Solved I am so sorry again....i think i accidentally installed Yontoo, visual bee and deal ply...

Carmen__Tsamg

Carmen__Tsamg

Posts: 103   +0
It is me again, my bad!!! I don't know why but it just happened, ahhh help...I will post the 4 steps procedures as soon as possible
 
No, a different one, this is a lenovo laptop
PS the other computer at the first thread I started is still under the proccess for comfox? for at least 1 hours...
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.05.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kitty Tsang :: USER-THINK [administrator]
8/2/2013 15:39:23
mbam-log-2013-02-08 (15-39-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265175
Time elapsed: 9 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Kitty Tsang at 15:49:51 on 2013-02-08
Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.4007.2033 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\svchost.exe -k PPTVServiceGroup
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files (x86)\PPStream\PPSAP.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe
C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\KITTYT~1\AppData\Local\Temp\{EF060B78-43CE-4D77-B9E8-D90B354F757A}\ISBEW64.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\PPStream\PPStream.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN21556502532854319&ctid=CT3284023
uURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
mURLSearchHooks: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: VideoUrlSniffer Class: {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(401).dll
BHO: 捃濘FLV弝凊抻摯狟婥盓厥: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: BrowserHelper: {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
BHO: 捃濘狟婥盓厥: {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll
BHO: Windows Live ID 登入協助程式: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468 Class: {ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468} -
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: smartdownloader Class: {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: VisualBee V.1 Toolbar: {7aeae561-714b-45f6-ace3-4a8aed6e227b} - C:\Program Files (x86)\VisualBee_V.1\prxtbVis0.dll
uRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe
uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" -background
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun: [ConnectionManager] C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
mRun: [UIExec] "C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [Olympus ib] "C:\Program Files (x86)\Olympus\ib\olycamdetect.exe" /Startup
mRun: [MDS_Menu] "C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
StartupFolder: C:\Users\KITTYT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kitty Tsang\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\KITTYT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PPS.lnk - C:\Program Files (x86)\PPStream\PPStream.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &使用&迅雷下? - <no file>
IE: &使用&迅雷下?全部?接 - <no file>
IE: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 添加?前?到迅雷看看播放器?? - <no file>
IE: 發送圖像至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: 發送頁面至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
IE: {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{B5037CB4-5D75-4578-832C-3CC2AA2C729D} : DHCPNameServer = 204.197.191.194 38.117.85.2
TCP: Interfaces\{CC116FF0-8393-46DB-AC08-B5C8082FBD42} : DHCPNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{E4E0554F-A08F-4922-896E-3DA12292EF90}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E4E0554F-A08F-4922-896E-3DA12292EF90}\46C696E6B6023762E6 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: 捃濘狟婥盓厥: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.10.3694.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [Soluto] C:\Program Files\Soluto\soluto.exe /init
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>
x64-Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
x64-Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-1-13 23664]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-13 37720]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-1-17 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-4-25 198784]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2011-4-17 98816]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2011-4-17 166016]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-4-17 425000]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-4-17 39464]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-17 317440]
R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\System32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 97280]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-17 412776]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-9 167264]
S3 btusb64h;BUFFALO TurboUSB for HD Filter;C:\Windows\System32\drivers\btusb64h.sys [2012-1-24 28728]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-7-17 11776]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\System32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 98304]
S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\Windows\System32\drivers\nokia_cs1x_cdc_ecm.sys [2010-4-22 53760]
S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\System32\drivers\nokia_cs1x_cpo.sys [2010-4-22 13824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WINWORD.EXE="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1" [UserChoice] [default=edit - 'Open' doesn't exist]
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-02-08 08:08:03--------d-----w-C:\Program Files (x86)\Yontoo
2013-02-08 08:07:59--------d-----w-C:\ProgramData\Tarma Installer
2013-02-08 08:05:50--------d-----w-C:\Program Files (x86)\DealPly
2013-02-08 07:54:46--------d-----w-C:\Program Files (x86)\Conduit
2013-02-08 07:53:19--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Conduit
2013-02-08 07:53:15--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Bart_Ubing
2013-02-08 07:53:10--------d-----w-C:\Program Files (x86)\VisualBee_V.1
2013-02-08 07:52:29--------d-----w-C:\Users\Kitty Tsang\AppData\Local\CRE
2013-02-08 07:51:24--------d-----w-C:\Users\Kitty Tsang\AppData\Local\VisualBeeClient
2013-02-08 07:51:11--------d-----w-C:\Users\Kitty Tsang\AppData\Local\VisualBeeExe
2013-02-08 07:50:18--------d-----w-C:\ProgramData\VisualBee
2013-02-07 05:24:55--------d-----w-C:\ProgramData\Tencent
2013-02-07 05:23:15--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Tencent
2013-02-07 05:20:3961440----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-02-07 05:20:3961440----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
2013-02-07 05:20:39106496----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-02-07 05:20:39106496----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-02-07 05:20:39106496----a-r-C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-02-07 04:58:56--------d-----w-C:\Users\Kitty Tsang\AppData\Local\{CE18F04E-3F8F-4FD8-A23C-70FB5DAD9580}
2013-02-07 04:52:32--------d-----w-C:\Users\Kitty Tsang\AppData\Roaming\Tencent
2013-02-06 22:47:51--------d-sh--w-C:\$RECYCLE.BIN
2013-02-06 15:35:44--------d-----w-C:\Windows\ERUNT
2013-02-06 15:35:19--------d-----w-C:\JRT
2013-02-02 20:45:47--------d-----w-C:\Program Files\FreeFixer
2013-01-30 02:54:5587040----a-w-C:\Windows\System32\pdfcmnnt.dll
2013-01-30 02:54:55137000----a-w-C:\Windows\SysWow64\MSMAPI32.OCX
2013-01-30 02:54:5323552----a-w-C:\Windows\SysWow64\MSMPIDE.DLL
2013-01-30 02:54:53--------d-----w-C:\Program Files (x86)\PDFCreator
2013-01-30 02:52:50--------d-----w-C:\Users\Kitty Tsang\AppData\Local\Updater21802
2013-01-30 02:11:44--------d-----w-C:\Program Files (x86)\Logon Loader
2013-01-24 19:44:36--------d-----w-C:\found.002
2013-01-12 02:11:3635328----a-w-C:\Windows\System32\ImHttpComm.dll
2013-01-12 02:11:361261936----a-w-C:\Windows\System32\dmwu.exe
2013-01-12 02:11:36--------d-----w-C:\Windows\System32\ARFC
2013-01-12 02:10:10--------d-----w-C:\Users\Kitty Tsang\AppData\Local\PutLockerDownloader
2013-01-12 02:09:57--------d-----w-C:\Program Files (x86)\PutLockerDownloader
2013-01-12 02:09:54--------d-----w-C:\Program Files (x86)\PutLockerDownloader.com
.
==================== Find3M ====================
.
2013-02-08 10:44:2374096----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 10:44:23697712----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-07 05:17:1218760----a-w-C:\Windows\SysWow64\QQVistaHelper.dll
2013-01-24 15:02:3037720----a-w-C:\Windows\System32\drivers\avgtpx64.sys
2013-01-15 21:56:10477616----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-01-15 21:56:07473520----a-w-C:\Windows\SysWow64\deployJava1.dll
2012-12-25 04:31:52505312----a-w-C:\Windows\SysWow64\PPTVSvc.dll
2012-12-25 04:31:50399968----a-w-C:\Windows\SysWow64\PPTVLauncher.exe
2012-12-25 04:31:50399968----a-w-C:\Windows\System32\PPTVLauncher.exe
2012-12-25 04:31:422585056----a-w-C:\Windows\System32\kindling.dll
2012-12-25 04:31:422299360----a-w-C:\Windows\SysWow64\kindling.dll
2012-12-16 17:11:2246080----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03367616----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:2034304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-14 21:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
2012-12-07 11:19:5721504----a-w-C:\Windows\System32\grb.rs
2012-12-07 11:19:5715360----a-w-C:\Windows\System32\djctq.rs
2012-12-07 11:19:5655296----a-w-C:\Windows\System32\cero.rs
2012-12-07 11:19:5551712----a-w-C:\Windows\System32\esrb.rs
2012-11-30 05:45:35362496----a-w-C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35243200----a-w-C:\Windows\System32\wow64.dll
2012-11-30 05:45:3513312----a-w-C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14215040----a-w-C:\Windows\System32\winsrv.dll
2012-11-30 05:43:1216384----a-w-C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07424448----a-w-C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:005120----a-w-C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48338432----a-w-C:\Windows\System32\conhost.exe
2012-11-30 02:44:0625600----a-w-C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:047680----a-w-C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:0414336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:032048----a-w-C:\Windows\SysWow64\user.exe
2012-11-30 02:38:596144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:594608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:593584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:593072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:313149824----a-w-C:\Windows\System32\win32k.sys
2012-11-23 03:13:5768608----a-w-C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23800768----a-w-C:\Windows\System32\usp10.dll
2012-11-22 04:45:03626688----a-w-C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49307200----a-w-C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09220160----a-w-C:\Windows\SysWow64\ncrypt.dll
2012-11-16 20:34:3090112----a-w-C:\Windows\SysWow64\atl71.dll
2012-11-16 20:34:1879824----a-w-C:\Windows\xinstaller.dll
2012-11-16 20:34:1834768----a-w-C:\Windows\xinstaller.exe
2012-11-16 04:33:24111968----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:51:35.07 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家用進階版
Boot Device: \Device\HarddiskVolume1
Install Date: 15/7/2011 6:21:05
System Uptime: 8/2/2013 13:18:14 (2 hours ago)
.
Motherboard: LENOVO | | 114322B
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 155.22 GiB free.
D: is CDROM ()
H: is Removable
Q: is FIXED (NTFS) - 16 GiB total, 0.001 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP212: 6/2/2013 11:10:05 - ComboFix created restore point
RP213: 7/2/2013 17:01:02 - Clean
RP214: 7/2/2013 17:02:59 - OTL Restore Point - 7/2/2013 17:02:59
RP215: 7/2/2013 17:03:28 - OTL Restore Point - 7/2/2013 17:03:28
RP216: 7/2/2013 17:29:20 - Installed Java(TM) 6 Update 39
RP217: 8/2/2013 13:24:07 - 已設定 PowerDirector
.
==== Installed Programs ======================
.
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) - Chinese Traditional
Apple Mobile Device Support
Apple Software Update
Apple 應用程式支援
Auslogics Disk Defrag
AVG 2013
Bing Rewards Client Installer
Bonjour
Broadcom InConcert Maestro
BUFFALO TurboUSB for FLASH/HDD
Chinese Simplified Fonts Support For Adobe Reader X
Conexant HD Audio
Create Recovery Media
CyberLink PowerDirector 11
D3DX10
DealPly
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
Dropbox
Duplicate Cleaner 2.0.6
Eusing Free Registry Cleaner
FreeFixer
Google Chrome
Google Update Helper
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Wireless Display
iTunes
Java Auto Updater
Java(TM) 6 Update 31 (64-bit)
Java(TM) 6 Update 39
Junk Mail filter update
jZip
K-Lite Codec Pack 7.2.0 (Full)
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Logon Loader 3.0
Malwarebytes Anti-Malware 版本 1.70.0.1100
Mesh Runtime
Message Center Plus
Messenger ??器插件
Messenger Companion
Messenger 分享元件
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (French) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (French) 2010
Microsoft Office Excel Viewer
Microsoft Office Groove MUI (Chinese (Traditional)) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (French) 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (French) 2010
Microsoft Office Language Pack 2010 - Chinese (Traditional)/中文(繁體)
Microsoft Office Language Pack 2010 - French/Francais
Microsoft Office O MUI (Chinese (Traditional)) 2010
Microsoft Office O MUI (French) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (French) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (French) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (French) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (French) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (French) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (French) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (French) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Chinese (Traditional)) 2010
Microsoft Office SharePoint Designer MUI (French) 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (French) 2010
Microsoft Office X MUI (Chinese (Traditional)) 2010
Microsoft Office X MUI (French) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
NirSoft BlueScreenView
Nokia Internet Modem
Norton Security Scan
OLYMPUS Digital Camera Updater
Olympus ib
OLYMPUS Viewer 2
On Screen Display
one2free Next G Connection Manager
OpenOffice.org 3.3
Pandora Service
PDFCreator
Picasa 3
PPSGame V1.0.1.452
PPStream V2.7.0.1499 Final
PPTV厙釐萇弝 V3.3.0.0061
QQ音?8.4
QuickBooks
QuickBooks Premier Edition 2010
QuickTime
RapidBoot
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
RealUpgrade 1.1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
RICOH Media Driver v2.10.18.02
Safari
Sage Simply Accounting 2012
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype? 6.0
Soluto
SupportSoft Assisted Service
System Update
Tencent QQ
The KMPlayer (remove only)
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Communications Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VisualBee for Microsoft PowerPoint
VisualBee V.1 Toolbar
Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
Windows Driver Package - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)
Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
Windows Live ?件包
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片?
Windows Live 影像中心
Windows 驅動程式封裝 - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
WinRAR 4.00 (32 位元)
WinRAR 4.00 (64 位元)
Yahoo! Install Manager
Yontoo 1.12.02
Youtube Downloader HD v. 2.9.4
Youtube Music Downloader V3.8.3
Youtube to MP3 Converter v. 1.4
YTD Toolbar v6.7
YTD Video Downloader 3.9
用于?程?接的 Windows Live Mesh ActiveX 控件(?体中文)
百度影音1.16.0.73
迅雷看看播放器
捃濘7
適用遠端連線的 Windows Live Mesh ActiveX 控制項
蹄僩秞氈2012
騰訊QQ2012
.
==== End Of File ===========================
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.5.0 [Feb 8 2013] tigzy 設計製作
電子郵件 : tigzyRK<at>gmail<dot>com
意見反應 : https://www.techspot.com/downloads/5562-roguekiller.html
網站 : http://tigzy.geekstogo.com/roguekiller.php
部落格 : http://tigzyrk.blogspot.com/

作業系統 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
開始在 : 標準模式
使用者 : Kitty Tsang [系統管理員權限]
模式 : Remove -- 日期 : 02/08/2013 16:24:31
| ARK || FAK || MBR |

¤¤¤ 損壞的處理程序 : 0 ¤¤¤

¤¤¤ 系統登錄項目 : 6 ¤¤¤
[TASK][SUSP PATH] Updater21802.exe : C:\Users\Kitty Tsang\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack -> 已刪除
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> 已刪除
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 已取代 (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> 已取代 (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 已取代 (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 已取代 (0)

¤¤¤ 特定檔案/資料夾: ¤¤¤

¤¤¤ 驅動程式 : [未載入] ¤¤¤

¤¤¤ HOSTS 檔: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR 檢查: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 68a7d29e4c1a2c50fa43131fedb8e6ad
[BSP] c9539f4342e8d6ab537d231c2b58eb58 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ee2077de975996c13db83dcb29a691d0
[BSP] 6e74cb94b5841094bdff1cb99ec1f724 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo

+++++ PhysicalDrive1: Ricoh MMC Disk Device +++++
--- User ---
[MBR] cef041724bdf61e1fea4eb34ba38357b
[BSP] 319ab95ab614f6c7eb4a926e9b11c54a : MBR Code unknown
Partition table:
Error reading LL1 MBR!
Error reading LL2 MBR!

完成 : << RKreport[2]_D_02082013_02d1624.txt >>
RKreport[1]_S_02082013_02d1618.txt ; RKreport[2]_D_02082013_02d1624.txt
 
[FONT=Courier New]RogueKiller V8.5.0 [Feb 8 2013] tigzy [/FONT]設計製作
電子郵件[FONT=Courier New] : tigzyRK<at>gmail<dot>com[/FONT]
意見反應[FONT=Courier New] : https://www.techspot.com/downloads/5562-roguekiller.html[/FONT]
網站[FONT=Courier New] : http://tigzy.geekstogo.com/roguekiller.php[/FONT]
部落格[FONT=Courier New] : http://tigzyrk.blogspot.com/[/FONT]
[FONT=Courier New] [/FONT]
作業系統[FONT=Courier New] : Windows 7 (6.1.7601 Service Pack 1) 64 bits version[/FONT]
開始在[FONT=Courier New] : [/FONT]標準模式
使用者[FONT=Courier New] : Kitty Tsang [[/FONT]系統管理員權限[FONT=Courier New]][/FONT]
模式[FONT=Courier New] : [/FONT]掃瞄[FONT=Courier New] -- [/FONT]日期[FONT=Courier New] : 02/08/2013 16:18:38[/FONT]
[FONT=Courier New]| ARK || FAK || MBR |[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ [/FONT]損壞的處理程序[FONT=Courier New] : 0 ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ [/FONT]系統登錄項目[FONT=Courier New] : 9 ¤¤¤[/FONT]
[FONT=Courier New][TASK][SUSP PATH] Updater21802.exe : C:\Users\Kitty Tsang\AppData\Local\Updater21802\Updater21802.exe /extensionid=21802 /extensionname="Shopping Sidekick Plugin" /chromeid=dlopielgodpjhkbapdlbbicpiefpaack -> [/FONT]找到
[FONT=Courier New][HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> [/FONT]找到
[FONT=Courier New][HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> [/FONT]找到
[FONT=Courier New][HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> [/FONT]找到
[FONT=Courier New][HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> [/FONT]找到
[FONT=Courier New][HJ] HKLM\[...]\System : EnableLUA (0) -> [/FONT]找到
[FONT=Courier New][HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> [/FONT]找到
[FONT=Courier New][HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> [/FONT]找到
[FONT=Courier New][HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> [/FONT]找到
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ [/FONT]特定檔案[FONT=Courier New]/[/FONT]資料夾[FONT=Courier New]: ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ [/FONT]驅動程式[FONT=Courier New] : [[/FONT]未載入[FONT=Courier New]] ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ HOSTS [/FONT]檔[FONT=Courier New]: ¤¤¤[/FONT]
[FONT=Courier New]--> C:\Windows\system32\drivers\etc\hosts[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]127.0.0.1 localhost[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]¤¤¤ MBR [/FONT]檢查[FONT=Courier New]: ¤¤¤[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]+++++ PhysicalDrive0: ST9500420AS +++++[/FONT]
[FONT=Courier New]--- User ---[/FONT]
[FONT=Courier New][MBR] 68a7d29e4c1a2c50fa43131fedb8e6ad[/FONT]
[FONT=Courier New][BSP] c9539f4342e8d6ab537d231c2b58eb58 : Lenovo tatooed MBR Code[/FONT]
[FONT=Courier New]Partition table:[/FONT]
[FONT=Courier New]0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo[/FONT]
[FONT=Courier New]1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo[/FONT]
[FONT=Courier New]2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo[/FONT]
[FONT=Courier New]User = LL1 ... OK![/FONT]
[FONT=Courier New]User != LL2 ... KO![/FONT]
[FONT=Courier New]--- LL2 ---[/FONT]
[FONT=Courier New][MBR] ee2077de975996c13db83dcb29a691d0[/FONT]
[FONT=Courier New][BSP] 6e74cb94b5841094bdff1cb99ec1f724 : Windows Vista MBR Code[/FONT]
[FONT=Courier New]Partition table:[/FONT]
[FONT=Courier New]0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo[/FONT]
[FONT=Courier New]1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 459737 Mo[/FONT]
[FONT=Courier New]2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944003072 | Size: 16000 Mo[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]+++++ PhysicalDrive1: Ricoh MMC Disk Device +++++[/FONT]
[FONT=Courier New]--- User ---[/FONT]
[FONT=Courier New][MBR] cef041724bdf61e1fea4eb34ba38357b[/FONT]
[FONT=Courier New][BSP] 319ab95ab614f6c7eb4a926e9b11c54a : MBR Code unknown[/FONT]
[FONT=Courier New]Partition table:[/FONT]
[FONT=Courier New]Error reading LL1 MBR![/FONT]
[FONT=Courier New]Error reading LL2 MBR![/FONT]
[FONT=Courier New] [/FONT]
完成[FONT=Courier New] : << RKreport[1]_S_02082013_02d1618.txt >>[/FONT]
[FONT=Courier New]RKreport[1]_S_02082013_02d1618.txt[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
 
I can also see Yontoo in your installed programs.
Did you try to simply uninstall it?
 
[FONT=Courier New]---------------------------------------[/FONT]
[FONT=Courier New]Malwarebytes Anti-Rootkit BETA 1.01.0.1020[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New](c) Malwarebytes Corporation 2011-2012[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]OS version: 6.1.7601 Windows 7 Service Pack 1 x64[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Account is Administrative[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Internet Explorer version: 9.0.8112.16421[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Java version: 1.6.0_39[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]File system is: NTFS[/FONT]
[FONT=Courier New]Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED[/FONT]
[FONT=Courier New]CPU speed: 2.095000 GHz[/FONT]
[FONT=Courier New]Memory total: 4201889792, free: 1642332160[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]------------ Kernel report ------------[/FONT]
[FONT=Courier New] 02/08/2013 16:27:34[/FONT]
[FONT=Courier New]------------ Loaded modules -----------[/FONT]
[FONT=Courier New]\SystemRoot\system32\ntoskrnl.exe[/FONT]
[FONT=Courier New]\SystemRoot\system32\hal.dll[/FONT]
[FONT=Courier New]\SystemRoot\system32\kdcom.dll[/FONT]
[FONT=Courier New]\SystemRoot\system32\mcupdate_GenuineIntel.dll[/FONT]
[FONT=Courier New]\SystemRoot\system32\PSHED.dll[/FONT]
[FONT=Courier New]\SystemRoot\system32\CLFS.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\CI.dll[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\Wdf01000.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\WDFLDR.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\ACPI.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\WMILIB.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\msisadrv.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\pci.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\vdrvroot.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\partmgr.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\compbatt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\BATTC.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\volmgr.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\volmgrx.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\mountmgr.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\iaStor.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\atapi.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\ataport.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\msahci.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\PCIIDEX.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\amdxata.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\fltmgr.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\fileinfo.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\Ntfs.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\msrpc.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\ksecdd.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\cng.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\pcw.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\Fs_Rec.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\ndis.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\NETIO.SYS[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\ksecpkg.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\tcpip.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\fwpkclnt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\volsnap.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\ApsHM64.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\spldr.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\rdyboost.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\Apsx64.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\mup.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\hwpolicy.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\fvevol.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\disk.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\CLASSPNP.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgrkx64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgloga.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgmfx64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgidsha.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\cdrom.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\Null.SYS[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\Beep.SYS[/FONT]
[FONT=Courier New]\??\C:\Windows\system32\drivers\avgtpx64.sys[/FONT]
[FONT=Courier New]\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\vga.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\VIDEOPRT.SYS[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\watchdog.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\RDPCDD.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\rdpencdd.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\rdprefmp.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\Msfs.SYS[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\Npfs.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\tdx.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\TDI.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgtdia.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\netbt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\afd.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\ws2ifsl.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\wfplwf.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\pacer.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\vwififlt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\netbios.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\wanarp.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\Tppwr64v.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\termdd.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\rdbss.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\nsiproxy.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\mssmbios.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\smiifx64.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\discache.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\dfsc.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\blbdrive.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgldx64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\avgidsdrivera.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\tunnel.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\igdkmd64.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\dxgkrnl.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\dxgmms1.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\HECIx64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\usbehci.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\USBPORT.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\HDAudBus.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\Rt64win7.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\risdxc64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\NETwNs64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\vwifibus.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\CmBatt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\ibmpmdrv.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\i8042prt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\kbdclass.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\SynTP.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\USBD.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\mouclass.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\intelppm.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\wmiacpi.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\CompositeBus.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\AgileVpn.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\rasl2tp.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\ndistapi.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\ndiswan.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\raspppoe.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\raspptp.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\rassstp.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\psadd.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\swenum.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\ks.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\umbus.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\nokia_cs1x_dc_enum.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\WDKMD.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\usbhub.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\NDProxy.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\CHDRT64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\portcls.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\drmk.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\ksthunk.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\IntcDAud.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\hidusb.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\HIDCLASS.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\HIDPARSE.SYS[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\fastfat.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\mouhid.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\usbccgp.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\btwampfl.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\BTHUSB.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\bthport.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\5U877.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\STREAM.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\rfcomm.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\BthEnum.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\bthpan.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\btwavdt.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\btwaudio.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\btwl2cap.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\btwrchid.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\crashdmp.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\dump_iaStor.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\dump_dumpfve.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\win32k.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\Dxapi.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\monitor.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\TSDDD.dll[/FONT]
[FONT=Courier New]\SystemRoot\System32\cdd.dll[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\luafv.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\lltdio.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\nwifi.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\ndisuio.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\rspndr.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\HTTP.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\bowser.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\mpsdrv.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\mrxsmb.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\mrxsmb10.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\mrxsmb20.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\peauth.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\Drivers\secdrv.SYS[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\vwifimp.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\srvnet.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\drivers\tcpipreg.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\srv2.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\DRIVERS\srv.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\drivers\WudfPf.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\WUDFRd.sys[/FONT]
[FONT=Courier New]\??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys[/FONT]
[FONT=Courier New]\SystemRoot\system32\DRIVERS\asyncmac.sys[/FONT]
[FONT=Courier New]\SystemRoot\System32\ATMFD.DLL[/FONT]
[FONT=Courier New]\??\C:\Windows\system32\drivers\mbamchameleon.sys[/FONT]
[FONT=Courier New]\??\C:\Windows\system32\drivers\mbamswissarmy.sys[/FONT]
[FONT=Courier New]\Windows\System32\ntdll.dll[/FONT]
[FONT=Courier New]\Windows\System32\smss.exe[/FONT]
[FONT=Courier New]\Windows\System32\apisetschema.dll[/FONT]
[FONT=Courier New]----------- End -----------[/FONT]
[FONT=Courier New]<<<1>>>[/FONT]
[FONT=Courier New]Upper Device Name: \Device\Harddisk1\DR1[/FONT]
[FONT=Courier New]Upper Device Object: 0xfffffa8007ccc060[/FONT]
[FONT=Courier New]Upper Device Driver Name: \Driver\Disk\[/FONT]
[FONT=Courier New]Lower Device Name: \Device\0000007d\[/FONT]
[FONT=Courier New]Lower Device Object: 0xfffffa8007d1f920[/FONT]
[FONT=Courier New]Lower Device Driver Name: \Driver\risdxc\[/FONT]
[FONT=Courier New]Driver name found: risdxc[/FONT]
[FONT=Courier New]Load Function returned 0xc0000001[/FONT]
[FONT=Courier New]<<<1>>>[/FONT]
[FONT=Courier New]Upper Device Name: \Device\Harddisk0\DR0[/FONT]
[FONT=Courier New]Upper Device Object: 0xfffffa8006684060[/FONT]
[FONT=Courier New]Upper Device Driver Name: \Driver\Disk\[/FONT]
[FONT=Courier New]Lower Device Name: \Device\Ide\IAAStorageDevice-1\[/FONT]
[FONT=Courier New]Lower Device Object: 0xfffffa8005421050[/FONT]
[FONT=Courier New]Lower Device Driver Name: \Driver\iaStor\[/FONT]
[FONT=Courier New]Driver name found: iaStor[/FONT]
[FONT=Courier New]Initialization returned 0x0[/FONT]
[FONT=Courier New]Load Function returned 0x0[/FONT]
[FONT=Courier New]Downloaded database version: v2013.02.08.08[/FONT]
[FONT=Courier New]Initializing...[/FONT]
[FONT=Courier New]Done![/FONT]
[FONT=Courier New]<<<2>>>[/FONT]
[FONT=Courier New]Device number: 0, partition: 2[/FONT]
[FONT=Courier New]Physical Sector Size: 512[/FONT]
[FONT=Courier New]Drive: 0, DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\[/FONT]
[FONT=Courier New]--------- Disk Stack ------[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8006684980, DeviceName: Unknown, DriverName: \Driver\partmgr\[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8006685040, DeviceName: Unknown, DriverName: \Driver\Shockprf\[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa800541cb20, DeviceName: Unknown, DriverName: \Driver\ACPI\[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8005421050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\[/FONT]
[FONT=Courier New]------------ End ----------[/FONT]
[FONT=Courier New]Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\[/FONT]
[FONT=Courier New]Upper DeviceData: 0xfffff8a011c4e370, 0xfffffa8006684060, 0xfffffa8009160580[/FONT]
[FONT=Courier New]Lower DeviceData: 0xfffff8a011fc0610, 0xfffffa8005421050, 0xfffffa80093da090[/FONT]
[FONT=Courier New]<<<3>>>[/FONT]
[FONT=Courier New]Volume: C:[/FONT]
[FONT=Courier New]File system type: NTFS[/FONT]
[FONT=Courier New]SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes[/FONT]
[FONT=Courier New]Scanning directory: C:\Windows\system32\drivers...[/FONT]
[FONT=Courier New]<<<2>>>[/FONT]
[FONT=Courier New]Device number: 0, partition: 2[/FONT]
[FONT=Courier New]<<<3>>>[/FONT]
[FONT=Courier New]Volume: C:[/FONT]
[FONT=Courier New]File system type: NTFS[/FONT]
[FONT=Courier New]SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes[/FONT]
[FONT=Courier New]Done![/FONT]
[FONT=Courier New]Drive 0[/FONT]
[FONT=Courier New]Scanning MBR on drive 0...[/FONT]
[FONT=Courier New]Inspecting partition table:[/FONT]
[FONT=Courier New]MBR Signature: 55AA[/FONT]
[FONT=Courier New]Disk Signature: 9B1CD53[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Partition information:[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 0 type is Primary (0x7)[/FONT]
[FONT=Courier New] Partition is ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 2048 Numsec = 2457600[/FONT]
[FONT=Courier New] Partition file system is NTFS[/FONT]
[FONT=Courier New] Partition is bootable[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 1 type is Primary (0x7)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 2459648 Numsec = 941543416[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 2 type is Primary (0x7)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 944003072 Numsec = 32768000[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 3 type is Empty (0x0)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 0 Numsec = 0[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Disk Size: 500107862016 bytes[/FONT]
[FONT=Courier New]Sector size: 512 bytes[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...[/FONT]
[FONT=Courier New]Physical Sector Size: 512[/FONT]
[FONT=Courier New]Drive: 1, DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\[/FONT]
[FONT=Courier New]--------- Disk Stack ------[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8007d02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\[/FONT]
[FONT=Courier New]DevicePointer: 0xfffffa8007d1f920, DeviceName: \Device\0000007d\, DriverName: \Driver\risdxc\[/FONT]
[FONT=Courier New]------------ End ----------[/FONT]
[FONT=Courier New]Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\[/FONT]
[FONT=Courier New]Upper DeviceData: 0x0, 0x0, 0x0[/FONT]
[FONT=Courier New]Lower DeviceData: 0x0, 0x0, 0x0[/FONT]
[FONT=Courier New]Drive 1[/FONT]
[FONT=Courier New]Scanning MBR on drive 1...[/FONT]
[FONT=Courier New]Inspecting partition table:[/FONT]
[FONT=Courier New]MBR Signature: 55AA[/FONT]
[FONT=Courier New]Disk Signature: 0[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Partition information:[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 0 type is Empty (0x0)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 0 Numsec = 0[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 1 type is Empty (0x0)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 0 Numsec = 0[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 2 type is Empty (0x0)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 0 Numsec = 0[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] Partition 3 type is Empty (0x0)[/FONT]
[FONT=Courier New] Partition is NOT ACTIVE.[/FONT]
[FONT=Courier New] Partition starts at LBA: 0 Numsec = 0[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Disk Size: 128450560 bytes[/FONT]
[FONT=Courier New]Sector size: 512 bytes[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]Done![/FONT]
[FONT=Courier New]Performing system, memory and registry scan...[/FONT]
[FONT=Courier New]Read File: File "c:\ProgramData\AVG2013\chjw\4e1aea7b1aea6007.dat" is sparse (flags = 32768)[/FONT]
[FONT=Courier New]Done![/FONT]
[FONT=Courier New]Scan finished[/FONT]
[FONT=Courier New]=======================================[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_39
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.095000 GHz
Memory total: 4201889792, free: 1642332160
------------ Kernel report ------------
02/08/2013 16:27:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiifx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nokia_cs1x_dc_enum.sys
\SystemRoot\system32\DRIVERS\WDKMD.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\btwampfl.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007ccc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8007d1f920
Lower Device Driver Name: \Driver\risdxc\
Driver name found: risdxc
Load Function returned 0xc0000001
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006684060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005421050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.08.08
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006684980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006685040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006684060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800541cb20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005421050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0xfffff8a011c4e370, 0xfffffa8006684060, 0xfffffa8009160580
Lower DeviceData: 0xfffff8a011fc0610, 0xfffffa8005421050, 0xfffffa80093da090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9B1CD53
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2457600
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2459648 Numsec = 941543416
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 944003072 Numsec = 32768000
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007d02b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ccc060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007d1f920, DeviceName: \Device\0000007d\, DriverName: \Driver\risdxc\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0
Partition information:
Partition 0 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128450560 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "c:\ProgramData\AVG2013\chjw\4e1aea7b1aea6007.dat" is sparse (flags = 32768)
Done!
Scan finished
=======================================
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-02-07.02 - Kitty Tsang 02/2013 週五 17:08:58.3.4 - x64
Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.4007.2382 [GMT -5:00]
執行位置: c:\users\Kitty Tsang\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20121231182941_yingchao121231zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130201170743_xinmenghuanzhicheng130201zhuhuanchong15s1.swf
c:\favoritevideo\InvisibleFolder\20130201170821_xinmenghuanzhicheng130201zhuhuanchong15s2.swf
c:\favoritevideo\InvisibleFolder\20130201171914_chuangshisanguo130201zhuhuanchong15s3.swf
c:\favoritevideo\InvisibleFolder\20130201172152_chuangshisanguo130201yixingqipao3.swf
c:\favoritevideo\InvisibleFolder\20130204171757_itongyisucai130204zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130204172217_rtongyisucai130204zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130205112159_dongfengrichan130205zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130205170435_guangqichuanqi130205zhuhuanchong15snew.swf
c:\favoritevideo\InvisibleFolder\20130205170523_guangqichuanqi130205zhuztnew.swf
c:\favoritevideo\InvisibleFolder\20130206115102_37wan130208zhuztA.swf
c:\favoritevideo\InvisibleFolder\20130206140659_37wan130212zhuztA.swf
c:\favoritevideo\InvisibleFolder\20130206140702_37wan130212zhuztB.swf
c:\favoritevideo\InvisibleFolder\20130206152917_baidu130207zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130206154843_shenjiangsanguo130206zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206154911_shenjiangsanguo130206zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130206154950_shenjiangsanguo130206zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130206155125_shenjiangsanguo130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206155204_shenjiangsanguo130206qipao3.swf
c:\favoritevideo\InvisibleFolder\20130206155912_qingshiqiyuan130206zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130206160016_qingshiqingyuan130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206160046_qingshiqiyuan130206qipao2.swf
c:\favoritevideo\InvisibleFolder\20130206161355_tianxingjian130206zhuhuanchong15s3.swf
c:\favoritevideo\InvisibleFolder\20130206161626_tianxingjian130206yixingqipao2.swf
c:\favoritevideo\InvisibleFolder\20130206161648_tianxingjian130206yixingqipao3.swf
c:\favoritevideo\InvisibleFolder\20130206162100_fanrenxiuzhen130206zhuhuanchong15s1.swf
c:\favoritevideo\InvisibleFolder\20130206171511_qinmeiren130211zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206171539_qinmeiren130211zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130206171840_qinmeiren130211qipao2.swf
c:\favoritevideo\InvisibleFolder\20130206171907_qinmeiren130211qipao3.swf
c:\favoritevideo\InvisibleFolder\20130206172942_liehuozhanshen130206zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206173215_liehuozhanshen130206zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130206173355_liehuozhanshen130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206174028_chuangshi130206zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130206174241_chuangshi130206qipao1.swf
c:\favoritevideo\InvisibleFolder\20130206174256_chuangshi130206qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207102810_tulong130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207102958_tulong130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207103154_tulong130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207103213_tulong130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207104822_jiangshen130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207104837_jiangshen130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207104900_jiangshen130207zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130207105011_jiangshen130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207105043_jiangshen130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207105104_jiangshen130207qipao3.swf
c:\favoritevideo\InvisibleFolder\20130207105728_shenxiandao130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207105838_shenxiandao130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207105940_shenxiandao130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207110003_shenxiandao130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207110920_sanguoyanyi130207zhuhc1.swf
c:\favoritevideo\InvisibleFolder\20130207110941_sanguoyanyi130207zhuhc2.swf
c:\favoritevideo\InvisibleFolder\20130207111034_sanguoyanyi130207qipao1.swf
c:\favoritevideo\InvisibleFolder\20130207111044_sanguoyanyi130207qipao2.swf
c:\favoritevideo\InvisibleFolder\20130207111845_xuanxianchuanqi130207zhuhuanchong15s2.swf
c:\favoritevideo\InvisibleFolder\20130207112257_xuandongchuanqi130207yixingqipao2.swf
c:\favoritevideo\InvisibleFolder\20130207113037_daxiazhuan130207zhuhuanchong15s1.swf
c:\favoritevideo\InvisibleFolder\20130207113125_daxiazhuan130207zhuhuanchong15s2.swf
c:\favoritevideo\InvisibleFolder\20130207113159_daxiazhuan130207yixingqipao1.swf
c:\favoritevideo\InvisibleFolder\20130207113217_daxiazhuan130207yixingqipao2.swf
c:\favoritevideo\InvisibleFolder\20130207140814_ntongyisucai130207zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207141617_qtongyisucai130207zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207143046_20130204171817_itongyisucai130204zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207143253_tongyi130207zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130207144237_stongyisucai130204zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207145134_20130204172242_rtongyisucai130204zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130207161808_ntongyisucai130207newzhuhc.swf
c:\favoritevideo\InvisibleFolder\20130207165555_pptvlogo.jpg
c:\favoritevideo\InvisibleFolder\20130207170435_tulongchuanshuo130207zhuhc3.swf
c:\favoritevideo\InvisibleFolder\20130207170559_tulongchuanshuo130207qipao3.swf
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pptv_jiejisanguo_130130.exe
c:\favoritevideo\InvisibleFolder\pptv_qinshiqingyuan_130130.exe
c:\favoritevideo\InvisibleFolder\productupdate.dll
c:\favoritevideo\InvisibleFolder\tipsbubble.dll
c:\favoritevideo\InvisibleFolder\tipsclient.dll
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
.
.
((((((((((((((((((((((((( 2013-01-08 至 2013-02-08 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2013-02-08 22:30 . 2013-02-08 22:30--------d-----w-c:\users\user\AppData\Local\temp
2013-02-08 22:30 . 2013-02-08 22:30--------d-----w-c:\users\TEMP\AppData\Local\temp
2013-02-08 22:30 . 2013-02-08 22:30--------d-----w-c:\users\Default\AppData\Local\temp
2013-02-08 08:07 . 2013-02-08 21:33--------d-----w-c:\programdata\Tarma Installer
2013-02-08 07:54 . 2013-02-08 07:54--------d-----w-c:\program files (x86)\Conduit
2013-02-08 07:53 . 2013-02-08 07:53--------d-----w-c:\users\Kitty Tsang\AppData\Local\Conduit
2013-02-08 07:53 . 2013-02-08 07:53--------d-----w-c:\users\Kitty Tsang\AppData\Local\Bart_Ubing
2013-02-08 07:53 . 2013-02-08 08:14--------d-----w-c:\program files (x86)\VisualBee_V.1
2013-02-08 07:52 . 2013-02-08 07:52--------d-----w-c:\users\Kitty Tsang\AppData\Local\CRE
2013-02-08 07:51 . 2013-02-08 07:52--------d-----w-c:\users\Kitty Tsang\AppData\Local\VisualBeeClient
2013-02-08 07:51 . 2013-02-08 07:51--------d-----w-c:\users\Kitty Tsang\AppData\Local\VisualBeeExe
2013-02-08 07:50 . 2013-02-08 07:50--------d-----w-c:\programdata\VisualBee
2013-02-07 05:24 . 2013-02-07 05:24--------d-----w-c:\programdata\Tencent
2013-02-07 05:23 . 2013-02-07 05:23--------d-----w-c:\users\Kitty Tsang\AppData\Local\Tencent
2013-02-07 05:20 . 2013-02-07 05:2061440----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2013-02-07 05:20 . 2013-02-07 05:2061440----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
2013-02-07 05:20 . 2013-02-07 05:20106496----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2013-02-07 05:20 . 2013-02-07 05:20106496----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2013-02-07 05:20 . 2013-02-07 05:20106496----a-r-c:\users\Kitty Tsang\AppData\Roaming\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2013-02-07 04:52 . 2013-02-08 07:15--------d-----w-c:\users\Kitty Tsang\AppData\Roaming\Tencent
2013-02-06 15:35 . 2013-02-06 15:35--------d-----w-c:\windows\ERUNT
2013-02-06 15:35 . 2013-02-06 15:35--------d-----w-C:\JRT
2013-02-02 20:45 . 2013-02-02 20:45--------d-----w-c:\users\user\AppData\Roaming\FreeFixer
2013-02-02 20:45 . 2013-02-02 20:45--------d-----w-c:\users\user\AppData\Local\FreeFixer
2013-02-02 20:45 . 2013-02-02 20:45--------d-----w-c:\program files\FreeFixer
2013-01-30 02:54 . 2005-03-12 05:0787040----a-w-c:\windows\system32\pdfcmnnt.dll
2013-01-30 02:54 . 1998-06-24 05:00137000----a-w-c:\windows\SysWow64\MSMAPI32.OCX
2013-01-30 02:54 . 2013-01-30 02:55--------d-----w-c:\program files (x86)\PDFCreator
2013-01-30 02:54 . 1998-07-06 05:0023552----a-w-c:\windows\SysWow64\MSMPIDE.DLL
2013-01-30 02:52 . 2013-01-30 02:52--------d-----w-c:\users\Kitty Tsang\AppData\Local\Updater21802
2013-01-30 02:11 . 2013-01-30 02:21--------d-----w-c:\program files (x86)\Logon Loader
2013-01-24 19:44 . 2013-01-24 19:44--------d-----w-C:\found.002
2013-01-12 02:11 . 2013-01-12 02:11--------d-----w-c:\windows\system32\ARFC
2013-01-12 02:11 . 2012-10-02 15:201261936----a-w-c:\windows\system32\dmwu.exe
2013-01-12 02:11 . 2012-10-02 15:1935328----a-w-c:\windows\system32\ImHttpComm.dll
2013-01-12 02:10 . 2013-01-12 02:10--------d-----w-c:\users\Kitty Tsang\AppData\Local\PutLockerDownloader
2013-01-12 02:09 . 2013-01-12 02:09--------d-----w-c:\program files (x86)\PutLockerDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 10:44 . 2012-04-07 05:39697712----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 10:44 . 2011-07-19 13:0074096----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 05:17 . 2011-07-18 02:4018760----a-w-c:\windows\SysWow64\QQVistaHelper.dll
2013-01-24 15:02 . 2012-08-14 02:5837720----a-w-c:\windows\system32\drivers\avgtpx64.sys
2013-01-15 21:56 . 2012-06-15 03:02477616----a-w-c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 21:56 . 2012-03-20 23:15473520----a-w-c:\windows\SysWow64\deployJava1.dll
2013-01-09 21:25 . 2011-07-17 14:5767599240----a-w-c:\windows\system32\MRT.exe
2012-12-25 04:31 . 2012-12-25 04:31505312----a-w-c:\windows\SysWow64\PPTVSvc.dll
2012-12-25 04:31 . 2012-12-25 04:31399968----a-w-c:\windows\SysWow64\PPTVLauncher.exe
2012-12-25 04:31 . 2012-12-25 04:31399968----a-w-c:\windows\system32\PPTVLauncher.exe
2012-12-25 04:31 . 2012-12-25 04:312299360----a-w-c:\windows\SysWow64\kindling.dll
2012-12-25 04:31 . 2012-10-30 02:572585056----a-w-c:\windows\system32\kindling.dll
2012-12-16 17:11 . 2012-12-21 06:3246080----a-w-c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 06:32367616----a-w-c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 06:32295424----a-w-c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 06:3234304----a-w-c:\windows\SysWow64\atmlib.dll
2012-12-14 21:49 . 2011-07-18 02:3324176----a-w-c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 18:20441856----a-w-c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 18:202746368----a-w-c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 18:20308736----a-w-c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 18:202576384----a-w-c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 18:2030720----a-w-c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 18:2043520----a-w-c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 18:2023552----a-w-c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 18:2045568----a-w-c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 18:2044544----a-w-c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 18:2020480----a-w-c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 18:2020480----a-w-c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 18:2020480----a-w-c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 18:2046592----a-w-c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 18:2040960----a-w-c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 18:2021504----a-w-c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 18:2015360----a-w-c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 18:2055296----a-w-c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 18:2051712----a-w-c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 18:2043520----a-w-c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 18:2030720----a-w-c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 18:2045568----a-w-c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 18:2044544----a-w-c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 18:2020480----a-w-c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 18:2023552----a-w-c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 18:2020480----a-w-c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 18:2046592----a-w-c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 18:2020480----a-w-c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 18:2021504----a-w-c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 18:2040960----a-w-c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 18:2015360----a-w-c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 18:2055296----a-w-c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 18:2051712----a-w-c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 18:19362496----a-w-c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 18:19243200----a-w-c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 18:1913312----a-w-c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 18:19215040----a-w-c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 18:1916384----a-w-c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 18:20424448----a-w-c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 18:191161216----a-w-c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 18:196144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:195120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:194096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 18:193072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 18:195120----a-w-c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 18:20274944----a-w-c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 18:194608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:194096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 18:193072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeae561-714b-45f6-ace3-4a8aed6e227b}"= "c:\program files (x86)\VisualBee_V.1\prxtbVis0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7aeae561-714b-45f6-ace3-4a8aed6e227b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{00000ADA-7E0D-47C1-986C-F017D09C4304}]
2012-11-20 21:30518096----a-w-c:\users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(401).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0EA37B17-6B8B-4085-8257-F3A4AA69C27A}]
2012-09-13 03:1588080----a-w-c:\program files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4BF2CB0E-658A-442B-AC83-A64EC2150BFC}]
2012-09-24 06:58427912----a-w-c:\programdata\PPBrowserHelper\BHO\TipsBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7aeae561-714b-45f6-ace3-4a8aed6e227b}]
2012-11-06 12:01183112----a-w-c:\program files (x86)\VisualBee_V.1\prxtbVis0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}]
2012-11-06 16:19244328----a-w-c:\program files (x86)\PutLockerDownloader\smarterdownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeae561-714b-45f6-ace3-4a8aed6e227b}"= "c:\program files (x86)\VisualBee_V.1\prxtbVis0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{7aeae561-714b-45f6-ace3-4a8aed6e227b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-11-14 11:32251856----a-w-c:\program files (x86)\Common Files\Thunder Network\Kankan\xappex.1.1.1.62.(402).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files (x86)\PPStream\PPSAP.exe" [2010-02-24 214408]
"PPAP"="c:\program files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" [2012-12-25 251896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1522536]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2010-12-27 431464]
"ConnectionManager"="c:\program files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2011-12-21 99656]
"UIExec"="c:\program files (x86)\one2free Next G Connection Manager\UIExec.exe" [2010-11-30 138584]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IME14 CHT Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 81200]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-05-06 140288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-22 295072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Kitty Tsang\Desktop\mbar\mbar.exe" [2013-02-05 1363528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\Resources\Themes\XP萌化-伏八-乙荏製作\XP登入畫面-伏八.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00d0404]
IME FileREG_SZ IMTCC14.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0404]
IME FileREG_SZ IMTCQ14.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00f0404]
IME FileREG_SZ IMTCJ14.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 PPTVService;PPTVService;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-03-20 571936]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 btusb64h;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\btusb64h.sys [2009-06-24 28728]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-10-29 11776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys [2010-04-22 98304]
R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys [2010-04-22 53760]
R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys [2010-04-22 13824]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sage Simply Accounting Transaction Manager 2012 - CDN;Sage Simply Accounting Transaction Manager 2012 - CDN;c:\program files (x86)\Winsim\TransactionManager2012 - CDN\Sage_SA.TransactionManager.exe [2011-12-21 46408]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 UI Assistant Service;UI Assistant Service;c:\program files (x86)\one2free Next G Connection Manager\AssistantServices.exe [2010-11-30 252784]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-24 37720]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-27 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-27 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2010-12-15 98816]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [2011-12-21 21320]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-24 945328]
S2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys [2010-04-22 97280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-07 412776]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatformREG_MULTI_SZ XLServicePlatform
DoctorServiceREG_MULTI_SZ XLDoctor Service
PPTVServiceGroupREG_MULTI_SZ PPTVService
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-05 21:061607120----a-w-c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
‘計劃任務’ 文件夾 裡的內容
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 10:44]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05 21:06]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-05 21:06]
.
2013-02-06 c:\windows\Tasks\Norton Security Scan for Kitty Tsang.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-05-16 09:45]
.
2013-01-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2013-02-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2012-09-13 03:15628240----a-w-c:\program files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.10.3694.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\Kitty Tsang\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-12-27 31592]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-14 110896]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"Soluto"="c:\program files\Soluto\soluto.exe" [2012-03-20 1712688]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN21556502532854319&ctid=CT3284023
IE: &使用&迅雷下? - c:\program files (x86)\Thunder Network\Thunder\BHO\GetUrl.htm
IE: &使用&迅雷下?全部?接 - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: &妏蚚&捃濘燭盄狟婥 - c:\program files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 添加?前?到迅雷看看播放器?? - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm
IE: 發送圖像至藍牙裝置(B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: 發送頁面至藍牙裝置(B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{0000016b-c524-4050-81a0-243669a86b9f} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
IE: {{0000026b-c524-4050-81a0-243669a86b9f} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
IE: {{5D578929-E74E-46A2-A810-4F33D011DC52} - c:\program files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe
TCP: DhcpNameServer = 204.197.191.194 38.117.85.2
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KuGou\KGMusic\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KuGou\KGMusic\KUGOO3~1.OCX
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
.
------- 文件類型 -------
.
inifile=c:\windows\SysWow64\NOTEPAD.EXE %1
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
BHO-{ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468} - c:\program files (x86)\QvodPlayer\AddIn\{ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468}\QvodAddr.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BaiduPlayer - c:\program files (x86)\Baidu\BaiduPlayer\1.16.0.73\uninst.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-QQMusic - c:\program files (x86)\Tencent\QQMusic\QQMusicUninst.exe
AddRemove-Adobe Connect Add-in - c:\users\Kitty Tsang\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*?? N}
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\GetUrl.htm"
"Contexts"=dword:00000022
"Name"="xl_geturl"
.
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*?? N}Q??卉]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\GetAllUrl.htm"
"Contexts"=dword:000000f3
"Name"="xl_getallurl"
.
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Internet Explorer\MenuExt\&*?&*Cc喏甒競腤eZ]
@Allowed: (Read) (RestrictedCode)
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:00000022
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2013-02-08 18:01:54
ComboFix-quarantined-files.txt 2013-02-08 23:01
.
Pre-Run: 166,337,814,528 bytes free
Post-Run: 165,936,148,480 bytes free
.
- - End Of File - - 298AEAFAFC22E9813D21661BED93FD71
 
Looks good.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==========================

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
# AdwCleaner v2.111 - Logfile created 02/08/2013 at 18:13:46
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kitty Tsang - USER-THINK
# Boot Mode : Normal
# Running from : C:\Users\Kitty Tsang\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\VisualBee_V.1
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Kitty Tsang\AppData\Local\Conduit
Folder Deleted : C:\Users\Kitty Tsang\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kitty Tsang\AppData\LocalLow\VisualBee_V.1
Folder Deleted : C:\Users\Kitty Tsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\VisualBee_V.1
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284023
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\VisualBee_V.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F501B2F2-DB28-420F-8D99-32154DA4AC02}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00B2FDF2-4F9A-4185-A9AC-F54CECD3DDFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BBD1A4EB-4034-4D48-85BD-B6E0A4AA910A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee_V.1 Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AEAE561-714B-45F6-ACE3-4A8AED6E227B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&CUI=UN21556502532854319&ctid=CT3284023 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com.hk/", "hxxp://www.google.com/", "hxxp[...]
Deleted [l.2631] : urls_to_restore_on_startup = [ "hxxp://www.yahoo.com.hk/", "hxxp://www.google.com/", "hxxp://[...]

*************************

AdwCleaner[S7].txt - [1408 octets] - [05/02/2013 21:00:46]
AdwCleaner[S8].txt - [4496 octets] - [08/02/2013 18:13:46]

########## EOF - C:\AdwCleaner[S8].txt - [4556 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by Kitty Tsang on 08/02/2013 週五 at 18:18:50.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\visualbee
Successfully deleted: [Registry Key] hkey_local_machine\software\visualbee



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tencent"
Successfully deleted: [Folder] "C:\ProgramData\visualbee"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\local\tencent"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\local\visualbeeclient"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\local\visualbeeexe"
Successfully deleted: [Folder] "C:\Users\Kitty Tsang\appdata\locallow\tencent"
Successfully deleted: [Folder] "C:\Program Files (x86)\tencent"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/02/2013 週五 at 18:28:13.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL Extras logfile created on: 8/2/2013 18:29:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kitty Tsang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.38% Memory free
7.82 Gb Paging File | 5.81 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 154.93 Gb Free Space | 34.51% Space Free | Partition Type: NTFS
Drive H: | 122.24 Mb Total Space | 119.76 Mb Free Space | 97.97% Space Free | Partition Type: FAT
Drive Q: | 15.62 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: USER-THINK | User Name: Kitty Tsang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [QQMusic.1.Play] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /play "%1"
Directory [QQMusic.2.Add] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /add "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\notepad.exe %1 (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [QQMusic.1.Play] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /play "%1"
Directory [QQMusic.2.Add] -- "C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe" /add "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA2506-786F-4741-9479-1DF9D85A12F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{053E3921-22C3-4352-9219-E195A2B5F610}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14ACE865-9067-4C33-BEA5-F058926545D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{15F90479-400A-42C9-9B8D-3765207926FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BB85C51-4558-40AF-BD09-61C77FD850AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C536832-1272-4EDA-8C33-3C85A276C3A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{2188D10A-B4B9-4C2B-A5B9-BF629144F944}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C3DE536-5826-4719-A412-958695B5A325}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BA9559E-5758-4F76-88F2-1460F6439A5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CAB793E-8B89-4335-AB47-F5D7A4E58850}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{650AA829-1283-4691-A45F-71D2F3BA5642}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F5BBB4D-D72C-4885-A1AA-6682879D4DD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73144B03-AC67-415C-8824-7C6B3CFC7BD3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7964B178-102B-4DFC-88DE-26F21FFEE9CD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79ABE264-1ABA-4639-843A-99D8BEDEEEFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{813593B3-8ED5-4C33-B80A-A714CE097123}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{898A22F4-BE68-4CF9-913A-E51EB7867BB8}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F9E3C9-CDD7-4636-AFC5-14B8A5602CC0}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
"{93403DAC-85ED-4FF8-B07F-176AD1BF2CBE}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FE8DE32-2297-4CF8-8A90-AB847D9E2F97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B336BD41-E3B4-4B71-880C-E4C0E9304B20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6C24096-2B64-4456-AA57-9E34B39130A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAEA9F1A-2A7A-4812-9D40-E8FDB848CA36}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC312B6B-88F9-4FC1-ACD8-52FA64D4557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C039F5AD-BAD7-4483-91E5-5AE4066B37DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4F05FEE-078C-41FA-9B2A-D7F50179A0E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C56097BC-9DDD-49A3-8D26-9E1649CCA0EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C69A4164-F706-4B82-882F-F2801814DBAA}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
"{CC75E072-0776-4B45-BA82-2E8F8BD45FBA}" = rport=138 | protocol=17 | dir=out | app=system |
"{CE989507-5FA8-4573-B98D-819B99520793}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1E35034-1A80-412A-A190-B3C1FE8A8C7A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E33828B3-EEA0-4300-841F-8B8A5CEFF93C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6BF226F-288D-4145-9BB2-744BFCBA5C3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF3E614F-3B2F-4A06-8D27-F78FBD1249D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1E9C3CC-4C83-4BD7-9DE4-A0CE84EF7DAC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6B3E78F-0C16-40C9-900F-5D5502610395}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F7F950C9-4643-4463-9207-1D8BF9DF199F}" = rport=139 | protocol=6 | dir=out | app=system |
"{FADF5A87-8F24-45B8-81BA-DC3D47BDF35C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FFE5C3F4-5848-49FC-B223-DC91DCABE831}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA9AD8-9A3E-43E2-8F8E-F391254B5F8D}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{03258669-212B-4A1D-839C-30428D1D38F3}" = protocol=6 | dir=in | app=c:\users\user\downloads\qvodsetup5.exe |
"{03DA29C3-6AFA-4A29-8647-2364CAE19CC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{04118947-A603-4114-9C90-6AF8E6E4A05C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{0491D874-FDED-4E13-B057-EE222E667D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{05009E54-884F-4998-8157-43CE115BBC22}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{05FEEEBF-7E91-4426-8B46-251CBE633EED}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"{062BBCB5-99C7-470F-9B7D-89FE6A1505BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{06F235F4-7B18-47B0-B689-CA9AB8D3CF64}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{07072C72-D67C-4E8A-B419-1F6DAA591AE9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{070D061E-C2B3-4F49-84A8-3B3C78691DAD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{08A34F99-7381-4CAA-B6DD-25B4591928BC}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_4\program\xldoctorui.exe |
"{0AB71B0E-1317-414A-8FD3-AADE02D4E115}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{0B0ECA8B-F370-4423-94D5-8E3B28B597BF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{0C49D178-FABF-4F55-B7F5-BC60E64F7B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{0D0DC554-4AA7-4B3D-B004-FDAE5D1DD4E1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0DF2DB0F-3ACF-406D-A2B0-3593145E4D94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EC2C357-4EA7-4814-A986-534A8E9BB4F3}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{0FAA75B3-47FD-4350-843B-D3BE7807437F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{0FDCEA30-100E-4C71-B3F7-8BB17D3A442D}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{11587D86-B392-4B11-A088-FA3ABD192811}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{126D9D9B-60CB-489A-A63D-C1587F117B10}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{14BA216D-52E5-4AB2-A978-B94CCD32843D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{1762774B-5323-4AD1-90CC-5F627DA963CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{177CF8C4-86D8-4401-BB51-33DBE92F7EE0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{17D4E976-6D21-4460-A631-F30436EFD309}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{18814F38-C0AB-42C3-BE90-9B92EDDA5B8C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{191BD864-98E7-4F11-A973-00E1C8F0B29C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B6B8A13-B976-4E44-8EE9-6C6E9BAA152B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusic.exe |
"{1BDF04BE-BDBC-44D3-8170-538CE8C04509}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{1C400035-34CE-4FA5-B9F5-93666A944D4C}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{1C82029F-4DF0-4B66-84F4-DF9F2A01A5C9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{1D1C74AE-1FFE-4E1D-A612-A642D6CA9085}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{1FAAD5E5-3BD0-4762-AA9B-AEE2654B8DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderliveud.exe |
"{2138F446-7A5A-41D9-833D-91AD717BD838}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{213AFF3D-8669-4F34-874D-276136BC769D}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{21455DFC-94C8-47FF-B7DA-7E7801A5BD21}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{21EF8E48-8FD2-4DEC-83BE-25270566F10C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2262DB56-6DA2-4552-B0EE-9FCE96E47D2F}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{241F9F49-9164-44DC-B672-4E9A002DB0CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2458BB03-A669-4971-B128-A8B1DE0CA235}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicie.exe |
"{2479C094-90A9-4188-9CD3-F6934FEBF982}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{25805BDD-EF93-4DE4-8F03-5C8C0F7383BA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
"{264E860B-619F-49EC-BC53-DCBD30C327AE}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{26887A21-06B9-4793-A9BA-3A24083AFC83}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{2806051C-7A05-4C15-A746-A5F1139C53EA}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{292F662A-5244-4FEB-8ED9-BE8C6B6CB482}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{2A771415-0650-471C-85BB-0098ED81AE1E}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\filelink\xlfilelink.exe |
"{2AA93473-1DBF-49A5-8C68-9588151D56A5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2BBCD9FE-F311-4FBF-B367-401351DA5593}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{2C80CD73-BCCC-4878-83C1-208BF8615E07}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{2C90398A-7723-413E-A31D-537992F8E687}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
"{2D6B129A-3B80-46EA-A28C-CF97B2375E02}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
"{2D79ABA8-7954-4273-941F-5CEA1F8AF6BF}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{2DD1707F-929D-45A1-8C4F-AF1B76DBD94E}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{2F1E5DF2-DB0D-4EDA-A2A8-A0B3BE4D13BD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{305D245D-9E8D-40AA-998C-239242CD68CD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{30843656-E4A8-4854-B663-BD9CC542988F}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{30E977AF-5F87-4F47-B4BD-A19ECA7F9226}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{3141619A-DFED-4FB9-AC9E-6346F144756F}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{318D7166-F5D6-4364-A676-B324E39F25B1}" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.14.0.4\yy.exe |
"{31C9BC38-8A1E-4397-BC02-C050906D2E24}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{327A9B77-B0D2-4CE0-B7C5-739C49B89721}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{32D82813-41D6-40C3-A7D7-9D11321C25BF}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{338DCDE1-04BB-4DDD-BCE6-F187178E7A30}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{34FB60D3-A3C6-43FF-8E26-FEF47517C9D7}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{35709F44-85D0-43B0-A7B8-FFFA465E7D10}" = protocol=17 | dir=in | app=c:\program files (x86)\ppsgame\ppsgame.exe |
"{35BEB792-507E-4EEE-AE73-0CB0090F8D58}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{3665C12F-386D-4A92-AFA6-BCD9A854D8CA}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\filelink\xlfilelink.exe |
"{36A3D5EC-972A-41CB-BF56-7E5245B4989E}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{36BC6B2A-559E-4037-976A-C683B55C70E9}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{3743E0C2-783A-48AB-8109-E12B7C515C18}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{3775BE9C-A38A-4228-BB23-845505EEF74B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{379401AF-004F-49D6-8EEE-57DE0E62713D}" = protocol=17 | dir=in | app=e:\pps.tv\ppstream\ppstream.exe |
"{37C6BEF6-CF5A-45B0-AD96-3992870AB34C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{387539F5-7A4E-461F-94FF-E59708D33D06}" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.14.0.4\yy.exe |
"{38E0832B-3A51-4A34-A0D9-1E9466F72FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{3A6C8762-C5D9-405D-B239-C9937F01FD06}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{3B8F7ECB-7E38-48DF-AC3C-804B274D1D25}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3BF1313A-6989-4BD3-A174-190FC136EA47}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderliveud.exe |
"{3D9435E8-8008-4555-A64A-7A5233025CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |
"{3DC6B2E8-DFEF-48A4-A4F3-925A538DAEF1}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{3EFBFD89-01A9-4A95-A58D-12DEA395385B}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{409B106E-0040-4114-9740-0B4574379B37}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{40C6D043-1EF9-424B-8DAC-83D32062FA7C}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe |
"{40C83C39-3D74-4661-8FB5-49EE521FF3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\107\tencentdl.exe |
"{40CFF750-4CA2-4A7A-AFD8-89D421D227FE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{40EE2CCB-32A2-4FE2-B3F1-02036B990698}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{418D9B44-E429-419C-B529-80DCC3F3DD1F}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{41C17EF6-B705-4AB7-9C37-C2CA32535C54}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{41DFCD6C-F690-4C48-82BE-2786C9D24E2D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{421D9883-CEF2-4041-9198-80F1D5DAB511}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{43437E8E-9849-49DB-A4B3-218E66CD193D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{43A510E6-6732-42C1-B4FA-F4C88EC3FED2}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{44741AE1-61A9-497C-920E-F7BF15333EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderbhostat.exe |
"{45E110D5-A95C-42E7-A83D-47C5B516D827}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{460405C4-0791-4FA1-AAA0-0C18A674A490}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{466EA881-E05B-4BDD-B7CE-648EEB486F68}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{47CFA439-7FAE-454E-93BB-604AAFAC0E69}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{48DA6DED-9ADC-45CE-8ACE-66DD32C32F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{499F1590-519C-4946-AB9B-19415E0B258F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{49A7F3F9-C066-4C5B-A010-5A8DD38A9CEE}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{4ACCB6EE-DFA2-4682-A1E7-C9C4CEE055C1}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{4B12B57C-75B4-4A10-8ADF-2ED16EEB26B5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{4D2B31FF-97D4-45CA-B5A4-BBC14F5DFE3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4F0ECA99-4FE4-405E-9171-31A7B2B6BF5F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{50605343-457A-46E7-BB49-C2E1D1A443A8}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{509708C2-57B3-4684-ADBA-9B8D4B72DD71}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderbhostat.exe |
"{5180495C-7E67-495C-912A-B606B188CD54}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{51E87248-B719-4A02-B00F-64237B654789}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{537FB070-CD39-4652-9234-BC239501CA91}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{55EFCAA0-02D8-47D4-B71E-86E0C206A420}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5787AEA0-1A26-43E3-A56E-ADCE7D488334}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{5865A7B0-69D9-44D6-A5DA-9E37762FABE8}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{58E8D0AE-6417-4F05-896F-69C27C374510}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{59F5461B-B91C-4F6D-A4F5-8846D1394B2C}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
 
"{5A6A1830-C447-4324-ACB7-556C969E7BD3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A9CD09D-11AD-48D1-AA92-0009C9172437}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AACC3EF-78DD-4EC7-AEA4-7C470128FD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
"{5AD4B93E-2A64-477B-BD88-B6304821955E}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\xmpboot.exe |
"{5BF860D5-2660-41A8-B3D9-DFE7DF1E0DE7}" = dir=in | app=c:\program files\cyberlink\powerdirector11\pdr10.exe |
"{5C280C17-5FA7-4746-B8B6-C1BD7B5B4A24}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\fcminidownloader\minidownloader.exe |
"{5C5F7CC6-3FCA-47A6-9311-E529F1E89370}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{5CD5E352-0ECE-46B3-BAD2-5B9F0BD4E3C9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5EBD2FAC-8998-43F3-8FFB-07AFA0654935}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\txupd.exe |
"{6096343A-7A98-41AE-9A9C-10E786DEE141}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |
"{609D5E86-6533-4DE2-AAFF-C03F37594750}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{612F328A-55AA-4B14-96A2-C4906AEC6805}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{6135D49F-D42A-4D10-8CDD-3346FB3B9583}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{61615267-7EE3-4563-BBF5-0EA3021BE67E}" = protocol=6 | dir=in | app=c:\users\kitty tsang\appdata\roaming\dropbox\bin\dropbox.exe |
"{62064CAA-B9CD-4415-A1D6-76552BC6E375}" = protocol=17 | dir=in | app=c:\users\user\downloads\qvodsetup5.exe |
"{6261703B-9848-4F68-94B0-3A50F5CCFACA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6289B46E-790A-4236-9992-478F36E07D82}" = protocol=17 | dir=in | app=e:\pps.tv\ppstream\ppsap.exe |
"{63825C0B-A2DA-4627-9A2E-0AC3112660CB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{6486DE47-EF26-4F70-8D14-F11A3CB2491B}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{64B40F75-1BBE-4319-9CF2-01829B42E297}" = protocol=6 | dir=in | app=e:\pps.tv\ppstream\ppstream.exe |
"{65477BDE-C3D9-435D-86DA-AD7784DBC2FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65921BAD-2D01-44BC-980B-8063BC21B122}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66230926-3776-45C2-A6C4-E1CD7641EB1F}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{676E613B-044A-4E9E-96A3-07F603EBF7BA}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{68327277-A7EB-4ACF-B5D3-62E6852C759D}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe |
"{683A566D-82E0-4E2F-8CD2-CDEC63B8F0EB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{69C24320-C9B7-4F00-AFB4-0080B8EEC9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{6A6A61B3-2C6B-447E-AF4C-B8147D7DF411}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{6B1DAAE7-10EE-4999-8B82-59B66EFFEB9E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{6BA0C557-BE7D-432D-944F-F85BCBA32574}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{6BAB2384-B4C3-4C45-AE9A-739F17287329}" = protocol=6 | dir=in | app=c:\program files (x86)\ppsgame\ppsgame.exe |
"{6C3DB079-3A22-471E-8387-A73A624B25EA}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{6C6B7712-03C8-4A28-8A53-7A752871674D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6C8E2718-6017-4642-B33A-280435242963}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{6CC500DC-389B-46D9-95DF-6DE24A6BB3CF}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\fcminidownloader\minidownloader.exe |
"{6EC9171D-3984-4ADD-AED4-BB36A5611D5A}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{6EF71D8C-1A6C-450B-8F17-1F3F13DFB129}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"{705F85B9-E8B4-426F-99EA-C0D023B9E632}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |
"{71622FB0-62A1-407F-BEBE-9A0609560BD1}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{7196E2D6-CEDB-4727-A4D1-FDD05AE2FCE1}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\xbrowser.exe |
"{72628323-B1A9-4F6F-B392-6B76ABD157BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{74EBF8E2-B48B-484C-BDE9-F690C8A4DF33}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75B35ECF-AA2C-48E8-BB41-ABC8B5FF5D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{7687005B-90D1-4ABA-A430-87429630556F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe |
"{778AB919-E555-497D-85EB-A49DF458C718}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{78EF978A-9233-4574-A82C-1F5CAFF629DE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{79B8E018-14CE-4959-81AC-B34A9922AEBF}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{7B630227-29B2-4E22-AFD3-6E30C87CDCAA}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{7BD365E1-028B-4D02-94D0-F7591CE76754}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{7C032920-D450-4366-AE00-0A0337DAD4E6}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{7D4445E9-80AA-40FE-A2F0-2C0AB413A647}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{7E8BCCFC-6CDB-4E9C-B6DD-6D1AFECDC4F8}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{7ECAB242-4974-4C17-929B-A60B4A83FA9A}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2906\plugininstaller.exe |
"{7ED82E08-C4AD-4038-BED3-75A9599004FA}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{7FFFB312-EBDB-47CE-9DA2-C5F952B07CE4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{80136566-D3C3-4CA8-88D4-6D8EF6313032}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{80ADBB73-8F7F-44FA-8C5D-38798454B4A6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{81C9D6D1-2BE5-4679-8B27-4C65E16771D8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{82AB1CC9-C2CA-41E0-B72F-34EE3368B854}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{838742DD-A6A0-4E4A-ADC1-6F10125B3F3A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{839085ED-D3CE-431C-9BCF-17A6D8B50B4E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{86142BB1-F8AC-4E27-8282-0CD3B336697B}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{8674692E-AE11-494B-8ACA-1047D7E453E3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{869CB387-C54E-4CCD-A11A-9FF2AAD9C909}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{86D58E2F-B556-421B-B376-FC25A1DA5173}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{8707B0BB-53A0-4B94-B129-DE1170AD74FB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{8722FBCD-E8E4-4F68-BACA-67108CF24AB4}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{880C336A-CF3C-4E4A-926B-F2A33A41A3A2}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\xmpboot.exe |
"{881E6111-DECA-4D54-9D7A-7C9E6FCCC5BA}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{886214B7-983B-4A8B-BDBF-CF3AC7CAE409}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{889661B9-8D05-4AAD-8BE8-77D384475A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"{8927E29D-63BA-44EE-B1B1-3DDF8045FD3A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8934C17F-A44E-4326-B169-092A3CA478A1}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2148\plugininstaller.exe |
"{896C6418-42DC-45AA-B508-46EE1B7EA5ED}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.16.0.73\baidup2pservice.exe |
"{897015A7-0FAE-4D07-99D6-FA5A178A4F70}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe |
"{8A5ACC39-4065-4FC3-92A5-EB7DE4472636}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{8A607B03-C360-4E3C-A7CD-EABE8EA1F4D4}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{8ADBC026-6BCB-4DF1-A8C5-7BED772CF02F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8B3F5244-4D55-4C62-B94B-F1DDB68F2EB8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{8B8343A6-B957-448A-85BA-492B685C30F0}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{8C662208-B17E-4C85-ACBA-5178ACF061BA}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{8D00A643-E7E5-48E3-AC17-C7BA6D9537CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FEEDC50-24D1-41C8-B003-CF98C490906D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{905A108F-3892-4C31-8FA0-176B9C788E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{917F5B89-1D26-4BC9-8ABF-ADC2847D47C7}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{9214FDA1-F9D4-4FBA-9EDA-381629696209}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{92DB6490-35DD-45CF-BDEE-B20B00BD482A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{92F6B80A-900E-42CF-B8C9-7B30EA59529A}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\crashreporter.exe |
"{95DCC927-8286-4C38-95F8-D60E6FACF2E3}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{97363715-30CA-46C8-8825-15C69CBAB548}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{97DB6838-69A2-42B9-AD98-9F8F9E09EF16}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{98D4C282-6690-43B7-B874-0FF0CD9C368D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicupdate.exe |
"{991CDC64-631B-483B-8C67-B6E6CD240247}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\xldoctor\7.2.10.3694_4\program\xldoctorui.exe |
"{9B00C845-ECE3-470B-A3AB-8AD37CF1AFEA}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |
"{9BABC383-2815-4BD0-9B4D-B64114B26B72}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe |
"{9C70A7D2-076E-40D6-BC97-E7EE9AECEB2F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{9C9769B1-510E-4AEB-8539-648BDE3F2CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{9DA8A80C-0539-4624-8DFC-6CBAA6FDCF66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DE3305B-772F-4D5A-8A5C-D5CE7D3A3B89}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{9FDAE7FF-9832-4F86-9733-8A97EC6CF275}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{A01E4B65-0C2D-4154-A5A1-ABDB7B7C0A01}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{A0FA4487-84BD-4220-A773-4381C686E4AD}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{A2681594-CF69-4124-AAAE-0FFFB521729F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{A2FFD3D6-4E47-4C3C-9EE1-235606FEB7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{A4C2F225-6CD4-4BF7-8242-40EF2735B938}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2148\plugininstaller.exe |
"{A53B241B-9F2E-4108-997F-D19450E07AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.0.0061\ppliveu.exe |
"{A8976778-544E-4EE4-8483-6860BC49194E}" = protocol=17 | dir=in | app=c:\users\kitty tsang\appdata\roaming\dropbox\bin\dropbox.exe |
"{A9185272-F0D3-4F05-81E5-C80D7FC72748}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{AB2D5B4E-A9DC-403C-9646-3BDB633A7CA3}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{ABA925A7-1F23-44FC-B95B-60607758F53C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{ABFDE232-B242-47C7-B854-F2B5A30C7EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC5350C6-0424-4F28-9A84-1089861650C1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{AD7609C6-5B39-4B00-A8E0-A2F066BEAE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{AE5C5F6E-9F0A-4679-B09D-8B151A5177DE}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{AFA42A03-2A1F-43CA-AC93-BCF0F9D43CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{AFB57647-4C0A-4E19-AF41-8C09DFA9500B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B213E4E6-C7D7-4485-B3A2-6975D5BAB307}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicie.exe |
"{B2217B9D-9A2B-427E-9811-66812A735423}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{B2661CFE-1C67-420E-9E7A-B5E1D568C884}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe |
"{B5670949-A8E0-4A2E-8527-196409597719}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{B5B2E10E-6212-43A0-B3E3-38A2D2AFB14E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{B6D7BA9D-EF06-4ED8-A63F-743752AD4A93}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{B7AAE610-C886-41F8-9FBF-D063AD730226}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B84E201F-EF52-45E8-B6CF-BDB8C8E0D03E}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{B8EE8446-0119-4FEC-8537-E1C9A5647BDF}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
"{B93900C2-698D-4859-A270-38266A351427}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{BB6394CB-1958-4B89-AEC5-A32D12F1E820}" = protocol=6 | dir=out | app=system |
"{BC8DF74F-E283-489C-9CCB-C96CF38D25AB}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicupdate.exe |
"{BE0ED683-6896-4A71-B868-301E6BFAB068}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{C253BEEE-5218-495F-B178-A7D14B1CF59F}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{C39732DF-B7C8-4B42-B335-1654D611F8D0}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C44182DC-F790-4B9E-9D8E-C30EEDA4D055}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{C5548EC5-B6E4-44BB-BC16-CFCB55080D2C}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
"{C5C74959-B39E-4056-8120-7B474409F038}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{C6D006A2-F6B8-4353-AD1C-BE377C8BFA92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6E8785B-AB11-4529-BB8C-F0B59CFEF01A}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{C72BA777-0AAE-47F9-9B33-93571EE4BCBF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{C74DE64B-A431-49AF-BC54-80A7E63140C7}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{C7765E9C-8B0C-4505-A716-47EA98147BFA}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\qqpcdetector.exe |
"{C8519848-C179-46C7-9F71-82B5AB1117BD}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{C8C8943D-B5E5-4B8A-956B-A7F096BD6075}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xlbugreport.exe |
"{C98EB57B-FE9D-4987-ACD2-6057654B4776}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\qqpcdetector.exe |
"{C9D17357-270C-4DDF-B220-B5392950A0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{C9F2AB85-A2B3-4A8C-9978-31E4692C524A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{CA415951-CDD9-4619-851D-D7E84A86BE1C}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\net_monitor_i.exe |
"{CA45CAC1-10B9-43D4-8240-6EBD80EE1ABA}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{CA7EC176-B2D7-49F2-A1C9-95BDD61959FF}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{CAB68C97-61F1-4AF0-A834-F4CC89BCA156}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{CB3CAF4A-A5A6-4824-9F34-6B50C7EA09F6}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\setupex\qqsetupex.exe |
"{CC606D5C-5EC1-4CBE-8EAA-4ACB656F8B31}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{CC7AA43A-DBDC-4E96-9B6D-4B352D2F1B59}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{CCA10B32-1E80-4996-B203-D1CD1B6E911F}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{CD54C03C-6197-4ECE-B2C9-DEFCB63C3E93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF689ACE-6B6A-42BC-AC60-2DC7348F94C2}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CFB67641-A836-477F-817E-620246D10324}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D02F6B15-031B-450D-AE1A-049AFF3DB4E9}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe |
"{D0F2B6A6-BD86-4566-8837-BDF4DFEC4950}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{D1620C44-D740-4CBD-BD9C-63A0C7548E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |
"{D1C2C431-B8A4-4AAD-BB2A-9EE64BD2569E}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{D3E5D10A-9388-478B-9834-3840BE46A981}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{D50893C7-4EAD-48C3-AF75-E36E21CADDE8}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{D54EEE3B-1E00-4BD2-8963-9CA0370311CD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{D7A932B5-CEAA-405C-B4C6-4E658BE29F9E}" = protocol=6 | dir=in | app=e:\pps.tv\ppstream\ppsap.exe |
"{D7E1C0FA-CE4A-42D0-BA1F-B82AB8B2FE5B}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2908\plugininstaller.exe |
"{D965171A-7DBC-42A6-834B-08586C4F17D9}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |
"{DB6E8B18-A393-4C20-BD2F-31384F7CD59B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
"{DCC06383-F078-445A-A233-70FDC97CA8F6}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"{DCD47DF8-41C3-46A5-9182-9E825DECDCDE}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{DCEAB985-85ED-4B98-B548-5B50AF9A1A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"{DD1EB977-BF91-42D4-AD57-10E79D0DB294}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DDEFE78E-522B-4A24-A55D-41813B375170}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DE252C28-FB76-4A27-9C3F-61C34E1F8373}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\107\tencentdl.exe |
"{DF48F1EB-AC1D-48C8-9EDE-288119399D57}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{E050F815-8A20-4F2C-A53B-C289350B02A4}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{E1511289-0A2A-4910-845B-86136E3791F4}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{E207F293-166F-4B6C-B291-A6C150BA7DA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2EC9E0B-AB98-42E8-847A-483EF4EE4FBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E45904F4-88CC-4794-815B-EAE9C0DF9B71}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\txupd.exe |
"{E4E441BB-6CE5-4642-8704-B57085E78517}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{E4E9BAAD-DCF5-425A-914A-286A86520D44}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{E4FD93A2-91B5-4749-A658-1449C7BC3AD4}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{E5E32C2D-F9EE-4553-947B-7780BF649AD6}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{E6B9A6A5-4AA9-45C1-A066-E05E571651F1}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusic.exe |
"{E776AFB9-3EEA-455C-8BC4-2C9C1FBE0BC8}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E7B98434-F6CD-48A1-84F9-ACD9EF287656}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E7C56FEA-9BF2-40DC-BC22-967D0C47FAFA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
"{E872F0E4-6D1C-424F-A1CD-48958123B21E}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
"{E952E46B-6928-4CFF-9409-773989860C91}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{EB43CA6B-DB37-4C54-B8A3-AC0A772FCC83}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xmp.exe |
"{EC22D7B6-D8C5-4A54-98A8-723E19F70916}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic.exe |
"{ECA7E152-4099-4FBE-80D8-BD570AFD800E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{ED0E0811-4B84-433C-AAF4-8EE145466B75}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\netmon\lsp_check.exe |
"{EDDD5A56-C400-4244-A7A3-B183B1C29F58}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderplatform.exe |
"{EE2C73DB-7FE1-42A7-B791-83F60807DC19}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{EF26AC90-7182-49BF-879F-8FAA3DC3F424}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{EFFEF850-96D5-4BA8-9ACC-D81396615C52}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic.exe |
"{F05836DC-B080-4DA6-9B52-4B37F244ECD9}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{F1126C4D-6B24-4226-97C3-CBFC47A974F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F153DF0D-6806-4C30-B165-200A3FAA2186}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F20BACFB-80CD-4AFE-A927-8C2E90A5B8D7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{F332B918-6D5F-4778-8AAE-F263E6667B9F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{F3374A27-5777-4C0D-8DA4-B5714A00E2A4}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.2906\plugininstaller.exe |
"{F3C6639A-2E74-46E5-BA53-C19F98A0AA29}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\kankanlive.exe |
"{F47558F5-F1AF-4057-A802-28FAA41141B2}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate.exe |
"{F608E2EB-482D-4267-8FCD-0143DB45A887}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"{F64786AF-2EA0-4AB7-83E2-67487E599987}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\xbrowser.exe |
"{F80547A4-AFBF-4955-9462-DA2FAC17DCDA}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{F95337D8-9B5B-4286-8D94-C3294CACF9C4}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.16.0.73\statreport.exe |
"{F981BB35-30C9-4EB8-8CF6-608313A0851A}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{F9F91BC8-C7A9-4ADE-A3FA-05E3D6C25CBB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{FC34EDE6-762F-4B99-8F59-DF7410A6B1FB}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{FD2365BC-935C-49AD-8B0B-F4999A13D75A}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.16.0.73\baiduplayer.exe |
"{FEDBFE9F-A653-43AF-A07F-F327FE1ED44C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FEE202FF-BF34-411D-86B8-B852867A9569}" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\thunderliveud.exe |
"{FF3E2959-5E28-4003-9CF6-C442677AFDAA}" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\xmp\program\xlbugreport.exe |
"TCP Query User{17F18BC0-846B-444D-970B-130B3EF18E98}C:\program files (x86)\kugou\kgmusic\kgservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |
"TCP Query User{23A55C00-8B09-4997-8C2D-36571CC5FF2F}C:\program files (x86)\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"TCP Query User{2EA0EF72-C00C-44A1-ACBB-67BEE4E7D9C8}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"TCP Query User{2FB19E10-F454-412F-B52E-5CEDE016BD63}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"TCP Query User{300A436C-4854-4C63-97A5-7EF70BC3575E}C:\users\kitty tsang\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kitty tsang\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{334C0087-AE00-41E1-B0E7-A2CB61780472}C:\program files (x86)\duowan\yy-4\yy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\yy.exe |
"TCP Query User{39AB008F-3CE3-4050-8857-E7D382883186}C:\program files (x86)\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"TCP Query User{4D233EEB-F5E6-4CAF-B510-1DEE224C7972}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |
"TCP Query User{5715669D-2346-42C4-8079-3D7D843C62EA}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{59A05AF3-AB0D-4FD1-89B7-EC3DE205BF7C}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"TCP Query User{5BCD2B0F-ECB1-40CF-91A5-2D5ADEE8CFFE}C:\program files (x86)\duowan\yy-4\4.13.0.3\yy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.13.0.3\yy.exe |
"TCP Query User{6AA66FFF-5351-4F47-B45B-4F8BB0C80705}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"TCP Query User{7943309E-2FEA-4F8C-BBF7-5640D31C3405}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{9E7AD84D-617F-44D8-A262-560DF1D4C4A9}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"TCP Query User{B31D504F-C878-47A7-967A-C48D60DBA35C}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"TCP Query User{B71DFD92-A333-410D-B995-58A50638873D}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"TCP Query User{BFDD73CC-F5F0-44EA-B1DA-8868B30E0EE7}C:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"TCP Query User{DA98F181-C592-4A62-9F40-1EF47AA39C8B}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.116_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.116_1111\thunderplatform.exe |
"TCP Query User{DDFC1107-2E1A-49A8-9C3B-E94A254FC7E2}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
"TCP Query User{E4372A12-B71A-40FB-8FAC-08AA7F068062}C:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe |
"TCP Query User{EFA83F91-FB5F-4FA2-9501-EDA68288E763}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{F5C64CF0-6610-47B3-A87C-5651AA4514A9}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{2C480183-0B25-41E7-A0D6-FF6D0EF6BD15}C:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe |
"UDP Query User{2CA8D24B-59BF-4E2B-9A87-BE29FD6636C4}C:\program files (x86)\duowan\yy-4\yy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\yy.exe |
"UDP Query User{2D320708-3D5C-4437-BEC3-16F4E86BCCE6}C:\program files (x86)\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"UDP Query User{4527BE3B-5D61-4880-8F43-B204EC820554}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{56DA49AF-CE4F-4D99-BFE6-4CB8274F37C3}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |
"UDP Query User{611E8604-BC6F-4FA0-8661-F5A2EA8ACCB4}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"UDP Query User{759F145A-5AF8-42DC-A7F9-71D91E1F404C}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{77D24FFC-F2DE-4EC2-9D8B-992165C65ADF}C:\program files (x86)\pplive\pptv\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
"UDP Query User{85C629C4-2C7A-4765-970C-E754EA14F796}C:\program files (x86)\kugou\kgmusic\kgservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |
"UDP Query User{86B0AB76-740D-4247-99E6-DEA53F46B360}C:\program files (x86)\thunder network\thunder\program\thunder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thunder network\thunder\program\thunder.exe |
"UDP Query User{881D7667-50CC-4A32-8C1A-B49A0C41683D}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"UDP Query User{8CB5C85B-EBC5-480B-970B-EEDDD02F60DF}C:\users\kitty tsang\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kitty tsang\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{92284085-F350-46F9-9B08-7E4ECE7F83BB}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{9627A4DC-016A-4D23-B466-A0CA5A7C3A50}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"UDP Query User{9C4D4448-D017-4371-98B1-4FE4037D6652}C:\program files (x86)\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou2012\kugou.exe |
"UDP Query User{A78C15C8-6989-42B3-AB70-80C56FB73E67}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
"UDP Query User{B2DBF326-15D5-4CCF-8160-54FBABB746E5}C:\program files (x86)\duowan\yy-4\4.13.0.3\yy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.13.0.3\yy.exe |
"UDP Query User{B39EAFB7-68E6-4C11-8B42-E6A912ECE8C7}C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.116_1111\thunderplatform.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.116_1111\thunderplatform.exe |
"UDP Query User{DE094758-DA11-484F-95E5-5120423AB118}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{DF08C813-A087-4E39-97C7-D556F955B167}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
"UDP Query User{F065BC8A-97B2-452F-A08F-6BACBBE19C23}C:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duowan\yy-4\4.11.0.3\yy.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A6CD9D9-3252-4122-8F87-CA4D5B00BB65}" = Soluto
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"22AF3CC91FBC5231DD5CB8903F03E2AF3E97ADDF" = Windows Driver Package - Realtek (RTL8167) Net (12/06/2010 7.035.1206.2010)
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows 驅動程式封裝 - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12" = Windows Driver Package - Intel (iaStor) hdc (11/06/2010 10.1.0.1008)
"77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
"AVG" = AVG 2013
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.00 (64 位元)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 騰訊QQ2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10EF35CA-C694-42DD-AA45-0585135ABD31}_is1" = 蹄僩秞氈2012
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2010
"{90140000-0015-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2010
"{90140000-0016-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0404-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Chinese (Traditional)) 2010
"{90140000-0017-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{D57FE800-0DDA-4DD9-99F5-5DEEBAEAD41E}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2010
"{90140000-0017-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{62BC8863-A303-4CB9-B1FB-446642BE1938}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
"{90140000-0018-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
"{90140000-0019-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
"{90140000-001A-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2010
"{90140000-001B-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{3ECE53A5-4BA5-49EA-828F-FD071F2652F0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-1000-0000000FF1CE}_Office14.OMUI.zh-tw_{51739025-3F28-46D2-9BB2-4E2A130C8C4C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0404-1000-0000000FF1CE}_Office14.OMUI.zh-tw_{B8238131-3761-4A88-98B5-2356DF5B0A71}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-040C-1000-0000000FF1CE}_Office14.OMUI.fr-fr_{0CCCD9C7-637C-41CA-A293-6E9992109B09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2010
"{90140000-002C-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{C82D6AFC-1F97-4F03-8A8A-564D647E483E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0404-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Traditional)) 2010
"{90140000-0044-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2010
"{90140000-006E-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{A7F0BFAF-D706-40CD-9C1C-4B1809614797}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0404-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
"{90140000-00A1-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0404-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Chinese (Traditional)) 2010
"{90140000-00BA-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{70C51D0C-D8E7-488A-8205-33FF4E05D543}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0404-0000-0000000FF1CE}" = Microsoft Office O MUI (Chinese (Traditional)) 2010
"{90140000-0100-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{685AA8C6-3D8E-475A-A48D-3733F914C8EB}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2010
"{90140000-0100-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{C929DDD6-AD73-4251-B988-83FF2835FCF8}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0404-0000-0000000FF1CE}" = Microsoft Office X MUI (Chinese (Traditional)) 2010
"{90140000-0101-0404-0000-0000000FF1CE}_Office14.OMUI.zh-tw_{257A4FD1-228B-4E6E-9F9E-FDBB899A8FD6}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2010
"{90140000-0101-040C-0000-0000000FF1CE}_Office14.OMUI.fr-fr_{E5E8A3C4-3429-431F-BCCF-5AD753B3A526}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A617953D-210A-4523-B63B-0E34D5C93A27}" = YTD Toolbar v6.7
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = one2free Next G Connection Manager
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1028-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Chinese Traditional
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F1E738-7F1A-405B-B5EE-AFB001D92CA7}" = Nokia Internet Modem
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple 應用程式支援
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB61B60D-1443-41FA-BBD7-BCD8217551B7}" = QuickBooks Premier Edition 2010
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F929096B-54A0-4C5C-B125-1E7EB1917412}" = MySQL Connector/ODBC 3.51
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BaiduPlayer" = 百度影音1.16.0.73
"Duplicate Cleaner" = Duplicate Cleaner 2.0.6
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FreeFixer1.02" = FreeFixer
"Google Chrome" = Google Chrome
"InstallShield_{2CEDEB33-4931-48B1-8010-20618772B58E}" = Sage Simply Accounting 2012
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"Lenovo Welcome_is1" = Lenovo Welcome
"Logon Loader" = Logon Loader 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware 版本 1.70.0.1100
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NSS" = Norton Security Scan
"Office14.OMUI.fr-fr" = Microsoft Office Language Pack 2010 - French/Français
"Office14.OMUI.zh-tw" = Microsoft Office Language Pack 2010 - Chinese (Traditional)/中文(繁體)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PPLive" = PPTV厙釐萇弝 V3.3.0.0061
"PPSGame" = PPSGame V1.0.1.452
"PPStream" = PPStream V2.7.0.1499 Final
"QQMusic" = QQ音乐8.4
"RealPlayer 16.0" = RealPlayer
"The KMPlayer" = The KMPlayer (remove only)
"thunder_is1" = 捃濘7
"UN070618" = BUFFALO TurboUSB for FLASH/HDD
"WinLiveSuite" = Windows Live 程式集
"WinRAR archiver" = WinRAR 4.00 (32 位元)
"YInstHelper" = Yahoo! Install Manager
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.4
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.8.3
"Youtube to MP3 Converter_is1" = Youtube to MP3 Converter v. 1.4
"迅雷看看高清播放组件" = 迅雷看看高清播放组件
"迅雷看看播放器" = 迅雷看看播放器

========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2354949678-1773501639-2422343938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Lenovo-Message Center Plus/Admin Events ]
Error - 31/8/2011 6:13:55 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = 找不到檔案 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\download_1.ico'。
-> Exception message: 找不到檔案 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW\download_1.ico'。

Error - 21/4/2012 3:48:33 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = 並未將物件參考設定為物件的執行個體 -> Exception message: 並未將物件參考設定為物件的執行個體

Error - 7/6/2012 16:17:20 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: 由於另一個處理序正在使用檔案 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin',所以無法存取該檔案。

Error - 7/6/2012 16:17:24 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Exception -> Exception message: 由於另一個處理序正在使用檔案 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin',所以無法存取該檔案。

Error - 7/6/2012 21:44:58 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = 找不到路徑 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB\SeedDB.tag'
的一部分。 -> Exception message: 找不到路徑 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB\SeedDB.tag'
的一部分。

Error - 15/10/2012 18:25:14 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = IOException -> Exception message: 由於另一個處理序正在使用檔案 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin',所以無法存取該檔案。

Error - 15/10/2012 18:26:04 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Exception -> Exception message: 由於另一個處理序正在使用檔案 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin',所以無法存取該檔案。

Error - 15/10/2012 22:25:30 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = 找不到路徑 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB\SeedDB.tag'
的一部分。 -> Exception message: 找不到路徑 'C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB\SeedDB.tag'
的一部分。

Error - 9/12/2012 1:22:46 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = 並未將物件參考設定為物件的執行個體 -> Exception message: 並未將物件參考設定為物件的執行個體

Error - 10/1/2013 5:12:36 | Computer Name = user-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = 並未將物件參考設定為物件的執行個體 -> Exception message: 並未將物件參考設定為物件的執行個體


< End of report >
 
OTL logfile created on: 8/2/2013 18:29:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kitty Tsang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

3.91 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 54.38% Memory free
7.82 Gb Paging File | 5.81 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 154.93 Gb Free Space | 34.51% Space Free | Partition Type: NTFS
Drive H: | 122.24 Mb Total Space | 119.76 Mb Free Space | 97.97% Space Free | Partition Type: FAT
Drive Q: | 15.62 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: USER-THINK | User Name: Kitty Tsang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/08 16:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kitty Tsang\Desktop\OTL.exe
PRC - [2013/02/08 15:45:42 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kitty Tsang\Desktop\JRT.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/24 10:02:29 | 000,945,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012/12/24 23:31:28 | 000,251,896 | ---- | M] (PPLive Corporation) -- C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2012/12/21 20:39:35 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/04/24 19:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/12/21 11:00:00 | 000,099,656 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
PRC - [2011/12/21 11:00:00 | 000,021,320 | ---- | M] (Sage) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/21 22:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/21 22:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/02/03 13:44:00 | 000,057,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/01/27 15:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/01/27 15:30:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011/01/27 15:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/01/16 22:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/01/07 11:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010/12/27 05:56:16 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/12/27 05:56:04 | 000,431,464 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
PRC - [2010/12/27 05:56:00 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/12/27 05:55:58 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/12/16 21:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/30 03:08:06 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe
PRC - [2010/11/25 11:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/11/20 07:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/09/30 10:47:44 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe
PRC - [2010/05/06 13:09:52 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/02/23 22:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files (x86)\PPStream\PPSAP.exe
PRC - [2010/01/24 22:25:14 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/08 05:44:23 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/07 16:10:34 | 000,444,816 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\tipsclient.dll
MOD - [2013/01/10 00:23:26 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/10 00:23:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 00:22:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/10 00:22:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 00:22:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 00:21:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/25 23:16:03 | 000,088,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\tipsdone.dll
MOD - [2012/12/24 23:31:20 | 000,570,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\PPLiveNetwork\1.0.1.2908\MngModule.dll
MOD - [2012/03/20 18:01:12 | 000,062,792 | ---- | M] () -- C:\Windows\assembly\GAC_32\Simply.ConnectionManagerService\15.0.0.1__bfd98eaca3f932d5\Simply.ConnectionManagerService.dll
MOD - [2012/03/07 18:15:56 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/03/07 18:15:36 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2011/06/24 09:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 09:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/30 03:08:06 | 000,138,584 | ---- | M] () -- C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe
MOD - [2010/05/06 13:10:06 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryGeneric.plugin
MOD - [2010/05/06 13:10:06 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ressources\plugins\DiscoveryNdis.plugin
MOD - [2010/05/06 13:09:54 | 001,048,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxmsw28u_core_vc_custom.dll
MOD - [2010/05/06 13:09:54 | 000,726,528 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\wxbase28u_vc_custom.dll
MOD - [2010/05/06 13:09:52 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\UIToolkit.dll
MOD - [2010/05/06 13:09:52 | 000,472,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Toolkit.dll
MOD - [2010/05/06 13:09:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\pcre3.dll
MOD - [2010/05/06 13:09:52 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
MOD - [2010/05/06 13:09:52 | 000,048,128 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Preferences.dll
MOD - [2010/05/06 13:09:50 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Device.dll
MOD - [2010/05/06 13:09:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\DB.dll
MOD - [2010/05/06 13:09:50 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\Discovery.dll
MOD - [2010/05/06 13:09:48 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Internet Modem\ComCore.dll
MOD - [2010/04/06 11:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
MOD - [2010/04/06 11:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/19 23:08:16 | 000,571,936 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2011/01/27 15:30:20 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/01/27 15:29:32 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/13 16:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/17 06:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/12 04:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/11/02 15:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 15:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 15:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/08 05:44:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/24 10:02:29 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2012/12/24 23:31:52 | 000,505,312 | ---- | M] (PPTV) [Auto | Running] -- C:\Windows\SysWOW64\PPTVSvc.dll -- (PPTVService)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/09/24 22:48:48 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012/09/12 22:14:58 | 000,088,080 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2011/12/21 11:00:00 | 000,021,320 | ---- | M] (Sage) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/21 22:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/21 22:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/03 13:44:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/01/07 11:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010/12/27 05:56:00 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/12/27 05:55:58 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/11/30 03:05:30 | 000,252,784 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\one2free Next G Connection Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/11/25 11:51:34 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/03/18 00:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/24 22:25:14 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/24 10:02:30 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/24 14:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/06 06:52:22 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/04 20:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011/02/17 05:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/03 13:44:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/01/13 16:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011/01/13 16:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/14 21:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/07 06:06:42 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/12/01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 04:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/09 05:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/04/22 14:07:26 | 000,098,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_acm.sys -- (nokia_cs1x_cdc_acm)
DRV:64bit: - [2010/04/22 14:07:26 | 000,097,280 | ---- | M] (Nokia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nokia_cs1x_dc_enum.sys -- (nokia_cs1x_dc_enum)
DRV:64bit: - [2010/04/22 14:07:26 | 000,053,760 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cdc_ecm.sys -- (nokia_cs1x_cdc_ecm)
DRV:64bit: - [2010/04/22 14:07:26 | 000,013,824 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nokia_cs1x_cpo.sys -- (nokia_cs1x_cpo)
DRV:64bit: - [2009/10/29 06:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/10/29 06:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/10/29 06:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/10/29 06:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 21:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/23 21:31:36 | 000,028,728 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusb64h.sys -- (btusb64h)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{53A92D71-782E-434C-A8A3-7081A4492AC7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{DFC8C767-4CE9-450C-8FC1-77B5F19C2B9C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\..\SearchScopes\{A2E8FDB8-C194-4A01-9C84-D9B95F65D8DD}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.2908\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(401).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/KKVA: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npKKVA.1.0.0.6.(402).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll ( )

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/21 20:40:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/21 20:40:21 | 000,000,000 | ---D | M]

[2013/01/29 21:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitty Tsang\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013/01/29 21:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kitty Tsang\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012/11/06 11:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Kitty Tsang\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2012/10/13 12:27:00 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Kitty Tsang\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/09/01 20:37:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://yahoo.com.hk/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://yahoo.com.hk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: GoogleChromeRemotePlugin (Enabled) = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\npbrowserext.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\mgHelperGC.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: QQ2011 (Enabled) = C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.42\Bin\npSSOAxCtrlForPTLogin.dll
CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(401).dll
CHR - plugin: Thunder KKVA NPAPI Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npKKVA.1.0.0.6.(402).dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.2908\npplugin2.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QQMusic (Enabled) = C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll
CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: XunLei Plugin (Enabled) = C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google \u6587\u4EF6 = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google \u96F2\u7AEF\u786C\u789F = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: PutLockerDownloader = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci\1.0_0\
CHR - Extension: YouTube = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Little Twin Stars = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpokdpifggoblfpdfgnenejhdfcfnfl\1_0\
CHR - Extension: Google \u641C\u5C0B = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealDownloader = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Unblock Youku = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.1.4_0\
CHR - Extension: Gmail = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Google \u6587\u4EF6 = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google \u96F2\u7AEF\u786C\u789F = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: PutLockerDownloader = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci\1.0_0\
CHR - Extension: YouTube = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Little Twin Stars = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgpokdpifggoblfpdfgnenejhdfcfnfl\1_0\
CHR - Extension: Google \u641C\u5C0B = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealDownloader = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Unblock Youku = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.1.4_0\
CHR - Extension: Gmail = C:\Users\Kitty Tsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/08 17:31:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (捃濘狟婥盓厥) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (VideoUrlSniffer Class) - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(401).dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (捃濘FLV弝凊抻摯狟婥盓厥) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.8.71.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (BrowserHelper) - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll (TODO: <Company name>)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (捃濘狟婥盓厥) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468 Class) - {ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468} - C:\Program Files (x86)\QvodPlayer\AddIn\{ADA05D0E-4A32-6CD5-C5D8-CBAC01D8B468}\QvodAddr.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Soluto] C:\Program Files\Soluto\soluto.exe (Soluto)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionManager] C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe (Sage)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NokiaInternetModem_AppStart.exe] C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe ()
O4 - HKLM..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\one2free Next G Connection Manager\UIExec.exe ()
O4 - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE (PPLive Corporation)
O4 - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kitty Tsang\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2354949678-1773501639-2422343938-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O8:64bit: - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()
O8:64bit: - Extra context menu item: 發送頁面至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: 發送圖像至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O8 - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm ()
O8 - Extra context menu item: 發送頁面至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: 發送圖像至藍牙裝置(B)... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {0000016b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
O9 - Extra Button: 迅雷看看播放器 - {0000026b-c524-4050-81a0-243669a86b9f} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
O9 - Extra Button: 迅雷看看 - {5D578929-E74E-46A2-A810-4F33D011DC52} - C:\Program Files (x86)\Common Files\Thunder Network\Kankan\XLStartKankan.exe ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.197.191.194 38.117.85.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5037CB4-5D75-4578-832C-3CC2AA2C729D}: DhcpNameServer = 204.197.191.194 38.117.85.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC116FF0-8393-46DB-AC08-B5C8082FBD42}: DhcpNameServer = 64.71.255.198 64.71.255.253
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Windows\Resources\Themes\XP萌化-伏八-乙荏製作\XP登入畫面-伏八.exe) - C:\Windows\Resources\Themes\XP萌化-伏八-乙荏製作\XP登入畫面-伏八.exe (水月萌化組)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========
 
You must log in or register to reply here.

Similar threads

E
Intel unveils 14A process node and custom chip-deal with Microsoft worth $15 billion
Replies
5
Views
183
Mr Majestyk
M
midian182
Apple made a search deal with Google because there was no "valid alternative," Eddy Cue...
Replies
0
Views
262
midian182
midian182
Scorpus
AMD promises upscaling quality improvements with FSR 3.1 update, adds Vulkan and Xbox...
Replies
7
Views
176
Puiu
Puiu

Latest posts

Back