\InvisibleFolder\20130206161355_tianxingjian130206zhuhuanchong15s3.swf
c:\favoritevideo\InvisibleFolder\20130206161626_tianxingjian130206yixingqipao2.swf
c:\favoritevideo\InvisibleFolder\20130206161648_tianxingjian130206yixingqipao3.swf
c:\favoritevideo\InvisibleFolder\20130206162100_fanrenxiuzhen130206zhuhuanchong15s1.swf
c:\favoritevideo\InvisibleFolder\20130206171511_qinmeiren130211zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206171539_qinmeiren130211zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130206171840_qinmeiren130211qipao2.swf
c:\favoritevideo\InvisibleFolder\20130206171907_qinmeiren130211qipao3.swf
c:\favoritevideo\InvisibleFolder\20130206172942_liehuozhanshen130206zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206173215_liehuozhanshen130206zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130206173355_liehuozhanshen130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206174028_chuangshi130206zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206174241_chuangshi130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206174256_chuangshi130206qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207102810_tulong130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207102958_tulong130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207103154_tulong130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207103213_tulong130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207104822_jiangshen130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207104837_jiangshen130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207104900_jiangshen130207zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130207105011_jiangshen130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207105043_jiangshen130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207105104_jiangshen130207qipao3.swf
c:\favoritevideo\InvisibleFolder\20130207105728_shenxiandao130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207105838_shenxiandao130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207105940_shenxiandao130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207110003_shenxiandao130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207110920_sanguoyanyi130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207110941_sanguoyanyi130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207111034_sanguoyanyi130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207111044_sanguoyanyi130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207111845_xuanxianchuanqi130207zhuhuanchong15s2.swf
c:\favoritevideo\InvisibleFolder\20130207112257_xuandongchuanqi130207yixingqipao2.swf
c:\favoritevideo\InvisibleFolder\20130207113037_daxiazhuan130207zhuhuanchong15s1.swf
c:\favoritevideo\InvisibleFolder\20130207113125_daxiazhuan130207zhuhuanchong15s2.swf
c:\favoritevideo\InvisibleFolder\20130207113159_daxiazhuan130207yixingqipao1.swf
c:\favoritevideo\InvisibleFolder\20130207113217_daxiazhuan130207yixingqipao2.swf
c:\favoritevideo\InvisibleFolder\20130207140814_ntongyisucai130207zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207141617_qtongyisucai130207zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207143046_20130204171817_itongyisucai130204zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207143253_tongyi130207zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130207144237_stongyisucai130204zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207145134_20130204172242_rtongyisucai130204zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207161808_ntongyisucai130207newzhuhc.swf
c:\favoritevideo\InvisibleFolder\20130207165555_pptvlogo.jpg
c:\favoritevideo\InvisibleFolder\20130207170435_tulongchuanshuo130207zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130207170559_tulongchuanshuo130207qipao3.swf
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pptv_jiejisanguo_130130.exe
c:\favoritevideo\InvisibleFolder\pptv_qinshiqingyuan_130130.exe
c:\favoritevideo\InvisibleFolder\productupdate.dll
c:\favoritevideo\InvisibleFolder\tipsbubble.dll
c:\favoritevideo\InvisibleFolder\tipsclient.dll
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
.
.
((((((((((((((((((((((((( 2013-01-08 至 2013-02-08 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2013-02-08 22:30 . 2013-02-08 22:30--------d-----w-c:\users\user\AppData\Local\temp
2013-02-08 22:30 . 2013-02-08 22:30--------d-----w-c:\users\TEMP\AppData\Local\temp
2013-02-08 22:30 . 2013-02-08 22:30--------d-----w-c:\users\Default\AppData\Local\temp
2013-02-08 08:07 . 2013-02-08 21:33--------d-----w-c:\programdata\Tarma Installer
2013-02-08 07:54 . 2013-02-08 07:54--------d-----w-c:\program files (x86)\Conduit
2013-02-08 07:53 . 2013-02-08 07:53--------d-----w-c:\users\Kitty Tsang\AppData\Local\Conduit
2013-02-08 07:53 . 2013-02-08 07:53--------d-----w-c:\users\Kitty Tsang\AppData\Local\Bart_Ubing
2013-02-08 07:53 . 2013-02-08 08:14--------d-----w-c:\program files (x86)\VisualBee_V.1
2013-02-08 07:52 . 2013-02-08 07:52--------d-----w-c:\users\Kitty Tsang\AppData\Local\CRE
2013-02-08 07:51 . 2013-02-08 07:52--------d-----w-c:\users\Kitty Tsang\AppData\Local\VisualBeeClient
2013-02-08 07:51 . 2013-02-08 07:51--------d-----w-c:\users\Kitty Tsang\AppData\Local\VisualBeeExe
2013-02-08 07:50 . 2013-02-08 07:50--------d-----w-c:\programdata\VisualBee
2013-02-07 05:24 . 2013-02-07 05:24--------d-----w-c:\programdata\Tencent
2013-02-07 05:23 . 2013-02-07 05:23--------d-----w-c:\users\Kitty Tsang\AppData\Local\Tencent
2013-02-07 05:20 . 2013-02-07 05:2061440----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-02-07 05:20 . 2013-02-07 05:2061440----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
2013-02-07 05:20 . 2013-02-07 05:20106496----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-02-07 05:20 . 2013-02-07 05:20106496----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-02-07 05:20 . 2013-02-07 05:20106496----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-02-07 04:52 . 2013-02-08 07:15--------d-----w-c:\users\Kitty Tsang\AppData\Roaming\Tencent
2013-02-06 15:35 . 2013-02-06 15:35--------d-----w-c:\windows\ERUNT
2013-02-06 15:35 . 2013-02-06 15:35--------d-----w-C:\JRT
2013-02-02 20:45 . 2013-02-02 20:45--------d-----w-c:\users\user\AppData\Roaming\FreeFixer
2013-02-02 20:45 . 2013-02-02 20:45--------d-----w-c:\users\user\AppData\Local\FreeFixer
2013-02-02 20:45 . 2013-02-02 20:45--------d-----w-c:\program files\FreeFixer
2013-01-30 02:54 . 2005-03-12 05:0787040----a-w-c:\windows\system32\pdfcmnnt.dll
2013-01-30 02:54 . 1998-06-24 05:00137000----a-w-c:\windows\SysWow64\MSMAPI32.OCX
2013-01-30 02:54 . 2013-01-30 02:55--------d-----w-c:\program files (x86)\PDFCreator
2013-01-30 02:54 . 1998-07-06 05:0023552----a-w-c:\windows\SysWow64\MSMPIDE.DLL
2013-01-30 02:52 . 2013-01-30 02:52--------d-----w-c:\users\Kitty Tsang\AppData\Local\Updater21802
2013-01-30 02:11 . 2013-01-30 02:21--------d-----w-c:\program files (x86)\Logon Loader
2013-01-24 19:44 . 2013-01-24 19:44--------d-----w-C:\found.002
2013-01-12 02:11 . 2013-01-12 02:11--------d-----w-c:\windows\system32\ARFC
2013-01-12 02:11 . 2012-10-02 15:201261936----a-w-c:\windows\system32\dmwu.exe
2013-01-12 02:11 . 2012-10-02 15:1935328----a-w-c:\windows\system32\ImHttpComm.dll
2013-01-12 02:10 . 2013-01-12 02:10--------d-----w-c:\users\Kitty Tsang\AppData\Local\PutLockerDownloader
2013-01-12 02:09 . 2013-01-12 02:09--------d-----w-c:\program files (x86)\PutLockerDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 10:44 . 2012-04-07 05:39697712----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 10:44 . 2011-07-19 13:0074096----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 05:17 . 2011-07-18 02:4018760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
2013-01-24 15:02 . 2012-08-14 02:5837720----a-w-c:\windows\system32\drivers\avgtpx64.sys
2013-01-15 21:56 . 2012-06-15 03:02477616----a-w-c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 21:56 . 2012-03-20 23:15473520----a-w-c:\windows\SysWow64\deployJava1.dll
2013-01-09 21:25 . 2011-07-17 14:5767599240----a-w-c:\windows\system32\MRT.exe
2012-12-25 04:31 . 2012-12-25 04:31505312----a-w-c:\windows\SysWow64\PPTVSvc.dll
2012-12-25 04:31 . 2012-12-25 04:31399968----a-w-c:\windows\SysWow64\PPTVLauncher.exe
2012-12-25 04:31 . 2012-12-25 04:31399968----a-w-c:\windows\system32\PPTVLauncher.exe
2012-12-25 04:31 . 2012-12-25 04:312299360----a-w-c:\windows\SysWow64\kindling.dll
2012-12-25 04:31 . 2012-10-30 02:572585056----a-w-c:\windows\system32\kindling.dll
2012-12-16 17:11 . 2012-12-21 06:3246080----a-w-c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 06:32367616----a-w-c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 06:32295424----a-w-c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 06:3234304----a-w-c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2011-07-18 02:3324176----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 18:20441856----a-w-c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:202746368----a-w-c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:20308736----a-w-c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:202576384----a-w-c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:2030720----a-w-c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:2043520----a-w-c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:2023552----a-w-c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:2045568----a-w-c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:2044544----a-w-c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:2020480----a-w-c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:2020480----a-w-c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:2020480----a-w-c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:2046592----a-w-c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:2040960----a-w-c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:2021504----a-w-c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:2015360----a-w-c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:2055296----a-w-c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:2051712----a-w-c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:2043520----a-w-c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:2030720----a-w-c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:2045568----a-w-c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:2044544----a-w-c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:2020480----a-w-c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:2023552----a-w-c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:2020480----a-w-c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:2046592----a-w-c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:2020480----a-w-c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:2021504----a-w-c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:2040960----a-w-c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:2015360----a-w-c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:2055296----a-w-c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:2051712----a-w-c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 18:19362496----a-w-c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:19243200----a-w-c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:1913312----a-w-c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 18:19215040----a-w-c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 18:1916384----a-w-c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:20424448----a-w-c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:191161216----a-w-c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:196144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:195120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 18:195120----a-w-c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 18:20274944----a-w-c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:194608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeae561-714b-45f6-ace3-4a8aed6e227b}"= "c:\program files (x86)\VisualBee_V.1\prxtbVis0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7aeae561-714b-45f6-ace3-4a8aed6e227b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00000ADA-7E0D-47C1-986C-F017D09C4304}]
2012-11-20 21:30518096----a-w-c:\users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(401).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]
2012-09-13 03:1588080----a-w-c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4BF2CB0E-658A-442B-AC83-A64EC2150BFC}]
2012-09-24 06:58427912----a-w-c:\programdata\PPBrowserHelper\BHO\TipsBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7aeae561-714b-45f6-ace3-4a8aed6e227b}]
2012-11-06 12:01183112----a-w-c:\program files (x86)\VisualBee_V.1\prxtbVis0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19244328----a-w-c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeae561-714b-45f6-ace3-4a8aed6e227b}"= "c:\program files (x86)\VisualBee_V.1\prxtbVis0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7aeae561-714b-45f6-ace3-4a8aed6e227b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-11-14 11:32251856----a-w-c:\program files (x86)\Common Files\Thunder Network\Kankan\xappex.1.1.1.62.(402).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files (x86)\PPStream\PPSAP.exe" [2010-02-24 214408]
"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" [2012-12-25 251896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2010-12-27 431464]
"ConnectionManager"="c:\program files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2011-12-21 99656]
"UIExec"="c:\program files (x86)\one2free Next G Connection Manager\UIExec.exe" [2010-11-30 138584]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 81200]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-05-06 140288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-22 295072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Kitty Tsang\Desktop\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\Resources\Themes\XP萌化-伏八-乙荏製作\XP登入畫面-伏八.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404]
IME FileREG_SZ IMTCC14.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0404]
IME FileREG_SZ IMTCQ14.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00f0404]
IME FileREG_SZ IMTCJ14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 PPTVService;PPTVService;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-03-20 571936]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 btusb64h;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\btusb64h.sys [2009-06-24 28728]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [2010-04-22 98304]
R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [2010-04-22 53760]
R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [2010-04-22 13824]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files (x86)\Winsim\TransactionManager2012 - CDN\Sage_SA.TransactionManager.exe [2011-12-21 46408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 UI Assistant Service;UI Assistant Service;c:\program files (x86)\one2free Next G Connection Manager\AssistantServices.exe [2010-11-30 252784]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-24 37720]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [2011-12-21 21320]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-24 945328]
S2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [2010-04-22 97280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatformREG_MULTI_SZ XLServicePlatform
DoctorServiceREG_MULTI_SZ XLDoctor Service
PPTVServiceGroupREG_MULTI_SZ PPTVService
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-05 21:061607120----a-w-c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
‘計劃任務’ 文件夾裡的內容
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 10:44]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05 21:06]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05 21:06]
.
2013-02-06 c:\windows\Tasks\Norton Security Scan for Kitty Tsang.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-05-16 09:45]
.
2013-01-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2013-02-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2012-09-13 03:15628240----a-w-c:\program files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.10.3694.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-12-27 31592]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 110896]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"Soluto"="c:\program files\Soluto\soluto.exe" [2012-03-20 1712688]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN21556502532854319&ctid=CT3284023
IE: &使用&迅雷下? - c:\program files (x86)\Thunder Network\Thunder\BHO\GetUrl.htm
IE: &使用&迅雷下?全部?接 - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: &妏蚚&捃濘燭盄狟婥 - c:\program files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 添加?前?到迅雷看看播放器?? - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm
IE: 發送圖像至藍牙裝置(B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: 發送頁面至藍牙裝置(B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{0000016b-c524-4050-81a0-243669a86b9f} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
IE: {{0000026b-c524-4050-81a0-243669a86b9f} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
IE: {{5D578929-E74E-46A2-A810-4F33D011DC52} - c:\program files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe
TCP: DhcpNameServer = 204.197.191.194 38.117.85.2
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KuGou\KGMusic\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KuGou\KGMusic\KUGOO3~1.OCX
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
.
------- 文件類型 -------
.
inifile=c:\windows\SysWow64\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468} - c:\program files (x86)\QvodPlayer\AddIn\{ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468}\QvodAddr.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BaiduPlayer - c:\program files (x86)\Baidu\BaiduPlayer\1.16.0.73\uninst.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-QQMusic - c:\program files (x86)\Tencent\QQMusic\QQMusicUninst.exe
AddRemove-Adobe Connect Add-in - c:\users\Kitty Tsang\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*??N}
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\GetUrl.htm"
"Contexts"=dword:00000022
"Name"="xl_geturl"
.
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*??N}Q??卉]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\GetAllUrl.htm"
"Contexts"=dword:000000f3
"Name"="xl_getallurl"
.
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Internet Explorer\MenuExt\&*?&*Cc喏甒競腤eZ]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:00000022
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2013-02-08 18:01:54
ComboFix-quarantined-files.txt 2013-02-08 23:01
.
Pre-Run: 166,337,814,528 bytes free
Post-Run: 165,936,148,480 bytes free
.
- - End Of File - - 298AEAFAFC22E9813D21661BED93FD71

Carmen__Tsamg, Feb 8, 2013

#16
Broni Malware Annihilator Posts: 40,051 +187
Looks good.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========================

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Feb 8, 2013

#17
Carmen__Tsamg TechSpot Enthusiast Posts: 103

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 18:13:46
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kitty Tsang - USER-THINK
# Boot Mode : Normal
# Running from : C:\Users\Kitty Tsang\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\VisualBee_V.1
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Kitty Tsang\AppData\Local\Conduit
Folder Deleted : C:\Users\Kitty Tsang\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kitty Tsang\AppData\LocalLow\VisualBee_V.1
Folder Deleted : C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284023
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\VisualBee_V.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00B2FDF2-4F9A-4185-A9AC-F54CECD3DDFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBD1A4EB-4034-4D48-85BD-B6E0A4AA910A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN21556502532854319&ctid=CT3284023 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com.hk/", "hxxp://www.google.com/", "hxxp[...]
Deleted [l.2631] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com.hk/", "hxxp://www.google.com/", "hxxp://[...]

*************************

AdwCleaner[S7].txt - [1408 octets] - [05/02/2013 21:00:46]
AdwCleaner[S8].txt - [4496 octets] - [08/02/2013 18:13:46]

########## EOF - C:\AdwCleaner[S8].txt - [4556 octets] ##########

Carmen__Tsamg, Feb 8, 2013

#18
Carmen__Tsamg TechSpot Enthusiast Posts: 103

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by Kitty Tsang on 08/02/2013 週五 at 18:18:50.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tencent"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\local\tencent"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\locallow\tencent"
Successfully deleted: [Folder] "C:\Program Files (x86)\tencent"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/02/2013 週五 at 18:28:13.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Carmen__Tsamg, Feb 8, 2013

#19
Carmen__Tsamg TechSpot Enthusiast Posts: 103

OTL Extras logfile created on: 8/2/2013 18:29:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kitty Tsang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.38% Memory free
7.82 Gb Paging File | 5.81 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 154.93 Gb Free Space | 34.51% Space Free | Partition Type: NTFS
Drive H: | 122.24 Mb Total Space | 119.76 Mb Free Space | 97.97% Space Free | Partition Type: FAT
Drive Q: | 15.62 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: USER-THINK | User Name: Kitty Tsang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [QQMusic.1.Play] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /play "%1"
Directory [QQMusic.2.Add] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /add "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [QQMusic.1.Play] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /play "%1"
Directory [QQMusic.2.Add] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /add "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA2506-786F-4741-9479-1DF9D85A12F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{053E3921-22C3-4352-9219-E195A2B5F610}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14ACE865-9067-4C33-BEA5-F058926545D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{15F90479-400A-42C9-9B8D-3765207926FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BB85C51-4558-40AF-BD09-61C77FD850AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C536832-1272-4EDA-8C33-3C85A276C3A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2188D10A-B4B9-4C2B-A5B9-BF629144F944}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C3DE536-5826-4719-A412-958695B5A325}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BA9559E-5758-4F76-88F2-1460F6439A5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CAB793E-8B89-4335-AB47-F5D7A4E58850}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{650AA829-1283-4691-A45F-71D2F3BA5642}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F5BBB4D-D72C-4885-A1AA-6682879D4DD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73144B03-AC67-415C-8824-7C6B3CFC7BD3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7964B178-102B-4DFC-88DE-26F21FFEE9CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79ABE264-1ABA-4639-843A-99D8BEDEEEFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{813593B3-8ED5-4C33-B80A-A714CE097123}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{898A22F4-BE68-4CF9-913A-E51EB7867BB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F9E3C9-CDD7-4636-AFC5-14B8A5602CC0}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
"{93403DAC-85ED-4FF8-B07F-176AD1BF2CBE}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FE8DE32-2297-4CF8-8A90-AB847D9E2F97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B336BD41-E3B4-4B71-880C-E4C0E9304B20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6C24096-2B64-4456-AA57-9E34B39130A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAEA9F1A-2A7A-4812-9D40-E8FDB848CA36}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC312B6B-88F9-4FC1-ACD8-52FA64D4557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C039F5AD-BAD7-4483-91E5-5AE4066B37DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4F05FEE-078C-41FA-9B2A-D7F50179A0E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C56097BC-9DDD-49A3-8D26-9E1649CCA0EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C69A4164-F706-4B82-882F-F2801814DBAA}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
"{CC75E072-0776-4B45-BA82-2E8F8BD45FBA}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE989507-5FA8-4573-B98D-819B99520793}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1E35034-1A80-412A-A190-B3C1FE8A8C7A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E33828B3-EEA0-4300-841F-8B8A5CEFF93C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6BF226F-288D-4145-9BB2-744BFCBA5C3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF3E614F-3B2F-4A06-8D27-F78FBD1249D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1E9C3CC-4C83-4BD7-9DE4-A0CE84EF7DAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6B3E78F-0C16-40C9-900F-5D5502610395}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7F950C9-4643-4463-9207-1D8BF9DF199F}" = rport=139 | protocol=6 | dir=out | app=system |
"{FADF5A87-8F24-45B8-81BA-DC3D47BDF35C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FFE5C3F4-5848-49FC-B223-DC91DCABE831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA9AD8-9A3E-43E2-8F8E-F391254B5F8D}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{03258669-212B-4A1D-839C-30428D1D38F3}" = protocol=6 | dir=in | app=c:\users\user\downloads\qvodsetup5.exe |
"{03DA29C3-6AFA-4A29-8647-2364CAE19CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{04118947-A603-4114-9C90-6AF8E6E4A05C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{0491D874-FDED-4E13-B057-EE222E667D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{05009E54-884F-4998-8157-43CE115BBC22}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{05FEEEBF-7E91-4426-8B46-251CBE633EED}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"{062BBCB5-99C7-470F-9B7D-89FE6A1505BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{06F235F4-7B18-47B0-B689-CA9AB8D3CF64}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{07072C72-D67C-4E8A-B419-1F6DAA591AE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{070D061E-C2B3-4F49-84A8-3B3C78691DAD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{08A34F99-7381-4CAA-B6DD-25B4591928BC}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_4\program\xldoctorui.exe |
"{0AB71B0E-1317-414A-8FD3-AADE02D4E115}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{0B0ECA8B-F370-4423-94D5-8E3B28B597BF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{0C49D178-FABF-4F55-B7F5-BC60E64F7B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{0D0DC554-4AA7-4B3D-B004-FDAE5D1DD4E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DF2DB0F-3ACF-406D-A2B0-3593145E4D94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC2C357-4EA7-4814-A986-534A8E9BB4F3}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{0FAA75B3-47FD-4350-843B-D3BE7807437F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{0FDCEA30-100E-4C71-B3F7-8BB17D3A442D}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{11587D86-B392-4B11-A088-FA3ABD192811}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{126D9D9B-60CB-489A-A63D-C1587F117B10}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{14BA216D-52E5-4AB2-A978-B94CCD32843D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{1762774B-5323-4AD1-90CC-5F627DA963CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{177CF8C4-86D8-4401-BB51-33DBE92F7EE0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{17D4E976-6D21-4460-A631-F30436EFD309}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{18814F38-C0AB-42C3-BE90-9B92EDDA5B8C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{191BD864-98E7-4F11-A973-00E1C8F0B29C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B6B8A13-B976-4E44-8EE9-6C6E9BAA152B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusic.exe |
"{1BDF04BE-BDBC-44D3-8170-538CE8C04509}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{1C400035-34CE-4FA5-B9F5-93666A944D4C}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C82029F-4DF0-4B66-84F4-DF9F2A01A5C9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{1D1C74AE-1FFE-4E1D-A612-A642D6CA9085}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{1FAAD5E5-3BD0-4762-AA9B-AEE2654B8DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderliveud.exe |
"{2138F446-7A5A-41D9-833D-91AD717BD838}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{213AFF3D-8669-4F34-874D-276136BC769D}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{21455DFC-94C8-47FF-B7DA-7E7801A5BD21}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{21EF8E48-8FD2-4DEC-83BE-25270566F10C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2262DB56-6DA2-4552-B0EE-9FCE96E47D2F}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{241F9F49-9164-44DC-B672-4E9A002DB0CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2458BB03-A669-4971-B128-A8B1DE0CA235}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicie.exe |
"{2479C094-90A9-4188-9CD3-F6934FEBF982}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{25805BDD-EF93-4DE4-8F03-5C8C0F7383BA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
"{264E860B-619F-49EC-BC53-DCBD30C327AE}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{26887A21-06B9-4793-A9BA-3A24083AFC83}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{2806051C-7A05-4C15-A746-A5F1139C53EA}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{292F662A-5244-4FEB-8ED9-BE8C6B6CB482}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{2A771415-0650-471C-85BB-0098ED81AE1E}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\filelink\xlfilelink.exe |
"{2AA93473-1DBF-49A5-8C68-9588151D56A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2BBCD9FE-F311-4FBF-B367-401351DA5593}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{2C80CD73-BCCC-4878-83C1-208BF8615E07}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{2C90398A-7723-413E-A31D-537992F8E687}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
"{2D6B129A-3B80-46EA-A28C-CF97B2375E02}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
"{2D79ABA8-7954-4273-941F-5CEA1F8AF6BF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{2DD1707F-929D-45A1-8C4F-AF1B76DBD94E}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{2F1E5DF2-DB0D-4EDA-A2A8-A0B3BE4D13BD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{305D245D-9E8D-40AA-998C-239242CD68CD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{30843656-E4A8-4854-B663-BD9CC542988F}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{30E977AF-5F87-4F47-B4BD-A19ECA7F9226}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{3141619A-DFED-4FB9-AC9E-6346F144756F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{318D7166-F5D6-4364-A676-B324E39F25B1}" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.14.0.4\yy.exe |
"{31C9BC38-8A1E-4397-BC02-C050906D2E24}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{327A9B77-B0D2-4CE0-B7C5-739C49B89721}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{32D82813-41D6-40C3-A7D7-9D11321C25BF}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{338DCDE1-04BB-4DDD-BCE6-F187178E7A30}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{34FB60D3-A3C6-43FF-8E26-FEF47517C9D7}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{35709F44-85D0-43B0-A7B8-FFFA465E7D10}" = protocol=17 | dir=in | app=c:\program files (x86)\ppsgame\ppsgame.exe |
"{35BEB792-507E-4EEE-AE73-0CB0090F8D58}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{3665C12F-386D-4A92-AFA6-BCD9A854D8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\filelink\xlfilelink.exe |
"{36A3D5EC-972A-41CB-BF56-7E5245B4989E}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{36BC6B2A-559E-4037-976A-C683B55C70E9}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{3743E0C2-783A-48AB-8109-E12B7C515C18}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{3775BE9C-A38A-4228-BB23-845505EEF74B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{379401AF-004F-49D6-8EEE-57DE0E62713D}" = protocol=17 | dir=in | app=e:\pps.tv\ppstream\ppstream.exe |
"{37C6BEF6-CF5A-45B0-AD96-3992870AB34C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{387539F5-7A4E-461F-94FF-E59708D33D06}" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.14.0.4\yy.exe |
"{38E0832B-3A51-4A34-A0D9-1E9466F72FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{3A6C8762-C5D9-405D-B239-C9937F01FD06}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{3B8F7ECB-7E38-48DF-AC3C-804B274D1D25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3BF1313A-6989-4BD3-A174-190FC136EA47}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderliveud.exe |
"{3D9435E8-8008-4555-A64A-7A5233025CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |
"{3DC6B2E8-DFEF-48A4-A4F3-925A538DAEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{3EFBFD89-01A9-4A95-A58D-12DEA395385B}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{409B106E-0040-4114-9740-0B4574379B37}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{40C6D043-1EF9-424B-8DAC-83D32062FA7C}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe |
"{40C83C39-3D74-4661-8FB5-49EE521FF3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\107\tencentdl.exe |
"{40CFF750-4CA2-4A7A-AFD8-89D421D227FE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{40EE2CCB-32A2-4FE2-B3F1-02036B990698}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{418D9B44-E429-419C-B529-80DCC3F3DD1F}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{41C17EF6-B705-4AB7-9C37-C2CA32535C54}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{41DFCD6C-F690-4C48-82BE-2786C9D24E2D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{421D9883-CEF2-4041-9198-80F1D5DAB511}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{43437E8E-9849-49DB-A4B3-218E66CD193D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{43A510E6-6732-42C1-B4FA-F4C88EC3FED2}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{44741AE1-61A9-497C-920E-F7BF15333EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderbhostat.exe |
"{45E110D5-A95C-42E7-A83D-47C5B516D827}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{460405C4-0791-4FA1-AAA0-0C18A674A490}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{466EA881-E05B-4BDD-B7CE-648EEB486F68}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{47CFA439-7FAE-454E-93BB-604AAFAC0E69}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{48DA6DED-9ADC-45CE-8ACE-66DD32C32F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{499F1590-519C-4946-AB9B-19415E0B258F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49A7F3F9-C066-4C5B-A010-5A8DD38A9CEE}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{4ACCB6EE-DFA2-4682-A1E7-C9C4CEE055C1}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{4B12B57C-75B4-4A10-8ADF-2ED16EEB26B5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{4D2B31FF-97D4-45CA-B5A4-BBC14F5DFE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4F0ECA99-4FE4-405E-9171-31A7B2B6BF5F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{50605343-457A-46E7-BB49-C2E1D1A443A8}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{509708C2-57B3-4684-ADBA-9B8D4B72DD71}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderbhostat.exe |
"{5180495C-7E67-495C-912A-B606B188CD54}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{51E87248-B719-4A02-B00F-64237B654789}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{537FB070-CD39-4652-9234-BC239501CA91}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{55EFCAA0-02D8-47D4-B71E-86E0C206A420}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5787AEA0-1A26-43E3-A56E-ADCE7D488334}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{5865A7B0-69D9-44D6-A5DA-9E37762FABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{58E8D0AE-6417-4F05-896F-69C27C374510}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{59F5461B-B91C-4F6D-A4F5-8846D1394B2C}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |

Carmen__Tsamg, Feb 8, 2013

#20

Page 1 of 3

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.