Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remove CBL blacklist pc3 Requested by, and for Oh My!


  • This topic is locked This topic is locked
12 replies to this topic

#1 m618

m618

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 22 October 2016 - 08:52 PM

Dear Gary,

 

Here I am posting about pc3.

(It's operating on Windows XP. It keeps crashing after running RogueKiller. So, cannot export RK file.)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by 606a (administrator) on XP-606A (18-10-2016 15:28:51)
Running from C:\Documents and Settings\kelly\桌面
Loaded Profiles: 606a (Available Profiles: user & Administrator & 606a)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: 中文 (台灣)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() D:\SmartERP\DSCPatchAgent.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(VIA Technologies, Inc.) C:\WINDOWS\system32\KaraokeSer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\conime.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(the sz development) C:\Program Files\DoroPDFWriter\DoroServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Tencent) C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Tencent) C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Borland Software Corporation) D:\SmartERP\s_dsbin\scktsrvr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\kelly\桌面\frstenglish.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [41118320 2011-12-06] (VIA Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-09-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WowUSBSecurity] => "C:\Program Files\WowUSBProtector\start.bat"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [DoroServer] => C:\Program Files\DoroPDFWriter\DoroServer.exe [208896 2016-02-20] (the sz development)
Winlogon\Notify\PCANotify: C:\WINDOWS\system32\PCANotify.dll [2007-04-27] (Symantec Corporation)
HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\Run: [acdseemc.exe] => C:\Program Files\Common Files\ACD Systems\ACDSeeMC.EXE
HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\Run: [Window Hide Tool] => C:\Program Files\Window Hide Tool\Window Hide Tool.exe
HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\Run: [QQ2009] => C:\Program Files\Tencent\QQIntl\Bin\QQ.exe [97976 2015-10-13] (Tencent)
HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [29532288 2016-08-22] (Skype Technologies S.A.)
HKU\S-1-5-21-793592983-989196123-2685349833-1131\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssflwbox.scr [389120 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD 數位識別標誌圖示覆疊處理程式] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2007-02-12] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-04] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-04] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 18 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-04] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{B63AC864-A834-4133-BC08-1AA4CFA1B130}: [NameServer] 172.16.1.3,172.16.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-793592983-989196123-2685349833-1131\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.misumi.com.tw/
HKU\S-1-5-21-793592983-989196123-2685349833-1131\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> DefaultScope {848CBC7D-B034-4811-9476-EBA05CDE7DB1} URL = hxxp://www.google.com/search?hl=zh-tw&q={searchTerms}
SearchScopes: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CC8510BF483E8389&affID=128166&tsp=5245
SearchScopes: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> {848CBC7D-B034-4811-9476-EBA05CDE7DB1} URL = hxxp://www.google.com/search?hl=zh-tw&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Windows Live 登入小幫手 -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-26] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-01-27] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @qq.com/npchrome -> C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll [2014-04-07] (Tencent)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-04-07] (Tencent)
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll [2012-10-25] ()
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2012-07-24] (Tencent)
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-793592983-989196123-2685349833-1131: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-18]
CHR Extension: (Google Slides) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-30]
CHR Extension: (Google Docs) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-30]
CHR Extension: (Google Drive) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-30]
CHR Extension: (YouTube) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-30]
CHR Extension: (Google Sheets) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-30]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-30]
CHR Extension: (myDownloads) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nibemhgacghipbplejpapmlnlkdaggbj [2016-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-30]
CHR HKU\S-1-5-21-793592983-989196123-2685349833-1131\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\kelly\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
StartMenuInternet: old_chrome.exe - C:\Program Files\Google\Chrome\Application\old_chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-09-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 digiwinvnc_service; C:\DigiWinVNC\winvnc2.exe [1976832 2014-08-11] (UltraVNC) [File not signed]
R2 DSCPatchService; D:\SmartERP\DSCPatchAgent.exe [694656 2009-07-03] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-24] (Macrovision Europe Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 KaraokeService; C:\WINDOWS\system32\KaraokeSer.exe [88688 2011-11-11] (VIA Technologies, Inc.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
S2 awhost32; "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-20] (Avira Operations GmbH & Co. KG)
R1 awecho; C:\WINDOWS\System32\drivers\awechomd.sys [13368 2007-03-30] (Symantec Corporation)
R1 awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [17848 2007-03-30] (Symantec Corporation)
R1 AW_HOST; C:\WINDOWS\System32\drivers\aw_host5.sys [18232 2007-03-30] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2004-08-04] (Microsoft Corporation)
R0 Gernuwa; C:\WINDOWS\system32\Drivers\Gernuwa.sys [20536 2007-03-30] (Symantec Corporation)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 mv2; C:\WINDOWS\System32\DRIVERS\mv2.sys [11496 2011-03-18] (UVNC BVBA)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2820608 2011-12-02] (VIA Technologies, Inc.)
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-18 15:28 - 2016-10-18 15:29 - 00017730 _____ C:\Documents and Settings\kelly\桌面\FRST.txt
2016-10-18 15:28 - 2016-10-18 15:28 - 00000000 ____D C:\FRST
2016-10-18 15:27 - 2016-10-18 15:27 - 01756672 _____ (Farbar) C:\Documents and Settings\kelly\桌面\frstenglish.exe
2016-10-14 16:02 - 2016-10-14 16:02 - 00243868 _____ C:\Documents and Settings\kelly\桌面\16mm 5M.pdf
2016-10-03 14:51 - 2016-10-03 14:51 - 00000751 _____ C:\Documents and Settings\kelly\桌面\捷徑 -  01.組件圖檔表- edit.xls.lnk
2016-09-23 08:51 - 2016-09-23 08:51 - 00000340 _____ C:\Documents and Settings\All Users\Application Data\SMRResults501.dat
2016-09-19 19:01 - 2016-09-22 23:21 - 00000000 ____D C:\Documents and Settings\kelly\Local Settings\Application Data\NPE
2016-09-19 19:01 - 2016-09-19 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2016-09-19 19:00 - 2016-09-16 17:30 - 03436280 _____ (Symantec Corporation) C:\Program Files\NPE諾頓強力清除器.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-18 15:29 - 2014-09-30 08:55 - 00000526 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-10-18 15:29 - 2012-10-24 11:51 - 00000000 ____D C:\Documents and Settings\kelly\Local Settings\Temp
2016-10-18 15:28 - 2012-10-24 11:51 - 00000000 ____D C:\Documents and Settings\kelly\桌面
2016-10-18 15:25 - 2012-10-24 16:27 - 00000000 ____D C:\Documents and Settings\kelly\Application Data\Skype
2016-10-18 14:54 - 2016-03-30 08:37 - 00000530 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-18 14:23 - 2016-03-30 08:37 - 00000526 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-18 14:23 - 2012-10-24 11:49 - 00000128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2016-10-18 14:22 - 2012-10-24 10:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-18 14:22 - 2004-08-04 20:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-10-18 14:00 - 2015-04-09 15:10 - 01582446 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-793592983-989196123-2685349833-1131-0.dat
2016-10-18 14:00 - 2015-04-09 15:09 - 00399726 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-10-18 14:00 - 2012-10-24 11:51 - 00000178 ___SH C:\Documents and Settings\kelly\ntuser.ini
2016-10-18 14:00 - 2012-10-24 10:12 - 00032694 _____ C:\WINDOWS\SchedLgU.Txt
2016-10-18 13:59 - 2012-10-24 11:51 - 00000000 ____D C:\Documents and Settings\kelly
2016-10-14 14:41 - 2015-01-12 16:29 - 00000000 ____D C:\temp
2016-10-13 14:14 - 2014-12-10 13:16 - 00000000 ____D C:\My Documents
2016-10-13 09:07 - 2016-04-12 16:46 - 00001930 _____ C:\Documents and Settings\kelly\桌面\.Fax File - 捷徑.lnk
2016-10-13 08:52 - 2016-03-30 13:59 - 00000000 ____D C:\Documents and Settings\kelly\桌面\TEMP
2016-10-07 17:47 - 2016-07-12 17:39 - 00000000 ____D C:\Documents and Settings\kelly\桌面\待處理
2016-10-06 15:44 - 2016-03-30 16:06 - 00001960 _____ C:\Documents and Settings\kelly\桌面\.scan file - 捷徑.lnk
2016-10-04 14:50 - 2012-11-06 15:02 - 02697728 __SHC C:\Documents and Settings\kelly\桌面\Thumbs.db
2016-10-04 11:28 - 2016-07-26 14:01 - 00000722 _____ C:\Documents and Settings\kelly\桌面\捷徑 -  01  廠商報價.lnk
2016-09-26 09:08 - 2012-10-24 17:54 - 00000000 ___HD C:\WINDOWS\inf
2016-09-23 17:54 - 2016-09-08 09:51 - 05298884 _____ C:\video0.dat
2016-09-23 17:24 - 2016-09-08 09:48 - 00000000 ____D C:\DigiWinVNC
 
==================== Files in the root of some directories =======
 
2016-09-19 19:00 - 2016-09-16 17:30 - 3436280 _____ (Symantec Corporation) C:\Program Files\NPE諾頓強力清除器.exe
2016-04-07 14:06 - 2016-04-07 14:06 - 0026805 _____ () C:\Documents and Settings\kelly\Application Data\逗點分隔值 (DOS).ADR
2012-10-24 16:00 - 2016-07-01 10:45 - 0052736 _____ () C:\Documents and Settings\kelly\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-09-23 08:51 - 2016-09-23 08:51 - 0000340 _____ () C:\Documents and Settings\All Users\Application Data\SMRResults501.dat
 
Some files in TEMP:
====================
C:\Documents and Settings\kelly\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\kelly\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\kelly\Local Settings\Temp\tmpC.tmp.exe
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1420wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1752wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1812wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI1880wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2064wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2092wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2096wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2132wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2136wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2204wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2220wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2228wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI2692wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3376wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3660wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI3996wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI4072wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI604wxmsw28uh_html_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696gdiplus.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696MFC71.DLL
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696MSVCP71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696MSVCR71.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696python25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696pythoncom25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696PyWinTypes25.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696SHLWAPI.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696wxbase28uh_net_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696wxbase28uh_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696wxmsw28uh_adv_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696wxmsw28uh_core_vc.dll
C:\Documents and Settings\kelly\Local Settings\Temp\_MEI696wxmsw28uh_html_vc.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2016
Ran by 606a (18-10-2016 15:29:30)
Running from C:\Documents and Settings\kelly\桌面
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-10-24 02:11:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1409082233-2147094695-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1409082233-2147094695-682003330-1004 - Limited - Enabled)
Guest (S-1-5-21-1409082233-2147094695-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1409082233-2147094695-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1409082233-2147094695-682003330-1002 - Limited - Disabled)
user (S-1-5-21-1409082233-2147094695-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat X Pro - ChineseT (HKLM\...\{AC76BA86-1028-0000-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
AutoCAD 2008 - Traditional Chinese (HKLM\...\AutoCAD 2008 - Traditional Chinese) (Version: 17.1.51.0 - Autodesk)
AutoCAD 2008 - Traditional Chinese (Version: 17.1.51.0 - Autodesk) Hidden
Autodesk DWF Viewer 7 (HKLM\...\{9A346205-EA92-4406-B1AB-50379DA3F057}) (Version: 7.2.0 - Autodesk, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CLIENT (HKLM\...\{429AE1AA-F5F9-43BA-9BD4-5593BDF4616C}) (Version:  - )
Client (HKLM\...\{5142E65E-2778-4068-A5F2-127D84931EEF}) (Version:  - )
Doro 2.07 (HKLM\...\Doro_is1) (Version:  - CompSoft)
DSC Smart ERP Systems (HKLM\...\{D55CA3A1-A7B8-4F8E-A6AC-3AC69C169117}) (Version: 8.2.0.0 - Data Systems Consulting Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.1.001 - HTC Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5398 - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KB2564958:Microsoft Windows 安全性更新 (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 語言套件 - 繁體中文 (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - CHT) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{F2E0402D-AA60-32E3-8480-39AD5CE79DF2}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
oCam 版本 212.0 (HKLM\...\oCam_is1) (Version: 212.0 - hxxp://ohsoft.net/)
PDF Password Remover (HKLM\...\{DB150C19-4A8F-4EF7-AC75-96098EACE179}) (Version: 1.0.6 - PDF Technologies)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Editor (HKLM\...\{E04E0D78-07B7-49BA-9DFD-0C04574CBD6F}) (Version: 5.5.311.0 - Tracker Software Products (Canada) Ltd.)
Platform (Version: 1.39 - VIA Technologies, Inc.) Hidden
QQ International (HKLM\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Server (HKLM\...\{8E0C5B2D-5054-43A2-BC42-3ADA41E30DD9}) (Version:  - )
SERVER (HKLM\...\{F8FABDCD-23AB-44A9-BD71-A64C64D6621D}) (Version:  - )
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Symantec pcAnywhere (HKLM\...\{12518183-866A-11D3-97DF-0000F8D8F2E9}) (Version: 12.5.0 - Symantec Corporation)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2701.04) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VIA 平台裝置管理員 (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Internet Explorer 8 安全性更新 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Windows Internet Explorer 8 安全性更新 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Windows Internet Explorer 8 安全性更新 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Windows Internet Explorer 8 安全性更新 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Windows Internet Explorer 8 更新 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Windows Live 上載工具 (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live 登入小幫手 (HKLM\...\{4E4F8EE0-43EC-4AB9-9A04-702F2AE7E229}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live 程式集 (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 安全性更新 (KB2378111) (HKLM\...\KB2378111_WM9) (Version:  - Microsoft Corporation)
Windows Media Player 安全性更新 (KB952069) (HKLM\...\KB952069_WM9) (Version:  - Microsoft Corporation)
Windows Media Player 安全性更新 (KB954155) (HKLM\...\KB954155_WM9) (Version:  - Microsoft Corporation)
Windows Media Player 安全性更新 (KB973540) (HKLM\...\KB973540_WM9) (Version:  - Microsoft Corporation)
Windows Media Player 安全性更新 (KB975558) (HKLM\...\KB975558_WM8) (Version:  - Microsoft Corporation)
Windows Media Player 安全性更新 (KB978695) (HKLM\...\KB978695_WM9) (Version:  - Microsoft Corporation)
Windows XP Hotfix (KB2756822) (HKLM\...\KB2756822) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Windows XP Hotfix (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2476490) (HKLM\...\KB2476490) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2491683) (HKLM\...\KB2491683) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2507618) (HKLM\...\KB2507618) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Windows XP 安全性更新 (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Windows XP 安全性更新 (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2646524) (HKLM\...\KB2646524) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2705219-v2) (HKLM\...\KB2705219-v2) (Version: 2 - Microsoft Corporation)
Windows XP 安全性更新 (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2723135-v2) (HKLM\...\KB2723135-v2) (Version: 2 - Microsoft Corporation)
Windows XP 安全性更新 (KB2724197) (HKLM\...\KB2724197) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB2731847-v2) (HKLM\...\KB2731847-v2) (Version: 2 - Microsoft Corporation)
Windows XP 安全性更新 (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Windows XP 安全性更新 (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Windows XP 安全性更新 (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Windows XP 更新 (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Windows XP 更新 (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
新增或移除 Adobe Creative Suite 3 Design Premium (HKLM\...\Adobe_afe17c27394e4ecc2edd95162a8dba6) (Version: 1.0 - Adobe Systems Incorporated)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2008\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2008\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-793592983-989196123-2685349833-1131_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\AutoCAD\2008\32\AcrobatAcadIC.dbx (Adobe Systems Incorporated)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Documents and Settings\kelly\「開始」功能表\程式集\DigiWinVNC\移除DigiWinVNC.lnk -> C:\DigiWinVNC\uninstall.bat ()
Shortcut: C:\Documents and Settings\kelly\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.com
 
ShortcutWithArgument: C:\Documents and Settings\All Users\「開始」功能表\程式集\Skype\PChome & Skype 網站.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://skype.pchome.com.tw/
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-03 10:56 - 2009-07-03 10:56 - 00694656 _____ () D:\SmartERP\DSCPatchAgent.exe
2014-05-08 19:23 - 2014-05-08 19:23 - 00300032 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT
2014-05-08 19:23 - 2014-05-08 19:23 - 00019456 _____ () C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\zh_tw\Acrotray.cht
2015-10-13 09:01 - 2015-10-13 09:01 - 00089656 _____ () C:\Program Files\Tencent\QQIntl\Bin\zlib.dll
2015-10-13 09:01 - 2015-10-13 09:01 - 00138808 _____ () C:\Program Files\Tencent\QQIntl\Bin\libexpatw.dll
2015-10-13 09:01 - 2015-10-13 09:01 - 00159288 _____ () C:\Program Files\Tencent\QQIntl\Bin\libpng.dll
2015-10-13 09:01 - 2015-10-13 09:01 - 00286264 _____ () C:\Program Files\Tencent\QQIntl\Bin\libjpegturbo.dll
2015-10-13 09:01 - 2015-10-13 09:01 - 00155192 _____ () C:\Program Files\Tencent\QQIntl\Bin\lua.dll
2008-04-14 21:59 - 2008-04-14 21:59 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-09-07 09:22 - 2016-09-06 12:00 - 05197312 _____ () C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 09:22 - 2016-09-06 12:00 - 00147456 _____ () C:\Documents and Settings\kelly\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-793592983-989196123-2685349833-1131\Software\Classes\.scr: AutoCADScriptFile => "C:\WINDOWS\system32\notepad.exe" "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-793592983-989196123-2685349833-1131\...\dsc.com.tw -> dsc.com.tw
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 20:00 - 2012-10-24 13:27 - 00000765 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1 activate.adobe.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-793592983-989196123-2685349833-1131\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 172.16.1.3 - 172.16.1.1
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\DigiWinVNC\winvnc2.exe] => Enabled:DigiWinVNC
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Naver\LINE\Line.exe] => Enabled:LineApp
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\kelly\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe] => Enabled:QQSetupEX
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQ\Bin\QQ.exe] => Enabled:騰訊QQ2012
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQ\Bin\auclt.exe] => Enabled:QQUpdate
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQ\Bin\txupd.exe] => Enabled:QQUpdate2011
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQ\Bin\SetupEx\QQSetupEx.exe] => Enabled:SetupEX
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe] => Enabled:QzoneMusic
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQIntl\Bin\QQ.exe] => Enabled:QQ International
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Tencent\QQDownload\119\Tencentdl.exe] => Enabled:枆捅莉狟婥郪璃
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\DigiWinVNC\winvnc2.exe] => Enabled:DigiWinVNC
 
==================== Restore Points =========================
 
21-07-2016 18:26:08 系統檢查點
25-07-2016 10:23:11 系統檢查點
26-07-2016 12:47:10 系統檢查點
29-07-2016 12:18:03 系統檢查點
01-08-2016 14:26:14 系統檢查點
02-08-2016 15:27:22 系統檢查點
03-08-2016 16:09:26 系統檢查點
04-08-2016 17:21:39 系統檢查點
11-08-2016 13:52:50 系統檢查點
15-08-2016 14:32:07 系統檢查點
17-08-2016 11:44:36 已移除 ACDSee Pro 5。
17-08-2016 11:46:06 Removed IPTInstaller
18-08-2016 12:52:07 系統檢查點
19-08-2016 15:28:51 系統檢查點
22-08-2016 10:14:06 系統檢查點
23-08-2016 12:19:16 系統檢查點
24-08-2016 12:20:15 系統檢查點
30-08-2016 15:38:43 系統檢查點
01-09-2016 13:36:04 系統檢查點
02-09-2016 18:22:20 系統檢查點
05-09-2016 09:28:40 系統檢查點
06-09-2016 12:25:25 系統檢查點
08-09-2016 11:19:08 系統檢查點
09-09-2016 12:27:05 系統檢查點
10-09-2016 15:42:43 系統檢查點
12-09-2016 12:18:50 系統檢查點
13-09-2016 15:23:47 系統檢查點
19-09-2016 14:41:57 系統檢查點
19-09-2016 20:19:19 Norton_Power_Eraser_20160919201915874
21-09-2016 12:59:15 系統檢查點
22-09-2016 19:42:21 系統檢查點
26-09-2016 12:30:23 系統檢查點
27-09-2016 19:02:39 系統檢查點
29-09-2016 12:18:22 系統檢查點
30-09-2016 12:20:59 系統檢查點
04-10-2016 10:03:52 系統檢查點
05-10-2016 12:20:30 系統檢查點
12-10-2016 12:28:15 系統檢查點
17-10-2016 08:37:40 系統檢查點
18-10-2016 09:25:37 系統檢查點
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2016 02:23:38 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: 本機系統 自動憑證註冊無法連絡目錄伺服器 (0x8007052b)。無法更新密碼。您提供的目前密碼值錯誤。
  將不會執行註冊。
 
Error: (10/18/2016 02:23:33 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 01:42:07 PM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 11:51:04 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 10:02:02 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 08:27:00 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 08:21:52 AM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: 本機系統 自動憑證註冊無法連絡目錄伺服器 (0x8007052b)。無法更新密碼。您提供的目前密碼值錯誤。
  將不會執行註冊。
 
Error: (10/18/2016 06:36:57 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 04:56:55 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
Error: (10/18/2016 03:26:52 AM) (Source: Userenv) (EventID: 1053) (User: NT AUTHORITY)
Description: Windows 無法判定使用者或電腦名稱。(存取被拒。 )。群組原則處理已中止。
 
 
System errors:
=============
Error: (10/18/2016 02:24:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/17/2016 08:23:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/14/2016 05:54:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/14/2016 08:48:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/13/2016 08:22:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/12/2016 08:55:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/11/2016 08:51:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/07/2016 08:52:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
Error: (10/06/2016 06:03:00 PM) (Source: DCOM) (EventID: 10010) (User: MISUMI)
Description: 伺服器 {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} 沒有在指定的等候逾時內登錄 DCOM。
 
Error: (10/06/2016 09:05:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Symantec pcAnywhere Host Service 服務無法啟動,因為發生下列錯誤: 
系統找不到指定的路徑。
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 39%
Total physical RAM: 2794.23 MB
Available physical RAM: 1697.6 MB
Total Virtual: 4682.14 MB
Available Virtual: 3383.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.65 GB) (Free:67.44 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (本機磁碟) (Fixed) (Total:368.1 GB) (Free:359.07 GB) NTFS
Drive h: () (Network) (Total:5588.91 GB) (Free:2921.38 GB) 
Drive i: () (Network) (Total:5588.91 GB) (Free:2921.38 GB) 
Drive x: () (Network) (Total:1761.71 GB) (Free:1727.85 GB) 
Drive y: () (Network) (Total:5588.91 GB) (Free:2921.38 GB) 
Drive z: () (Network) (Total:5588.91 GB) (Free:2921.38 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 88F388F3)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368.1 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 
 
Kind regards,
Hetty


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 23 October 2016 - 09:03 AM

Greetings Hetty,

Let me take a peek at this one.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 23 October 2016 - 02:33 PM

Hi Hetty,

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Toolbar: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
CHR HKU\S-1-5-21-793592983-989196123-2685349833-1131\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\kelly\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
S2 awhost32; "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
2016-09-23 08:51 - 2016-09-23 08:51 - 00000340 _____ C:\Documents and Settings\All Users\Application Data\SMRResults501.dat
File: C:\Documents and Settings\kelly\Local Settings\Temp\tmpC.tmp.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 m618

m618
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 24 October 2016 - 12:42 AM

Hi Gary,

 

I will be doing that one day later. As soon as I get to pc3 I will run fixlist and post it quickly.

 

Hetty



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 24 October 2016 - 08:40 AM

No problem Hetty, thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 m618

m618
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 27 October 2016 - 05:45 AM

Dear Gary,

 

Fixlog.txt  (after running fixlist.txt on FRST.exe)

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 26-10-2016
Ran by 606a (27-10-2016 18:42:53) Run:1
Running from C:\Documents and Settings\kelly\桌面
Loaded Profiles: 606a (Available Profiles: user & Administrator & 606a)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Toolbar: HKU\S-1-5-21-793592983-989196123-2685349833-1131 -> No 
 
Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
CHR HKU\S-1-5-21-793592983-989196123-2685349833-1131
 
\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: 
 
[apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\kelly\LOCALS~1
 
\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
S2 awhost32; "C:\Program Files\Symantec\pcAnywhere\awhost32.exe" [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
2016-09-23 08:51 - 2016-09-23 08:51 - 00000340 _____ C:\Documents and 
 
Settings\All Users\Application Data\SMRResults501.dat
File: C:\Documents and Settings\kelly\Local Settings\Temp\tmpC.tmp.exe
*****************
 
HKU\S-1-5-21-793592983-989196123-2685349833-1131
 
\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-
 
154A-4066-A1AD-4243D8127440} => value removed successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not 
 
found. 
"HKU\S-1-5-21-793592983-989196123-2685349833-1131
 
\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => 
 
key removed successfully.
awhost32 => service not found.
IntelIde => service removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\All Users\Application Data\SMRResults501.dat => 
 
moved successfully
 
========================= File: C:\Documents and Settings\kelly\Local 
 
Settings\Temp\tmpC.tmp.exe ========================
 
File is digitally signed
MD5: FE072131503986D78CEC5D74D29734B5
Creation and modification date: 2016-03-17 20:22 - 2016-03-17 20:22
Size: 7849808
Attributes: ----A
Company Name: http://ohsoft.net/                                          
Internal Name: 
Original Name: 
Product: oCam                                                        
Description: oCam Setup                                                  
File Version: 212.0               
Product Version: 212.0                                             
Copyright:                                                                                                     
 
====== End of File: ======
 
 
==== End of Fixlog 18:42:54 ====
 
 
Kind regards,
Hetty


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 27 October 2016 - 09:01 AM

Hi Hetty,

The tmpC.tmp.exe is a legitimate installation file and is related to Ocam.

Everything else looks good. Do you have any other concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 m618

m618
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 28 October 2016 - 11:40 AM

Dear Gary,

 

I have a question, I am not sure if it is coincidence.

After running fixlist.txt on this pc3, next morning all computers in the office couldn't connect to the server; cannot use internet, or access shared folder.

The server internet connection was disconnected, so couldn't connect with the IP sharing device/hub/router (I am not sure what it's called).

 

Is there some key or code which I removed by accident ?

 

Kind regards,

Hetty


Edited by m618, 28 October 2016 - 11:46 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 28 October 2016 - 12:31 PM

According to the Fixlist results nothing removed was related to the issue you are experiencing. There is only one thing that was removed, all the other entries were orphaned entries. And the below file is routinely removed without adverse effect:

C:\Documents and Settings\All Users\Application Data\SMRResults501.dat


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 31 October 2016 - 09:45 PM

Hi Hetty,

Are we all set?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 m618

m618
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 31 October 2016 - 11:05 PM

Hi Gary,

 

Yap, we are all set. Thank you very much.

 

Kind regards,

Hetty



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 01 November 2016 - 08:08 AM

:thumbsup2:

Very good, good luck Hetty.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:28 AM

Posted 01 November 2016 - 08:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users