Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow.


  • This topic is locked This topic is locked
8 replies to this topic

#1 aznkidzx

aznkidzx

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:12:40 AM

Posted 05 April 2009 - 09:04 AM

Hi, my computer always lags. Its like the graphic is lagging. I don't think its the graphics card and someone told me to scan my computer with trend Micro HiJackThis.

Here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:37 AM, on 4/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\ATI\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\StormII\stMgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 74.125.19.147 hechoenperu.net
O1 - Hosts: 74.125.19.147 www.hechoenperu.net
O1 - Hosts: 74.125.19.147 http://hechoenperu.net
O1 - Hosts: 74.125.19.147 http://www.hechoenperu.net/index.php
O1 - Hosts: 74.125.19.147 portablessa.com
O1 - Hosts: 74.125.19.147 www.portablessa.com
O1 - Hosts: 74.125.19.147 http://portablessa.com
O1 - Hosts: 74.125.19.147 http://www.portablessa.com
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DAEMON Tools Lite.lnk = C:\Program Files\DAEMON Tools Lite\daemon.exe
O4 - Startup: Restart Runtime.lnk = C:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: ???ˉ??嘧5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??嘧5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\ProgramData\Norton\Norton2009Reset.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴风网际科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6369 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:40 AM

Posted 14 April 2009 - 11:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:40 AM

Posted 10 May 2009 - 11:48 AM

Topic reopened at member's request.

@ aznkidzx

Please follow the instructions in my previous post.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 aznkidzx

aznkidzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:12:40 AM

Posted 11 May 2009 - 03:49 PM

DDS (Ver_09-03-16.01) - NTFSx86
Run by Admin at 16:46:41.83 on 05/11/2009 Mon
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\StormII\stMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Admin\Desktop\dds.scr
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/firefox/
uSearch Bar = hxxp://www.google.com/ie
BHO: ThunderAtOnce Class: {01443aec-0fd1-40fd-9c87-e93d1494c233} - c:\program files\thunder network\thunder\comdlls\TDAtOnce_Now.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Thunder Browser Helper: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\comdlls\xunleiBHO_Now.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\daemon~1.lnk - c:\program files\daemon tools lite\daemon.exe
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\restar~1.lnk - c:\program files\ati\ati.ace\core-static\MOM.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: 使用迅雷下载 - c:\program files\thunder network\thunder\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder\program\GetAllUrl.htm
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder\Thunder.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\n17k0dus.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\google\google updater\2.4.1448.1062\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\stormii\codec\plugins\nppl3260.dll
FF - plugin: c:\program files\stormii\codec\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 ccosm;Contrl Center of Storm Media;c:\program files\stormii\stormliv.exe [2008-3-10 559200]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-16 170640]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-5-1 604416]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-14 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-16 15504]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-1-13 346112]
S2 .norton2009Reset;Norton 2009 Reset;c:\programdata\norton\Norton2009Reset.exe [2009-2-27 281625]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-05-01 07:14 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-05-01 07:14 28,928 a------- c:\windows\system32\uxtuneup.dll
2009-05-01 07:14 17,152 a------- c:\windows\system32\authuitu.dll
2009-05-01 07:13 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-04-25 13:56 <DIR> --d----- c:\program files\Sun
2009-04-24 18:30 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-04-24 18:16 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-24 18:16 332,800 a------- c:\windows\system32\msihnd.dll
2009-04-24 18:16 73,216 a------- c:\windows\system32\msiexec.exe
2009-04-24 18:16 2,241,536 a------- c:\windows\system32\msi.dll
2009-04-24 17:50 <DIR> --d----- C:\b329e27d5ef5202cb301d842
2009-04-19 11:32 <DIR> --d----- C:\TDDOWNLOAD
2009-04-18 22:24 <DIR> --d----- c:\programdata\ESET
2009-04-18 22:24 <DIR> --d----- c:\program files\ESET
2009-04-17 18:51 <DIR> --d--r-- c:\program files\Skype
2009-04-17 15:29 <DIR> --d----- c:\users\admin\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-04-16 08:52 22 a------- c:\windows\msgtn.ini
2009-04-16 08:52 1,073,741,824 a------- C:\ppsds.pgf
2009-04-15 21:11 46 a------- c:\windows\PCDNSetting.ini
2009-04-15 21:09 113 a------- c:\windows\PPSMediaList.ini
2009-04-15 21:09 20 a------- c:\windows\powerlist.ini
2009-04-15 21:09 759 a------- c:\windows\psnetwork.ini
2009-04-15 21:09 631 a------- c:\windows\powerplayer.ini
2009-04-15 21:09 <DIR> --d----- c:\program files\PPStream
2009-04-15 21:02 28 a------- c:\windows\funshionplugin2.INI
2009-04-15 21:02 891,448 a------- c:\windows\system32\drivers\tcpip.sys.do
2009-04-15 21:01 <DIR> --d----- c:\users\admin\funshion
2009-04-15 16:34 <DIR> --d----- c:\program files\GVOD
2009-04-14 18:25 19 a---h--- c:\windows\dbisam.lck
2009-04-14 18:25 33,280 a------- c:\windows\LoginUsers.idx
2009-04-14 18:25 6,096 a------- c:\windows\LoginUsers.dat
2009-04-14 18:24 542,720 a------- c:\windows\system32\KuGoo3DownXControl.ocx
2009-04-14 18:24 <DIR> --d----- c:\program files\KuGoo2007
2009-04-13 18:53 <DIR> --d----- c:\programdata\Skype
2009-04-13 11:05 <DIR> --d----- c:\users\admin\appdata\roaming\mIRC

==================== Find3M ====================

2009-04-18 21:57 86,016 a------- c:\windows\inf\infstrng.dat
2009-04-18 21:57 86,016 a------- c:\windows\inf\infstor.dat
2009-04-18 21:57 51,200 a------- c:\windows\inf\infpub.dat
2009-03-31 21:28 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-29 09:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-16 20:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 20:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 20:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-02 21:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 21:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 21:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-02 21:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-02 21:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-02 21:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 21:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-02 21:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-02 21:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-02 21:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 20:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 19:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 19:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-14 20:15 143,816 a---h--- c:\windows\system32\mlfcache.dat
2009-02-13 01:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 01:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2008-12-29 16:49 36,864 a------- c:\windows\inf\Winio.dll
2008-12-29 16:49 5,174 a------- c:\windows\inf\Winio.bat
2008-12-29 16:49 52,736 a------- c:\windows\inf\ThuVien.Dll
2008-12-29 16:49 4,944 a------- c:\windows\inf\Winio.sys
2008-12-29 16:49 4,944 a------- c:\windows\inf\Winio.dat
2008-12-29 16:49 353,280 a------- c:\windows\inf\MFCO42D.Dll
2008-12-29 16:49 160,256 a------- c:\windows\inf\MSVCRTD.Dll
2008-12-29 16:49 23,040 a------- c:\windows\inf\MFCN42D.Dll
2008-12-29 16:49 371,712 a------- c:\windows\inf\MFC42D.Dll
2008-12-29 16:49 57,344 a------- c:\windows\inf\Config.dll
2008-09-07 09:58 174 a--sh--- c:\program files\desktop.ini
2008-09-07 09:44 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-01 16:19 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-01 16:19 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-01 16:19 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 16:48:36.37 ===============

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:40 AM

Posted 12 May 2009 - 03:42 PM

Hi aznkidzx,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

I see in both your posts all the required logs are not posted and the problem is not described as it is clearly asked in bold. If you decide you need our assistance please read the whole post, perform all the steps fully and give the feedback asked.
  • Please download http://OTListIt2 by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt2 icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Type or copy and paste in the Custom Scans/Fixes section: drivers32
  • Click Run Scan button.
  • Two reports will open, copy and paste both the first logs to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[*]Tell me about the current condition of your computer.
[/list]

#6 aznkidzx

aznkidzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:12:40 AM

Posted 12 May 2009 - 07:59 PM

OTListIt logfile created on: 5/12/2009 8:51:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.62 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 49.88% Memory free
3.49 Gb Paging File | 2.47 Gb Available in Paging File | 70.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.43 Gb Total Space | 156.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS
Drive D: | 10.46 Gb Total Space | 2.48 Gb Free Space | 23.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QQ-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/06/14 01:09:42 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe
PRC - [2007/06/14 01:09:42 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/06/10 13:56:32 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/11/17 14:58:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/01/14 17:11:30 | 00,399,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008/10/17 01:38:36 | 00,308,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
PRC - [2009/02/06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/01/19 00:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/08/08 05:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2006/09/29 09:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/06/10 13:56:28 | 00,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/01/19 00:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/10/29 16:40:04 | 00,559,200 | ---- | M] (北京暴风网际科技有限公司) -- C:\Program Files\StormII\stormliv.exe
PRC - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/01/14 17:11:30 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2007/07/27 11:49:42 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe
PRC - [2009/05/01 07:14:06 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/09/29 09:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/10/16 19:11:12 | 00,743,520 | ---- | M] (北京暴风网际科技有限公司) -- C:\Program Files\StormII\stMgr.exe
PRC - [2008/12/17 14:59:08 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/12/14 14:49:12 | 00,831,488 | ---- | M] () -- C:\Users\Admin\Desktop\WPE PRO - modified.exe
PRC - [2009/05/12 20:50:57 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/27 23:12:57 | 00,281,625 | R--- | M] () -- C:\ProgramData\Norton\Norton2009Reset.exe -- (.norton2009Reset [Auto | Stopped])
SRV - [2008/09/02 18:24:25 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/06/14 01:09:42 | 00,606,208 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2008/10/29 16:40:04 | 00,559,200 | ---- | M] (北京暴风网际科技有限公司) -- C:\Program Files\StormII\stormliv.exe -- (ccosm [Auto | Running])
SRV - [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/06/19 18:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/06/19 18:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/14 17:11:30 | 00,170,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2008/06/19 18:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/16 17:42:00 | 02,741,114 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\system32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/27 11:49:42 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2009/05/01 07:13:59 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/05/01 07:14:06 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2009/04/27 05:21:36 | 00,028,928 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 00:41:50 | 00,983,552 | ---- | M] (Agere Systems) -- C:\Windows\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 02:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/06/14 01:21:30 | 02,600,960 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 02:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/02/06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\Windows\system32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009/02/06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\Windows\system32\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/02/06 14:24:26 | 00,092,800 | ---- | M] (ESET) -- C:\Windows\system32\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])
DRV - [2009/04/24 18:30:57 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/07/24 19:45:20 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2009/01/14 17:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2007/01/09 09:22:28 | 00,006,144 | ---- | M] (Chic) -- C:\Windows\system32\DRIVERS\moufiltr.sys -- (moufiltr [On_Demand | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2008/12/24 10:22:51 | 00,004,096 | ---- | M] () -- C:\Windows\system32\drivers\nocashio.sys -- (nocashio [On_Demand | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/06/09 14:12:06 | 00,018,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/12/04 12:34:34 | 00,030,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\point32k.sys -- (Point32 [On_Demand | Running])
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/01/20 07:49:26 | 00,142,848 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2009/01/13 10:56:06 | 00,346,112 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\system32\DRIVERS\RTL8187B.sys -- (RTL8187B [On_Demand | Running])
DRV - [2008/06/23 09:44:54 | 00,062,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/09/01 17:42:59 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/07/27 11:50:22 | 00,329,728 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2008/01/18 23:14:10 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/17 15:22:02 | 00,181,176 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/05/23 17:37:40 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2006/11/02 02:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/firefox/
IE - HKU\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3314151858-914702992-3092870422-1000\S-1-5-21-3314151858-914702992-3092870422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {ee6976bb-656b-45cf-b2b6-5c837ee59a96}:0.2c
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {1B33E42F-EF14-4cd3-B6DC-174571C4349C}:3.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6
FF - prefs.js..extensions.enabledItems: {9864f3b8-68ba-463e-9589-20a4da429bb7}:1.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\PROGRAMDATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2009/02/23 16:03:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/09 12:41:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/15 18:23:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

[2009/03/12 19:01:11 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2008/09/01 17:03:53 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/12 19:01:11 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/05/12 16:02:15 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\n17k0dus.default\extensions
[2008/12/29 12:41:14 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\n17k0dus.default\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}
[2008/09/21 21:24:50 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\n17k0dus.default\extensions\{ee6976bb-656b-45cf-b2b6-5c837ee59a96}
[2009/05/11 17:34:53 | 00,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\n17k0dus.default\extensions\firebug@software.joehewitt.com
[2008/10/22 19:10:45 | 00,001,901 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\n17k0dus.default\searchplugins\aimsearch.xml
[2009/04/15 18:16:54 | 00,001,330 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\n17k0dus.default\searchplugins\wikipedia-en.xml
[2008/09/22 14:03:36 | 00,002,109 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\n17k0dus.default\searchplugins\youtube-video-search.xml
[2009/05/12 19:29:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/23 19:27:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/17 18:51:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/29 09:47:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/02/23 19:27:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/17 14:59:30 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/17 14:59:31 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/17 14:59:32 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/18 17:43:04 | 00,036,864 | ---- | M] (迅雷网络) -- C:\Program Files\mozilla firefox\components\NsThunderLoader.dll
[2008/12/17 14:59:33 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/18 17:43:04 | 00,053,248 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\mozilla firefox\components\ThunderComponent.dll
[2008/12/17 14:59:35 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/12/17 11:24:41 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/17 11:24:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/17 11:24:41 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/17 11:24:41 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/17 11:24:41 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/17 11:24:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (327 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.19.147 hechoenperu.net
O1 - Hosts: 74.125.19.147 www.hechoenperu.net
O1 - Hosts: 74.125.19.147 http://hechoenperu.net
O1 - Hosts: 74.125.19.147 http://www.hechoenperu.net/index.php
O1 - Hosts: 74.125.19.147 portablessa.com
O1 - Hosts: 74.125.19.147 www.portablessa.com
O1 - Hosts: 74.125.19.147 http://portablessa.com
O1 - Hosts: 74.125.19.147 http://www.portablessa.com
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Thunder Networking Technologies,LTD)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" (Google Inc.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-3314151858-914702992-3092870422-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3314151858-914702992-3092870422-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DAEMON Tools Lite.lnk = C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Restart Runtime.lnk = C:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm ()
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm File not found
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra 'Tools' menuitem : 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (Thunder Networking Technologies,LTD)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\System32\KuGoo3DownXControl.ocx (酷狗)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Windows\System32\KuGoo3DownXControl.ocx (酷狗)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{35b33718-3a70-11de-adde-0003254f9ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{35b33718-3a70-11de-adde-0003254f9ee8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4052476e-3440-11de-894e-0003254f9ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{4052476e-3440-11de-894e-0003254f9ee8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bd0aa222-7566-11dd-a36d-0003254f9ee8}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0aa222-7566-11dd-a36d-0003254f9ee8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
Drivers32: aux1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\system32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\system32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/05/12 20:50:57 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTListIt2.exe
[2009/05/12 20:50:17 | 00,000,318 | ---- | C] () -- C:\Windows\WPE PRO - modified.INI
[2009/05/10 20:09:27 | 01,765,083 | ---- | C] () -- C:\Users\Admin\Desktop\Shoes in Asian Homes.mp3
[2009/05/08 22:44:35 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/01 15:30:39 | 00,000,508 | ---- | C] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/05/01 07:14:06 | 00,604,416 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/05/01 07:14:03 | 00,028,928 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009/05/01 07:14:03 | 00,017,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009/05/01 07:13:59 | 00,361,216 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/05/01 07:13:54 | 00,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009/04/25 13:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/04/24 18:30:57 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2009/04/24 18:16:39 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/04/24 18:16:38 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/04/24 18:16:38 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/04/24 18:16:37 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/04/24 17:50:26 | 00,000,000 | ---D | C] -- C:\b329e27d5ef5202cb301d842
[2009/04/19 11:32:58 | 00,000,000 | ---D | C] -- C:\TDDOWNLOAD
[2009/04/18 22:24:32 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/04/18 22:24:32 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/04/18 22:05:04 | 17,428,48000 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/17 18:52:00 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype
[2009/04/17 18:51:39 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/17 15:29:49 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/17 11:34:14 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\SQL Server Management Studio Express
[2009/04/17 11:31:34 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\Visual Studio 2005
[2009/04/16 08:52:40 | 00,000,022 | ---- | C] () -- C:\Windows\msgtn.ini
[2009/04/16 08:52:08 | 10,737,41824 | ---- | C] () -- C:\ppsds.pgf
[2009/04/16 08:09:38 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 08:09:36 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 08:09:36 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 08:09:29 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 08:09:29 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 08:09:28 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 08:09:27 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 08:09:27 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 08:09:27 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 08:09:27 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 08:09:27 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 08:09:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 08:09:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 08:09:25 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 08:09:24 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 08:09:24 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 08:09:24 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 08:09:24 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 08:09:21 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 08:09:19 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 08:09:18 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 08:09:17 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 08:09:17 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 08:09:17 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 08:09:17 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 08:09:16 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 08:09:16 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 08:09:16 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 08:09:16 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 08:09:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 08:09:15 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 08:09:15 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/16 08:09:14 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/15 21:11:07 | 00,000,046 | ---- | C] () -- C:\Windows\PCDNSetting.ini
[2009/04/15 21:09:39 | 00,000,113 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2009/04/15 21:09:38 | 00,000,020 | ---- | C] () -- C:\Windows\powerlist.ini
[2009/04/15 21:09:31 | 00,000,759 | ---- | C] () -- C:\Windows\psnetwork.ini
[2009/04/15 21:09:30 | 00,000,631 | ---- | C] () -- C:\Windows\powerplayer.ini
[2009/04/15 21:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\PPStream
[2009/04/15 21:02:06 | 00,000,028 | ---- | C] () -- C:\Windows\funshionplugin2.INI
[2009/04/15 21:02:01 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys.do
[2009/04/15 18:24:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/15 16:34:22 | 00,000,000 | ---D | C] -- C:\Program Files\GVOD
[2009/04/14 18:25:11 | 00,033,280 | ---- | C] () -- C:\Windows\LoginUsers.idx
[2009/04/14 18:25:11 | 00,006,096 | ---- | C] () -- C:\Windows\LoginUsers.dat
[2009/04/14 18:25:11 | 00,000,019 | -H-- | C] () -- C:\Windows\dbisam.lck
[2009/04/14 18:24:58 | 00,542,720 | ---- | C] (酷狗) -- C:\Windows\System32\KuGoo3DownXControl.ocx
[2009/04/14 18:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\KuGoo2007
[2009/04/13 18:53:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/04/13 11:53:47 | 00,000,000 | ---D | C] -- C:\Users\Admin\Documents\Trinity
[2009/04/13 11:05:05 | 00,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\mIRC
[2009/04/08 19:34:40 | 00,001,178 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2009/03/08 15:14:37 | 00,000,020 | ---- | C] () -- C:\Windows\GKLauncherInfo.ini
[2009/01/01 16:59:13 | 00,000,068 | ---- | C] () -- C:\Windows\Skipping launcher.INI
[2008/12/31 23:50:14 | 00,000,046 | ---- | C] () -- C:\Windows\phpdev.ini
[2008/12/27 22:15:55 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/12/24 10:22:51 | 00,004,096 | ---- | C] () -- C:\Windows\System32\drivers\nocashio.sys
[2008/12/21 17:22:04 | 00,000,318 | ---- | C] () -- C:\Windows\WPE PRO.INI
[2008/11/18 14:58:35 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2008/11/13 13:14:07 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/23 11:56:40 | 00,778,752 | ---- | C] () -- C:\Windows\System32\kcpp.dll
[2008/09/06 10:18:37 | 00,000,070 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/09/06 08:37:53 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/09/04 21:02:28 | 01,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2008/09/01 17:42:59 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/01 17:40:02 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/06/14 01:11:38 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,287 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,274 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/12 20:53:51 | 00,000,318 | ---- | M] () -- C:\Windows\WPE PRO - modified.INI
[2009/05/12 20:50:57 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTListIt2.exe
[2009/05/12 20:00:00 | 00,000,508 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009/05/12 19:50:43 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/12 19:50:43 | 00,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/12 19:25:27 | 00,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/12 19:25:27 | 00,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/12 19:25:27 | 00,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/12 15:50:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/12 15:50:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/12 15:50:24 | 17,428,48000 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/12 06:58:06 | 00,333,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/10 20:09:29 | 01,765,083 | ---- | M] () -- C:\Users\Admin\Desktop\Shoes in Asian Homes.mp3
[2009/05/01 07:14:06 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2009/05/01 07:13:59 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2009/05/01 07:13:54 | 00,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009/04/27 05:21:44 | 00,017,152 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009/04/27 05:21:36 | 00,028,928 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009/04/26 11:19:41 | 00,000,026 | ---- | M] () -- C:\Windows\System32\xlhcc.dat
[2009/04/26 10:26:33 | 00,000,898 | ---- | M] () -- C:\Windows\System32\cid_store.dat
[2009/04/25 22:52:03 | 00,000,759 | ---- | M] () -- C:\Windows\psnetwork.ini
[2009/04/25 22:52:03 | 00,000,631 | ---- | M] () -- C:\Windows\powerplayer.ini
[2009/04/25 22:52:03 | 00,000,113 | ---- | M] () -- C:\Windows\PPSMediaList.ini
[2009/04/25 22:52:03 | 00,000,046 | ---- | M] () -- C:\Windows\PCDNSetting.ini
[2009/04/25 21:24:27 | 00,000,020 | ---- | M] () -- C:\Windows\powerlist.ini
[2009/04/24 18:30:57 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2009/04/17 17:08:35 | 00,000,070 | ---- | M] () -- C:\Windows\GunzLauncher.INI
[2009/04/17 07:37:02 | 00,000,287 | ---- | M] () -- C:\Windows\win.ini
[2009/04/16 11:10:39 | 00,000,028 | ---- | M] () -- C:\Windows\funshionplugin2.INI
[2009/04/16 08:52:40 | 00,000,022 | ---- | M] () -- C:\Windows\msgtn.ini
[2009/04/16 08:52:08 | 10,737,41824 | ---- | M] () -- C:\ppsds.pgf
[2009/04/15 21:01:43 | 00,001,178 | ---- | M] () -- C:\Windows\System32\funshion.ini
[2009/04/14 20:06:34 | 00,000,436 | -HS- | M] () -- C:\Users\Admin\Desktop\desktop.ini
[2009/04/14 18:26:52 | 00,033,280 | ---- | M] () -- C:\Windows\LoginUsers.idx
[2009/04/14 18:26:52 | 00,006,096 | ---- | M] () -- C:\Windows\LoginUsers.dat
[2009/04/14 18:26:47 | 00,542,720 | ---- | M] (酷狗) -- C:\Windows\System32\KuGoo3DownXControl.ocx
[2009/04/14 18:25:11 | 00,000,019 | -H-- | M] () -- C:\Windows\dbisam.lck
< End of report >



OTListIt Extras logfile created on: 5/12/2009 8:51:45 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Users\Admin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.62 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 49.88% Memory free
3.49 Gb Paging File | 2.47 Gb Available in Paging File | 70.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.43 Gb Total Space | 156.38 Gb Free Space | 70.31% Space Free | Partition Type: NTFS
Drive D: | 10.46 Gb Total Space | 2.48 Gb Free Space | 23.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QQ-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/03/15 20:11:08 | 02,505,080 | ---- | M] (PPStream Inc.) -- C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS网络电视
[2008/12/11 03:06:26 | 00,210,296 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS 网络加速器

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{0018601E-4FF3-47CB-9C5D-3CA27EFDF3D0} = RPORT=2177 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (QWAVE-TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{01FC5C27-4C0C-409A-BC6F-1F9A02AB28BC} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (SSDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{049984DA-06A3-45E8-BD6C-6B364BB165D8} = RPORT=2177 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (QWAVE-UDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{0632F67B-F4FF-4787-8788-A28AACA22096} = LPORT=10243 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (HTTP-STREAMING-IN) | APP=SYSTEM |
{0906A37E-6590-499E-B267-D07F585BB433} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DISTRIBUTED TRANSACTION COORDINATOR (RPC) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=KTMRM |
{0C40139C-BACA-4732-B750-24C1E5CD378D} = LPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NETWORK DISCOVERY (LLMNR-UDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{109765C2-560B-452C-890B-249E03C04063} = LPORT=2869 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WIRELESS PORTABLE DEVICES (UPNP-IN) | APP=SYSTEM |
{13782305-D725-426B-916E-3670443B4412} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (WSD-IN) | APP=C:\WINDOWS\SYSTEM32\NETPROJ.EXE |
{170368F1-C296-457E-8AFF-CF624C9C61F6} = LPORT=2178 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BITS PEERCACHING (CONTENT-IN) | APP=SYSTEM |
{196C06F5-D629-4F74-9433-E84A1806D807} = RPORT=5357 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (WSD EVENTS-OUT) | APP=SYSTEM |
{1D7FEF2E-CEAB-4237-9A72-51DFC73F2C47} = LPORT=3587 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (P2P-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=P2PSVC |
{21EF5140-1B2A-47AB-ACBB-E210A7D35586} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=NETWORK DISCOVERY (WSD-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{228921CC-60CF-42D5-943E-B3938306CFE3} = RPORT=2177 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (QWAVE-TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{27723FF4-D830-41D3-B854-997C444AC6B5} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DISTRIBUTED TRANSACTION COORDINATOR (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{298C356E-51C0-4A5C-AC8E-41B6672111E0} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (WSD-OUT) | APP=C:\WINDOWS\SYSTEM32\NETPROJ.EXE |
{29C0E074-2B73-420D-BDD8-0C640FF7D9A3} = RPORT=1701 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=ROUTING AND REMOTE ACCESS (L2TP-OUT) | APP=SYSTEM |
{2D5BAD56-0856-4B7C-B6AE-FB5C3E79B9AB} = LPORT=5358 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (WSD EVENTSSECURE-IN) | APP=SYSTEM |
{2E1D6674-6519-4C55-B9B5-F43B733D5823} = LPORT=3540 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (PNRP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=PNRPSVC |
{2F8117D7-D8B5-4D93-BD81-826FEBA58171} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (SSDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{30C0D440-2879-4742-8EB7-3428343D6244} = RPORT=2178 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=BITS PEERCACHING (CONTENT-OUT) | APP=SYSTEM |
{3573D1B4-7185-4D7D-A898-C5ED69354901} = LPORT=3306 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MYSQL |
{383F05B5-FE2D-4DA6-B373-0854C7A77724} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE ADMINISTRATION (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{3BA68747-E883-4E7E-9691-A78FFC3694F4} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (WSD-IN) | APP=C:\WINDOWS\SYSTEM32\P2PHOST.EXE |
{3D4EE5CE-9482-40FC-A7C0-0C7BEC4F8D5E} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BITS PEERCACHING (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{45D68D04-AF92-4FC0-AD98-CBFFEC445904} = RPORT=5358 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (WSD EVENTSSECURE-OUT) | APP=SYSTEM |
{45FE2DEA-2818-494F-8B77-A705C07A3B39} = LPORT=443 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SECURE SOCKET TUNNELING PROTOCOL (SSTP-IN) | APP=SYSTEM |
{4938430A-607F-4CA3-8A9A-568E41BCBC00} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE SCHEDULED TASKS MANAGEMENT (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{4B08EEDF-02DE-486D-A645-BE8986383284} = RPORT=10243 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (HTTP-STREAMING-OUT) | APP=SYSTEM |
{4BEE9365-3B57-4EDE-B5C4-784B27F33A33} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NETWORK DISCOVERY (WSD-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{570E75F9-B67E-43AA-833D-84774C0B4997} = LPORT=7777 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (WMDRM-ND/RTP/RTCP-IN) | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{5A37B179-D9B9-4F24-85AD-47F4F675BD48} = LPORT=2177 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (QWAVE-TCP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{5C7DF2B1-ADB9-439E-80DC-205BBF4F8911} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NETWORK DISCOVERY (PUB-WSD-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{5CFAC41D-676F-4E51-BF2B-6CD26F583903} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (SSDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{5F47552D-6EB7-455D-BE8E-37F422C6E67D} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS COLLABORATION COMPUTER NAME REGISTRATION SERVICE (SSDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{5F6469FD-6FD1-42A1-B0C5-154DA4D19715} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BITS PEERCACHING (RPC) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=BITS |
{6AACD84C-83FE-457C-A518-02E75B133A2C} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE EVENT LOG MANAGEMENT (RPC) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=EVENTLOG |
{6FDE246A-F4B8-43AE-A0B9-58E6E41ED15D} = RPORT=10244 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (HTTP-STREAMING-OUT) | APP=SYSTEM |
{71281FFE-ACD4-4D90-A344-DF55A5F56D39} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE SERVICE MANAGEMENT (RPC) | APP=C:\WINDOWS\SYSTEM32\SERVICES.EXE |
{72DBFA6E-962A-42C0-B4D5-5961D303F47D} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WIRELESS PORTABLE DEVICES (SSDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{742C07B5-4A92-4D4D-AD95-3E891878F85A} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WIRELESS PORTABLE DEVICES (SSDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{7608DC16-CA0F-435A-B04D-F478647841A0} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE SERVICE MANAGEMENT (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{789759C1-80A2-4F6D-8864-B049867959AE} = LPORT=80 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS REMOTE MANAGEMENT (HTTP-IN) | APP=SYSTEM |
{79642373-8949-4DCA-9C34-6D410F29B0E9} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE ADMINISTRATION (NP-IN) | APP=SYSTEM |
{79AD2B4F-559E-4DFA-997F-3ADED2D7DC87} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (WSD-OUT) | APP=C:\WINDOWS\SYSTEM32\P2PHOST.EXE |
{7A670DE2-7DE1-4A1E-8A42-C831A15557F9} = LPORT=2869 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (UPNP-IN) | APP=SYSTEM |
{7BD4E26B-1057-46FC-BB9C-FF1B20A2BA8A} = LPORT=162 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SNMP TRAP SERVICE (UDP IN) | APP=C:\WINDOWS\SYSTEM32\SNMPTRAP.EXE | SVC=SNMPTRAP |
{88500C91-30D0-4077-8504-257FAF99EEE8} = RPORT=3587 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (P2P-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=P2PSVC |
{8902A879-0339-4A04-A6C8-B8F949AD3B58} = LPORT=1723 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ROUTING AND REMOTE ACCESS (PPTP-IN) | APP=SYSTEM |
{8B7958E9-0269-418E-A15B-EB622752A521} = LPORT=3390 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (RDP-IN) | APP=SYSTEM |
{8F03D7F4-676A-4447-A15C-E96C95F3CC21} = RPORT=3540 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (PNRP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=PNRPSVC |
{90CDF5C0-E3C5-47C8-AC58-8F703E7D0C4F} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS COLLABORATION COMPUTER NAME REGISTRATION SERVICE (SSDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{980BE5CB-C9CC-499E-B032-49C92E1FC24D} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE SERVICE MANAGEMENT (NP-IN) | APP=SYSTEM |
{983AE262-A484-45C3-8290-371116991B47} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=NETWORK DISCOVERY (SSDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{A052CD74-2B6A-4EA4-8BB0-E582439220E5} = LPORT=135 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MANAGEMENT INSTRUMENTATION (DCOM-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{A3367963-6C5A-42BE-A1B7-9F6238C6BCD5} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE EVENT LOG MANAGEMENT (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{A4923598-F565-45DF-9150-9F861ABA436B} = LPORT=554 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (RTSP-IN) | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{A736D7A1-61A6-4A7C-8A60-C365ACA98110} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE EVENT LOG MANAGEMENT (NP-IN) | APP=SYSTEM |
{A78F2839-3F24-4D13-8CCE-5A55B1A2EF18} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE VOLUME MANAGEMENT (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{B6442D53-EB96-4EFD-93AB-7005327DE161} = RPORT=1723 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=ROUTING AND REMOTE ACCESS (PPTP-OUT) | APP=SYSTEM |
{B6CB1912-3F17-4453-800A-601A83E88607} = LPORT=135 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PERFORMANCE LOGS AND ALERTS (DCOM-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{B807E16F-72D0-4F57-8FA4-4EC79084FA3B} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE ADMINISTRATION (RPC) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=* |
{BA90E86F-F328-4762-ABAE-9F1BB85DCE69} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NETWORK DISCOVERY (SSDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{BDED79CD-C059-453E-A3AD-E31E6E5D2423} = LPORT=5722 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (DFSR-IN) | APP=C:\WINDOWS\SYSTEM32\DFSR.EXE | SVC=DFSR |
{C07A2C11-228F-4DE8-8EE0-ED459A75B95E} = LPORT=2177 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (QWAVE-TCP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{C0CE3367-2196-4105-A066-177D30D4726E} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=BITS PEERCACHING (WSD-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=BITS |
{C11E549F-98AA-41A2-9BEA-9A3703B1E0D1} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE VOLUME MANAGEMENT - VIRTUAL DISK SERVICE LOADER (RPC) | APP=C:\WINDOWS\SYSTEM32\VDSLDR.EXE |
{C3A23B95-D868-483C-9055-ED8D61EFDC24} = RPORT=2177 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (QWAVE-UDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{C40A59E4-9E39-40FA-B601-876301B3D25E} = LPORT=10244 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (HTTP-STREAMING-IN) | APP=SYSTEM |
{C69DE6BB-A349-4FF9-8A95-3533B0C5EEEF} = RPORT=3540 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS COLLABORATION COMPUTER NAME REGISTRATION SERVICE (PNRP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=PNRPSVC |
{CD9BA5AB-EBEA-41A8-8293-A058758473CA} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (SSDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{CF6669B6-34E3-4A56-A87A-F85E99996A71} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS FIREWALL REMOTE MANAGEMENT (RPC) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=POLICYAGENT |
{D31E6476-5EB1-4CD6-B389-129E53994927} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=NETWORK DISCOVERY (PUB WSD-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{D4EF9BEC-684F-49FE-9CD4-5E04560195A5} = LPORT=RPC-EPMAP | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS FIREWALL REMOTE MANAGEMENT (RPC-EPMAP) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=RPCSS |
{D582CFA1-E427-4CCF-85ED-C4532BBE2BC4} = LPORT=2177 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (QWAVE-UDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{D93E71A0-BA41-4582-91EE-8F9DBC4D2E55} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE VOLUME MANAGEMENT - VIRTUAL DISK SERVICE (RPC) | APP=C:\WINDOWS\SYSTEM32\VDS.EXE | SVC=VDS |
{E0CE81AA-AA2D-4E56-B522-C9DB55A9BBBD} = RPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=NETWORK DISCOVERY (LLMNR-UDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{E62D3884-6BDD-4E8C-934A-41567DF841A4} = LPORT=445 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NETLOGON SERVICE (NP-IN) | APP=SYSTEM |
{EA3DB2E6-CEE9-444B-AEDD-95F45E36C4ED} = LPORT=3540 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS COLLABORATION COMPUTER NAME REGISTRATION SERVICE (PNRP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=PNRPSVC |
{EBAB6FA7-B2DE-4390-AC48-C6AD77FB678B} = LPORT=1701 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ROUTING AND REMOTE ACCESS (L2TP-IN) | APP=SYSTEM |
{EDA6266B-6D8C-4719-8A53-5A311A0C2AE1} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BITS PEERCACHING (WSD-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=BITS |
{F030634F-F773-4195-BE06-AF74F6CB7E17} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (SSDP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{F199D8D0-BAAF-414E-8793-F3EF85DC8E2D} = LPORT=RPC | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE SCHEDULED TASKS MANAGEMENT (RPC) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SCHEDULE |
{F5D62A92-4BA2-4AE0-84AA-FE38AD95CB36} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (SSDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{FCE85237-8425-4C39-BE7B-50DF9DA34EC7} = RPORT=5722 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (DFSR-OUT) | APP=C:\WINDOWS\SYSTEM32\DFSR.EXE | SVC=DFSR |
{FEE83C2B-776E-41F8-A006-BD6F7B260ED5} = LPORT=5357 | PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (WSD EVENTS-IN) | APP=SYSTEM |
{FF8A7F75-43DF-4F6A-8C39-AB9E12AC2799} = LPORT=2177 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (QWAVE-UDP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

========== Vista Active Application Exception List ==========

{09053CC5-6F47-4E99-AF34-8D1889B90523} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (RTSP-OUT) | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{0A9A4162-0E49-41D6-B5CD-CAB45B9243E7} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (UPNPHOST-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{105E9BD1-0879-4998-AC90-410D824C4F54} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\P2PHOST.EXE |
{13957460-BF64-43DC-93BC-308F369E098C} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CAMERA ASSISTANT SOFTWARE | APP=C:\PROGRAM FILES\CAMERA ASSISTANT SOFTWARE FOR GATEWAY\TRAYBAR.EXE |
{1AD3AE51-FA1F-4F02-9855-E3A516C5C09D} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (TCP-IN) | APP=C:\WINDOWS\SYSTEM32\NETPROJ.EXE |
{1DA326DB-485B-4FB8-9FBF-48B2A28B84F7} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=REMOTE ASSISTANCE (TCP-IN) | APP=C:\WINDOWS\SYSTEM32\MSRA.EXE |
{22304969-66C0-4976-B6FC-F33CEE500498} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (TCP-OUT) | APP=C:\PROGRAM FILES\WINDOWS COLLABORATION\WINCOLLAB.EXE |
{25F2E40F-120A-4E1B-B5DB-9D616E95AB59} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WIRELESS PORTABLE DEVICES (TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\WUDFHOST.EXE |
{2782DD9A-3DF6-4EEC-A4FF-D39C0C3D17CA} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=暴非影以媒膛控制中心 | APP=C:\PROGRAM FILES\STORMII\STORMLIV.EXE |
{284863B0-FB3A-4666-87D6-F5493D31A7B7} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WIRELESS PORTABLE DEVICES (UPNPHOST-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{2A905B5A-2496-49FF-93BC-AA91581E8FE9} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (UDP-IN) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{3ACC088E-A7CA-472D-9622-05AC7F33F64F} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MANAGEMENT INSTRUMENTATION (WMI-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=WINMGMT |
{3B2CF76D-B278-47DE-82BA-418498598D87} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MANAGEMENT INSTRUMENTATION (WMI-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=WINMGMT |
{3DDF73D6-4F82-4702-8804-F3AC6AB82B2A} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER (UDP-OUT) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{3F3471BC-E986-4A13-A1ED-964103C911EC} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (STREAMING-TCP-OUT) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{40F62FE3-2C52-47CC-AB44-BF3F147E0E59} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=暴非影以媒膛控制中心 | APP=C:\PROGRAM FILES\STORMII\STORMLIV.EXE |
{443ADDF5-4FB3-4B1A-AD47-525BCA29D3C7} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=暴非影以 | APP=C:\PROGRAM FILES\STORMII\STORM.EXE |
{495DA677-58A4-4847-9391-8FB42C251EFE} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=NEXON GAME MANAGER | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{4C211888-C237-4D5E-867E-90BCA159B971} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (UDP-IN) | APP=C:\PROGRAM FILES\WINDOWS COLLABORATION\WINCOLLAB.EXE |
{52BF1360-191A-4498-ADEA-7A155180714F} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=REMOTE ASSISTANCE (UPNPHOST-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{52D76418-B167-45B4-987C-0C9E360BBA55} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=暴非影以 | APP=C:\PROGRAM FILES\STORMII\STORM.EXE |
{586C7499-0627-493E-BA93-617DE158C921} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ISCSI SERVICE (TCP-IN) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=MSISCSI |
{5D681B72-F3DA-4045-99F2-A9E1951F4B1F} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS PEER TO PEER COLLABORATION FOUNDATION (TCP-IN) | APP=C:\WINDOWS\SYSTEM32\P2PHOST.EXE |
{5DE04AFA-2FEF-4CA2-8457-27BC84CFB1E7} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=NETWORK DISCOVERY (UPNPHOST-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{6AC54AAB-52F1-470D-90BC-5ED58E485CD9} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER (UDP-IN) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{7884B695-E7D7-435A-A336-1E3B757882E0} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=ISCSI SERVICE (TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=MSISCSI |
{8B392BE1-1B20-47A4-9667-62D4B499CCAE} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WIRELESS PORTABLE DEVICES (UPNP-OUT) | APP=SYSTEM |
{91D45480-0B07-4A8E-AB76-FF844A986B0B} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=DISTRIBUTED TRANSACTION COORDINATOR (TCP-IN) | APP=C:\WINDOWS\SYSTEM32\MSDTC.EXE |
{A0786A94-823E-4C7C-AF56-93CF82CB3F16} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=CONNECT TO A NETWORK PROJECTOR (TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\NETPROJ.EXE |
{AA299EC9-6785-4AAB-A65B-1C67E59B7864} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=NEXON GAME MANAGER | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{AABC89A0-1445-4193-8BCC-A46BA25C7AD0} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MANAGEMENT INSTRUMENTATION (ASYNC-IN) | APP=C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE |
{AD21D95C-567F-41EF-845A-DB1DEA3D1A22} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (STREAMING-UDP-IN) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{AF2B61EA-BE10-426F-8650-3E73DBB436CC} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (WMDRM-ND/RTP/RTCP-IN) | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{B331227A-9368-43AC-AD3E-DC1F214664CB} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{B43B32FF-7ADF-42A5-8FA2-36DAF148BDAC} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (TCP-OUT) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{B92EAA3D-6A65-437C-A614-7AF994B893C3} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=DISTRIBUTED TRANSACTION COORDINATOR (TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\MSDTC.EXE |
{C336C974-25FC-4E1E-A9BD-3D0814A8EDDB} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (UDP-OUT) | APP=C:\PROGRAM FILES\WINDOWS COLLABORATION\WINCOLLAB.EXE |
{C50A7443-92D7-448A-A448-2F80D91B78EF} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (UDP-OUT) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{C698FA46-DDFB-4521-A0DD-8D2C7AF83224} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (SERVICE-OUT) | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{D607414B-C490-42C0-B908-BE5EE9E22132} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=MEDIA CENTER EXTENDERS (PROVISIONING LIBRARY-OUT) | APP=C:\WINDOWS\EHOME\MCX2PROV.EXE |
{D683F848-89DC-46DC-8FBB-9FB4CA7775D9} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=REMOTE ASSISTANCE (TCP-OUT) | APP=C:\WINDOWS\SYSTEM32\MSRA.EXE |
{D8C785DF-A04E-4CF7-8F9E-AF3BF59C3834} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (TCP-IN) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{D8CBDCA9-0FFA-41CA-BC60-2776E2298491} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (STREAMING-UDP-OUT) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{DC556408-116E-40F3-A6EA-6DDECB4F4D83} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PERFORMANCE LOGS AND ALERTS (TCP-IN) | APP=C:\WINDOWS\SYSTEM32\PLASRV.EXE |
{E6D8916F-9010-4505-9036-9B73854EC9EE} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER (TCP-OUT) | APP=C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{EA3BB95F-E26D-4FDE-B88B-F7DEE9DE7449} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE CALL | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\WLCSDK.EXE |
{ECDA418E-B3F8-4508-8983-9014D0C1491D} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS MEETING SPACE (TCP-IN) | APP=C:\PROGRAM FILES\WINDOWS COLLABORATION\WINCOLLAB.EXE |
{EFDB0F2E-A477-444B-8925-E6706DACDF2C} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=CAMERA ASSISTANT SOFTWARE | APP=C:\PROGRAM FILES\CAMERA ASSISTANT SOFTWARE FOR GATEWAY\TRAYBAR.EXE |
{FFA36261-79D8-469D-8A52-AF43E8FF0761} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | NAME=WINDOWS MEDIA PLAYER NETWORK SHARING SERVICE (UPNP-OUT) | APP=SYSTEM |
TCP Query User{64DD4E16-16B4-4AC4-800D-2A82F7C54DD8}C:\program files\ppstream\ppstream.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PPS网络电视 | APP=C:\PROGRAM FILES\PPSTREAM\PPSTREAM.EXE |
TCP Query User{6D54EB74-03E4-4405-873C-8C8F1F63211E}C:\users\admin\temp\teamviewer\version4\teamviewer.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TEAMVIEWER.EXE | APP=C:\USERS\ADMIN\TEMP\TEAMVIEWER\VERSION4\TEAMVIEWER.EXE |
TCP Query User{73AF9331-59C6-4BB9-8E58-07D259147628}C:\users\admin\temp\teamviewer3\teamviewer.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=TEAMVIEWER.EXE | APP=C:\USERS\ADMIN\TEMP\TEAMVIEWER3\TEAMVIEWER.EXE |
TCP Query User{78DC77D5-5FFC-4376-821D-88566E521852}C:\program files\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{D6998A6C-F2CF-478A-9F5D-0A4B3696FBCE}C:\windows\system32\java.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\WINDOWS\SYSTEM32\JAVA.EXE |
TCP Query User{F8A89DF7-18E7-4863-9D14-F398F1DA3433}C:\program files\internet explorer\iexplore.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=INTERNET EXPLORER | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
UDP Query User{4768025A-C1AA-49E6-88B8-818B30C09F87}C:\program files\mozilla firefox\firefox.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=FIREFOX | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{4847702D-A8CC-4F42-AD22-05817B642A4E}C:\windows\system32\java.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=JAVA™ PLATFORM SE BINARY | APP=C:\WINDOWS\SYSTEM32\JAVA.EXE |
UDP Query User{5321EC09-0C70-4906-9101-224BD260D0A9}C:\program files\internet explorer\iexplore.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=INTERNET EXPLORER | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
UDP Query User{5A18ED7C-CB59-447F-8BF9-D0248B07E13B}C:\program files\ppstream\ppstream.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PPS网络电视 | APP=C:\PROGRAM FILES\PPSTREAM\PPSTREAM.EXE |
UDP Query User{CB2A7528-01E3-4281-AF9B-573B7E0ADB6D}C:\users\admin\temp\teamviewer3\teamviewer.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TEAMVIEWER.EXE | APP=C:\USERS\ADMIN\TEMP\TEAMVIEWER3\TEAMVIEWER.EXE |
UDP Query User{D5BC1F45-789E-4115-AFFE-F4ABDE62B707}C:\users\admin\temp\teamviewer\version4\teamviewer.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=TEAMVIEWER.EXE | APP=C:\USERS\ADMIN\TEMP\TEAMVIEWER\VERSION4\TEAMVIEWER.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0BC2F780-AA5F-42F3-8C27-AD914ADF37C7}" = Catalyst Control Center Graphics Full New
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java™ SE Development Kit 6 Update 13
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4807DA91-A1F0-C8B2-0792-B44BC0289F18}" = Catalyst Control Center Core Implementation
"{4CAE18D6-EC63-F6E3-2B32-B77CB0579B74}" = ccc-core-static
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{71EBC6CB-4B04-515A-D1F7-EEFB823A50B3}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78C32FC7-35CA-0FED-7373-D58F6D89D355}" = Skins
"{7F244C37-DB0A-C9B7-2282-E9894801C06E}" = Catalyst Control Center Graphics Light
"{830C41B4-1501-3F28-D1C8-090B4FE2DB4B}" = Catalyst Control Center Graphics Previews Vista
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABB21DB-E5B2-5EBA-353F-7FA9C069CA4D}" = Catalyst Control Center Graphics Full Existing
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A797891C-0515-205C-8EFC-90724BE49374}" = CCC Help English
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"CCleaner" = CCleaner (remove only)
"GooglePinyin" = 谷歌拼音输入法
"gvod_is1" = 迅播GVOD播放器
"HijackThis" = HijackThis 2.0.2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LHTTSENG" = L&H TTS3000 British English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"PPStream" = PPStream
"storm2" = 暴风影音
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"thunder_is1" = 迅雷5
"ViewpointMediaPlayer" = Viewpoint Media Player
"VistaGlazz_is1" = VistaGlazz 1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"紫光华宇拼音输入法V6.1_is1" = 紫光华宇拼音输入法V6.1
"酷狗音乐2008" = 酷狗音乐2008

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3314151858-914702992-3092870422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/25/2009 6:03:41 PM | Computer Name = QQ-PC | Source = MySQL | ID = 100
Description =

Error - 4/25/2009 6:03:41 PM | Computer Name = QQ-PC | Source = MySQL | ID = 100
Description =

Error - 4/25/2009 6:03:58 PM | Computer Name = QQ-PC | Source = MySQL | ID = 100
Description =

Error - 4/25/2009 6:03:58 PM | Computer Name = QQ-PC | Source = MySQL | ID = 100
Description =

Error - 4/25/2009 6:04:08 PM | Computer Name = QQ-PC | Source = MySQL | ID = 100
Description =

Error - 4/25/2009 6:04:08 PM | Computer Name = QQ-PC | Source = MySQL | ID = 100
Description =

Error - 4/25/2009 6:27:00 PM | Computer Name = QQ-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1a0 Start Time: 01c9c5e205f51b80 Termination Time: 86

Error - 4/25/2009 9:31:13 PM | Computer Name = QQ-PC | Source = Application Error | ID = 1000
Description = Faulting application DeSuMS.exe, version 1.0.0.1, time stamp 0x48315e31,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x0003d292, process id 0x1444, application start time
0x01c9c60e9296dfc1.

Error - 4/26/2009 1:53:54 AM | Computer Name = QQ-PC | Source = EventSystem | ID = 4621
Description =

Error - 4/26/2009 2:21:43 PM | Computer Name = QQ-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module PNCRT.dll, version 6.0.0.0, time stamp 0x3b332173,
exception code 0xc0000005, fault offset 0x0000fab9, process id 0xe4c, application
start time 0x01c9c69b6cc9ab2a.

[ System Events ]
Error - 5/12/2009 5:59:41 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/12/2009 5:59:41 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/12/2009 5:59:41 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/12/2009 5:59:41 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/12/2009 6:50:37 PM | Computer Name = QQ-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:47:54 on 2009/5/12 was unexpected.

Error - 5/12/2009 6:50:39 PM | Computer Name = QQ-PC | Source = HTTP | ID = 15016
Description =

Error - 5/12/2009 6:51:07 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/12/2009 6:51:07 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/12/2009 6:51:07 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/12/2009 6:51:07 PM | Computer Name = QQ-PC | Source = Service Control Manager | ID = 7000
Description =

[ TuneUp Events ]
Error - 5/11/2009 9:33:29 AM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-11 06:33:29', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','2444',0)

Error - 5/11/2009 10:08:46 AM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-11 07:08:46', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','512',1)

Error - 5/11/2009 10:08:46 AM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-11 07:08:46', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','2444',1)

Error - 5/11/2009 6:02:10 PM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-11 15:02:10', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','1192',0)

Error - 5/11/2009 6:02:10 PM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-11 15:02:10', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','2296',0)

Error - 5/12/2009 9:58:24 AM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-12 06:58:24', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','2088',0)

Error - 5/12/2009 9:58:25 AM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-12 06:58:25', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','2480',0)

Error - 5/12/2009 5:59:12 PM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-12 14:59:12', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamservice.exe','1824',0)

Error - 5/12/2009 5:59:12 PM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-12 14:59:12', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','2416',0)

Error - 5/12/2009 6:50:55 PM | Computer Name = QQ-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-12 15:50:55', '\device\harddiskvolume2\program
files\malwarebytes' anti-malware\mbamgui.exe','1496',0)


< End of report >





Well, my computer when I play any game, it purely lags. Its not my internet connection thats the problem. Even when I try playing flash games or something, it will still lag. The graphics would just lag out of nowhere. It happens about once every few minutes. It started doing this for about 4 months.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:40 AM

Posted 13 May 2009 - 08:25 AM

Hi again,

  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • Please download GooredFix and save it to your Desktop.
    • Double-click GooredFix.exe on your Desktop to run it.
    • Select "2. Fix Goored" by typing 2 and pressing Enter.
    • Make sure all instances of Firefox are closed at this point.
    • Type y at the prompt and press Enter again.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

  • Please open OTListTt2.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :processes
      explorer.exe
      :otli
      SRV - C:\ProgramData\Norton\Norton2009Reset.exe
      O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} 
      O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
      O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} 
      O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm 
      O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} 
      :commands
      [resethosts]
      [start explorer]
      [emptytemp]
      [Reboot]
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Tell me how is the computer running.


#8 aznkidzx

aznkidzx
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Earth
  • Local time:12:40 AM

Posted 13 May 2009 - 07:30 PM

OH MY GOD! My computer froze for 2 hours because of scanning my computer with OTListTt2. It didn't work out neither. So I had to shutdown my computer. I try to start normal mode but it says reinstall you computer. I try safe mode and says same thing. And 1 hour later, finally a "Last Known Good Configuration" option pops up and works. I am never trying this again. My computer seems to get faster with the help of my friend. You can close this thread.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:40 AM

Posted 14 May 2009 - 01:27 AM

This thread will now be closed.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users