[sunriseg]

My computer had Trojans and virus several days ago. Its start button icon changed, control panel did not work well, and I can not recovery my system using the control panel. I can not connect to the internet. The amount in my trading account was changed. I am using AVAST ANTIvirus.I have tried Malwarebytes Anti-Malware,IObit Security 360, SuperAntiSpyware Free Edition and SREng. In SREng Registry, the AppInit _Dlls changed frequently.

Can anybody help me to solve this problem? Do I need to reinstall my WIN7? here is the picture.




OTL logfile created on: 5/4/2011 12:52:34 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = G:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.94 Gb Total Space | 364.98 Gb Free Space | 80.40% Space Free | Partition Type: NTFS
Drive G: | 3.76 Gb Total Space | 0.34 Gb Free Space | 8.97% Space Free | Partition Type: FAT32

Computer Name: VG-PC | User Name: vg | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\vg\AppData\Local\Temp\SREFDDE.EXE (Smallfrogs Studio)
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Users\vg\Desktop\SREngLdr.EXE (Smallfrogs Studio)
PRC - C:\Program Files (x86)\Kingsoft\KSM\ksmsvc.exe ()


========== Modules (SafeList) ==========

MOD - G:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (KxEUpSrv) -- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\upsvc.exe (Kingsoft Corporation)
SRV - (kxescore) -- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe (Kingsoft Corporation)
SRV - (kxesapp) -- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe (Kingsoft Corporation)
SRV - (WIND. RunOuc) -- C:\Program Files (x86)\WIND\UpdateDog\ouc.exe ()
SRV - (Kingsoft Rescue Service) -- C:\Program Files (x86)\Kingsoft\KSM\ksmsvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
SRV - (IS360service) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (QBFCService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (kisknl) -- C:\Windows\SysNative\drivers\kisknl.sys (Kingsoft Corporation)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (TS_AR5416) -- C:\Windows\SysNative\drivers\ts_athwx.sys (TamoSoft)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (BC) -- C:\Windows\system32\Drivers\BC.sys (Kingsoft Corporation)
DRV - (kisknl) -- C:\Windows\SysWOW64\drivers\kisknl.sys (Kingsoft Corporation)
DRV - (KAVBootC) -- C:\Windows\system32\drivers\KAVBootC64.sys (Kingsoft Corporation)
DRV - (ksapi) -- C:\Windows\SysWOW64\drivers\ksapi.sys (Kingsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...g8z1l5t4841t037
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...g8z1l5t4841t037
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchcust.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://urlseek.vmn.n...buzzer1_0dn&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/03/24 23:11:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/27 10:33:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/27 10:33:02 | 000,000,000 | ---D | M]

[2010/04/23 11:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vg\AppData\Roaming\Mozilla\Extensions
[2010/04/23 11:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vg\AppData\Roaming\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66}
[2010/01/21 13:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vg\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/04/27 10:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vg\AppData\Roaming\Mozilla\Firefox\Profiles\mkjf48xc.default\extensions
[2011/04/27 10:33:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\vg\AppData\Roaming\Mozilla\Firefox\Profiles\mkjf48xc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/02 23:44:39 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\vg\AppData\Roaming\Mozilla\Firefox\Profiles\mkjf48xc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/04/27 10:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/27 10:33:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/02/19 21:38:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/12 20:09:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/04/05 08:43:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010/05/12 10:35:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/10 01:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/12 11:32:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/15 11:37:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/04/27 10:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/04/27 10:33:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) --
[2011/03/24 23:11:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2010/01/01 04:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/08/24 05:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/11/12 14:59:01 | 000,536,424 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInstall.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/26 23:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2011/04/14 03:39:02 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010/09/17 15:00:12 | 000,305,152 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npuuseep.dll
[2010/01/01 04:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/01/01 04:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/01/01 04:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/01/01 04:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (谷歌金山词霸for IE) - {A28581A7-E2A8-4b6c-9CC9-4A4CC1EFD55A} - C:\Program Files (x86)\Kingsoft\PowerWord PE\SelectForIE.dll (Kingsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe ()
O4 - HKLM..\Run: [kxesc] C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxetray.exe (Kingsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm ()
O8:64bit: - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用UUSee下载 - C:\Program Files (x86)\uusee\geturltodown.htm ()
O8 - Extra context menu item: 使用UUSee加速播放 - C:\Program Files (x86)\uusee\geturltoplay.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra 'Tools' menuitem : 小游戏 - {998A88A0-A355-809B-831C-B83A80000991} - File not found
O9 - Extra Button: 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra 'Tools' menuitem : 启动UUSee 网络电视 - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files (x86)\uusee\UUSeePlayer.exe ()
O9 - Extra Button: 金山词霸 - {9D5CCDC3-545F-4418-8AEC-9CD2773B4861} - C:\Program Files (x86)\Kingsoft\PowerWord PE\SelectForIE.dll (Kingsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cfca.com.cn ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cmbc.com.cn ([business] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cmbc.com.cn ([ebank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cmbc.com.cn ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {6178846D-4F46-42F6-987D-D885AB4AB673} http://www.cmbc.com....AccessAgent.cab (Access Class 2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: FxvtCab https://business.cmb...FxvtAUTDCab.CAB (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\UserInit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/02 12:14:58 | 002,355,394 | ---- | M] () - G:\AutorunRemover.zip -- [ FAT32 ]
O32 - AutoRun File - [2011/05/03 00:20:30 | 002,313,507 | ---- | M] () - G:\AutoGuarder2.3.7.350.exe -- [ FAT32 ]
O32 - AutoRun File - [2011/05/03 12:24:32 | 000,620,972 | ---- | M] () - G:\Autoruns.zip -- [ FAT32 ]
O33 - MountPoints2\{6dd85737-69be-11e0-be66-0c6076324189}\Shell - "" = AutoRun
O33 - MountPoints2\{6dd85737-69be-11e0-be66-0c6076324189}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6dd85745-69be-11e0-be66-0c6076324189}\Shell - "" = AutoRun
O33 - MountPoints2\{6dd85745-69be-11e0-be66-0c6076324189}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/01/01 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\Garsworld
[2011/05/03 19:17:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2011/05/03 19:17:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2011/05/03 19:17:49 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows木马清道夫
[2011/05/03 19:17:43 | 000,000,000 | ---D | C] -- C:\ftc2010
[2011/05/03 18:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\KRSHistory
[2011/05/03 18:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ksrbm
[2011/05/03 18:43:44 | 000,055,704 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\ksapi.sys
[2011/05/03 18:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山急救箱
[2011/05/03 15:38:27 | 003,404,136 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\vg\Desktop\procexp.exe
[2011/05/03 14:16:57 | 000,175,208 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2011/05/03 14:16:57 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\KAVBootC64.sys
[2011/05/03 14:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸 2011
[2011/05/03 14:16:50 | 000,000,000 | RH-D | C] -- C:\KRECYCLE
[2011/05/03 14:16:40 | 000,017,000 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kcrushersys.sys
[2011/05/03 14:16:05 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\BC.sys
[2011/05/03 14:16:02 | 000,175,208 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kisknl64.sys
[2011/05/03 14:16:02 | 000,125,544 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kisknl.sys
[2011/05/03 14:16:02 | 000,060,008 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kavsafe.sys
[2011/05/03 14:16:02 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kavbootc64.sys
[2011/05/03 14:16:02 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kavbootc.sys
[2011/05/03 14:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Kingsoft
[2011/05/03 14:15:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\nsklog
[2011/05/03 14:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2011/05/03 02:20:20 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Users\vg\Desktop\SREngLdr.EXE
[2011/05/02 19:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover
[2011/05/02 19:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutorunRemover
[2011/05/01 10:49:34 | 000,000,000 | ---D | C] -- C:\Users\vg\Documents\Simply Super Software
[2011/05/01 10:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011/05/01 10:48:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2011/05/01 10:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2011/05/01 10:48:45 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\Simply Super Software
[2011/05/01 10:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/04/30 10:53:32 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\Malwarebytes
[2011/04/30 10:53:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/30 10:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 10:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/30 10:53:11 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/30 10:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/29 19:46:00 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\{D39E13EA-C34F-48C0-A544-DAD4E3E43397}
[2011/04/28 18:39:26 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/28 18:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/28 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/04/28 18:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/28 18:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/28 17:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Security 360
[2011/04/28 17:50:32 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\IObit
[2011/04/28 17:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/04/28 17:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/04/28 15:45:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/27 22:14:56 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 22:14:55 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 22:14:52 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 22:14:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 22:14:33 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/27 22:14:32 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/27 22:14:32 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/27 22:14:32 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/27 22:14:32 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/27 22:14:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/27 22:14:31 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 22:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 22:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/26 17:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2011/04/26 17:00:52 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\Tencent
[2011/04/26 16:40:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2011/04/26 16:38:50 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[2011/04/26 16:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2011/04/26 16:38:15 | 000,000,000 | ---D | C] -- C:\Users\vg\Documents\Tencent Files
[2011/04/26 16:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2011/04/26 16:31:53 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\Tencent
[2011/04/26 09:35:09 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/04/26 09:33:27 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\acaptuser32.dll
[2011/04/26 09:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineUpdate
[2011/04/26 09:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\log
[2011/04/25 15:30:26 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/25 15:30:26 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/25 15:30:26 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/25 15:30:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/25 15:30:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/25 15:30:26 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/25 15:30:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/25 15:30:26 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/25 15:30:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/25 15:30:26 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/25 15:30:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/25 15:30:26 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/25 15:30:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/25 15:30:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/25 15:30:26 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/25 15:30:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/25 15:30:26 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/25 15:30:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/25 15:30:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/25 15:30:26 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/25 15:30:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/25 15:30:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/25 15:30:26 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/25 15:30:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/25 15:30:26 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/25 15:30:26 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/25 15:30:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/25 15:30:26 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/25 15:30:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/25 15:30:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/25 15:30:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/25 15:30:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/25 15:30:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/25 15:30:26 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/25 15:30:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/25 15:30:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/25 15:30:26 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/25 15:30:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/25 15:30:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/25 15:30:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/25 15:30:25 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/25 15:30:25 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/25 15:30:25 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/25 15:30:25 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/25 15:30:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/25 15:30:25 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/25 15:30:25 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/25 15:30:25 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/25 15:30:25 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/25 15:30:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/25 15:30:25 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/25 15:30:25 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/25 15:30:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/25 15:30:25 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/25 15:30:25 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/25 15:30:25 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/25 15:30:25 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/25 15:30:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/25 15:30:25 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/25 15:30:25 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/25 15:30:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/25 15:30:25 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/25 15:30:25 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/25 15:30:25 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/25 15:30:25 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/25 15:30:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/25 15:30:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/25 15:30:25 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/25 15:30:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/25 15:30:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/25 15:30:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/25 15:30:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/25 15:30:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/25 15:30:24 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/25 15:30:24 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/25 15:30:24 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/25 15:30:24 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/25 15:30:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/24 21:04:08 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\AMD
[2011/04/24 21:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/04/24 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/04/24 21:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/04/24 21:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/04/24 21:02:49 | 000,046,136 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdiox64.sys
[2011/04/24 21:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/04/24 21:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/04/24 20:08:44 | 000,000,000 | ---D | C] -- C:\ATI
[2011/04/24 11:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIND
[2011/04/24 11:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WIND
[2011/04/24 11:15:10 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2011/04/24 11:15:10 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01007.dll
[2011/04/24 11:15:10 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2011/04/24 11:15:10 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2011/04/24 11:15:10 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2011/04/24 11:15:09 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2011/04/24 11:15:09 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2011/04/24 11:15:00 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2011/04/24 11:15:00 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011/04/24 11:15:00 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011/04/24 11:15:00 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011/04/24 11:15:00 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2011/04/24 11:14:46 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2011/04/24 11:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WIND
[2011/04/24 11:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2011/04/20 18:16:04 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Roaming\TTPlayer
[2011/04/20 17:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WirelessMon
[2011/04/20 17:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2011/04/20 17:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WirelessMon
[2011/04/17 19:09:58 | 000,000,000 | ---D | C] -- C:\Users\vg\Documents\CommView for WiFi
[2011/04/17 19:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi
[2011/04/17 19:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CommViewWiFi
[2011/04/17 18:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2011/04/14 10:24:32 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/14 10:24:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/14 10:24:25 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 10:24:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 10:24:24 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 10:24:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 10:24:19 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 10:24:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 10:24:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 10:24:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 10:23:31 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 10:23:31 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/14 10:23:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/14 10:23:25 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/14 10:23:25 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/14 10:23:25 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/14 10:23:25 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 10:23:24 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/14 10:23:24 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 10:23:24 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 10:23:22 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/11 10:17:15 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\{205C7C21-0A6E-48FF-AE63-F65EA383D0A9}
[2011/04/07 22:01:24 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\{1C6EEEDE-6BB8-470B-BD13-A5F3EA219E3A}
[2011/04/05 10:14:51 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\{F1C2ADB9-D97A-47FD-8B77-B6DA40B07504}
[2011/04/04 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\vg\AppData\Local\{D30E2A00-C5CA-40A1-A4A9-8815AA06D4CC}

========== Files - Modified Within 30 Days ==========

[2011/05/04 00:54:30 | 007,340,032 | -HS- | M] () -- C:\Users\vg\NTUSER.DAT
[2011/05/03 20:48:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 20:47:43 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/03 20:45:02 | 000,992,153 | -H-- | M] () -- C:\Users\vg\AppData\Local\IconCache.db
[2011/05/03 20:43:25 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 20:43:25 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 20:30:14 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2011/05/03 19:17:49 | 000,000,637 | ---- | M] () -- C:\Users\vg\Desktop\Windows木马防火墙.lnk
[2011/05/03 19:17:49 | 000,000,632 | ---- | M] () -- C:\Users\vg\Desktop\Windows木马清道夫.lnk
[2011/05/03 18:43:42 | 000,001,041 | ---- | M] () -- C:\Users\vg\Application Data\Microsoft\Internet Explorer\Quick Launch\金山急救箱.lnk
[2011/05/03 18:43:42 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\金山急救箱.lnk
[2011/05/03 14:16:52 | 000,000,210 | -HS- | M] () -- C:\kisinstall.dat
[2011/05/03 14:16:51 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\金山毒霸.lnk
[2011/05/02 23:36:56 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\BC.sys
[2011/05/02 23:36:54 | 000,175,208 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kisknl64.sys
[2011/05/02 23:36:54 | 000,175,208 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys
[2011/05/02 23:36:54 | 000,125,544 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kisknl.sys
[2011/05/02 23:36:52 | 000,060,008 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kavsafe.sys
[2011/05/02 23:36:52 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kavbootc64.sys
[2011/05/02 23:36:52 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\KAVBootC64.sys
[2011/05/02 23:36:52 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kavbootc.sys
[2011/05/02 23:34:28 | 000,017,000 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\kcrushersys.sys
[2011/05/02 21:39:04 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/30 13:54:52 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/04/30 13:54:36 | 000,735,230 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/30 13:54:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/30 13:54:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/30 10:53:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/29 22:54:53 | 000,000,632 | RHS- | M] () -- C:\Users\vg\ntuser.pol
[2011/04/29 09:30:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-258031522-2802489455-3944949291-1001UA.job
[2011/04/29 09:30:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 18:39:13 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 17:50:33 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2011/04/28 12:01:42 | 000,000,309 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/04/28 10:15:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-258031522-2802489455-3944949291-1001Core.job
[2011/04/28 09:39:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 08:53:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/04/27 10:33:43 | 000,002,052 | ---- | M] () -- C:\Users\vg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 10:33:07 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/26 16:38:50 | 000,002,229 | ---- | M] () -- C:\Users\vg\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/04/26 16:37:12 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2011/04/25 15:59:48 | 000,001,441 | ---- | M] () -- C:\Users\vg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/25 15:30:26 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/04/25 15:30:26 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/04/25 15:30:26 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/04/25 15:30:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/25 15:30:26 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/25 15:30:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/04/25 15:30:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/25 15:30:26 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2011/04/25 15:30:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/04/25 15:30:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/04/25 15:30:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2011/04/25 15:30:26 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/04/25 15:30:26 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/25 15:30:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/04/25 15:30:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/04/25 15:30:26 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2011/04/25 15:30:26 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/04/25 15:30:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/04/25 15:30:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/04/25 15:30:26 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/04/25 15:30:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/04/25 15:30:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/25 15:30:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/04/25 15:30:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/04/25 15:30:26 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/04/25 15:30:26 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/04/25 15:30:26 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/04/25 15:30:26 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/04/25 15:30:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/04/25 15:30:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/04/25 15:30:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/04/25 15:30:26 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/25 15:30:26 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/25 15:30:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/04/25 15:30:26 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/04/25 15:30:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/04/25 15:30:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/04/25 15:30:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2011/04/25 15:30:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/04/25 15:30:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/25 15:30:26 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/25 15:30:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/04/25 15:30:25 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/04/25 15:30:25 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/04/25 15:30:25 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/25 15:30:25 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/04/25 15:30:25 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/04/25 15:30:25 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/25 15:30:25 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/04/25 15:30:25 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/04/25 15:30:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/25 15:30:25 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/04/25 15:30:25 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/04/25 15:30:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/04/25 15:30:25 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/04/25 15:30:25 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/04/25 15:30:25 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/04/25 15:30:25 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/25 15:30:25 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/04/25 15:30:25 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/04/25 15:30:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/04/25 15:30:25 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/04/25 15:30:25 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/04/25 15:30:25 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/04/25 15:30:25 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/04/25 15:30:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/04/25 15:30:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/04/25 15:30:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/25 15:30:25 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/04/25 15:30:25 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/04/25 15:30:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/04/25 15:30:25 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/04/25 15:30:25 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/25 15:30:25 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/04/25 15:30:25 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/25 15:30:24 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/25 15:30:24 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/25 15:30:24 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/04/25 15:30:24 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/04/25 15:30:24 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/24 11:17:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/24 11:15:47 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\WIND.lnk
[2011/04/24 11:15:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/04/24 11:14:23 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2011/04/24 11:14:23 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2011/04/24 11:14:23 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2011/04/24 11:14:22 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011/04/24 11:14:22 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011/04/24 11:14:22 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2011/04/24 11:14:22 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2011/04/24 11:14:22 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2011/04/24 11:14:22 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2011/04/24 11:14:22 | 000,032,768 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011/04/24 11:14:22 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2011/04/24 11:14:21 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2011/04/24 11:14:21 | 001,490,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01007.dll
[2011/04/23 20:12:16 | 000,055,704 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysWow64\drivers\ksapi.sys
[2011/04/20 18:16:03 | 000,002,040 | ---- | M] () -- C:\Users\vg\Desktop\千千静听.lnk
[2011/04/20 17:35:55 | 000,001,047 | ---- | M] () -- C:\Users\vg\Desktop\WirelessMon.lnk
[2011/04/17 19:09:46 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\CommView for WiFi.lnk
[2011/04/15 18:58:35 | 004,938,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/05/03 20:45:02 | 000,992,153 | -H-- | C] () -- C:\Users\vg\AppData\Local\IconCache.db
[2011/05/03 19:17:49 | 000,000,637 | ---- | C] () -- C:\Users\vg\Desktop\Windows木马防火墙.lnk
[2011/05/03 19:17:49 | 000,000,632 | ---- | C] () -- C:\Users\vg\Desktop\Windows木马清道夫.lnk
[2011/05/03 18:43:42 | 000,001,041 | ---- | C] () -- C:\Users\vg\Application Data\Microsoft\Internet Explorer\Quick Launch\金山急救箱.lnk
[2011/05/03 18:43:42 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\金山急救箱.lnk
[2011/05/03 14:16:52 | 000,000,210 | -HS- | C] () -- C:\kisinstall.dat
[2011/05/03 14:16:51 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\金山毒霸.lnk
[2011/05/02 19:39:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2011/05/01 10:48:47 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/05/01 10:48:47 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/05/01 10:48:47 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/05/01 10:48:47 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/04/30 13:54:36 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/30 13:45:07 | 000,002,150 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/04/30 10:53:15 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 18:39:13 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/28 17:50:33 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2011/04/27 10:33:07 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/26 16:38:50 | 000,002,229 | ---- | C] () -- C:\Users\vg\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2011/04/26 16:37:12 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2011/04/25 15:30:26 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/04/25 15:30:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/04/24 11:15:46 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\WIND.lnk
[2011/04/24 11:15:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/04/20 17:35:55 | 000,001,047 | ---- | C] () -- C:\Users\vg\Desktop\WirelessMon.lnk
[2011/04/17 19:09:46 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\CommView for WiFi.lnk
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/03 14:40:04 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2011/02/08 16:54:41 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/02/08 16:54:41 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/02/08 16:54:40 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2011/02/08 16:54:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011/02/08 16:49:45 | 000,000,309 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/02/08 16:39:46 | 000,135,208 | ---- | C] () -- C:\Windows\hpoins37.dat
[2011/02/08 16:39:46 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2010/11/22 05:19:07 | 000,000,132 | ---- | C] () -- C:\Users\vg\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/11/22 05:09:23 | 000,000,132 | ---- | C] () -- C:\Users\vg\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/10 22:29:27 | 000,000,032 | ---- | C] () -- C:\Windows\McLiCaiConfig.ini
[2010/05/05 15:43:02 | 000,000,000 | ---- | C] () -- C:\Users\vg\AppData\Roaming\wklnhst.dat
[2010/04/23 10:20:38 | 000,002,083 | ---- | C] () -- C:\Windows\SysWow64\Uninstall.ini
[2010/03/10 10:13:51 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/03/10 10:13:50 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2010/02/19 21:53:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/16 16:30:33 | 000,000,009 | ---- | C] () -- C:\Users\vg\AppData\Roaming\pwpe_wiki_ini.conf
[2010/02/10 02:42:12 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/01/15 17:14:16 | 000,064,349 | ---- | C] () -- C:\Windows\SysWow64\Uninstall.exe
[2010/01/15 15:55:22 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\HidWnd.exe
[2009/12/03 12:00:14 | 000,212,992 | ---- | C] () -- C:\Windows\TdxUnInstall.exe
[2009/11/30 12:51:28 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009/11/29 10:22:52 | 000,091,696 | ---- | C] () -- C:\Users\vg\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/22 15:07:56 | 000,350,896 | ---- | C] () -- C:\Windows\SysWow64\CFCACertKitAx.dll
[2009/10/15 05:25:47 | 000,001,005 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/10/15 05:10:13 | 000,001,229 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2009/10/15 04:47:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/10/15 04:47:04 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/10/15 04:47:04 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/10/15 04:47:04 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009/09/15 16:02:16 | 000,001,633 | ---- | C] () -- C:\Windows\SysWow64\license.dll
[2009/08/22 02:01:04 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/08/22 02:01:04 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/08/22 02:01:02 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009/08/22 02:01:02 | 000,000,169 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/08/22 02:01:02 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/08/22 01:08:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,435 | ---- | C] () -- C:\Windows\win.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/04 05:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\nsis_loader.dll
[2006/09/13 07:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\gtapi.dll
[2006/02/16 15:27:32 | 000,368,128 | ---- | C] () -- C:\Windows\SysWow64\libpemp12.dll
[2006/02/16 15:27:32 | 000,278,617 | ---- | C] () -- C:\Windows\SysWow64\RSA.dll
[2005/01/30 12:42:58 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\accessagent2.dll
[2005/01/30 12:42:56 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\rtplib2.dll
[2005/01/30 12:42:54 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\cttcodec2.dll

========== LOP Check ==========

[2011/01/02 13:28:59 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\BitComet
[2010/06/15 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\CCTV
[2010/10/06 11:01:46 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/03 23:53:53 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\CibaInfo
[2010/07/16 12:12:20 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\FLVPlayer4Free
[2010/03/20 15:17:33 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\FrostWire
[2013/01/01 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Garsworld
[2011/04/21 19:59:20 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Gizmo
[2009/12/06 17:55:50 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\GrabPro
[2011/04/28 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\IObit
[2010/06/18 12:28:46 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\kingsoft
[2010/01/19 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\OpenOffice.org
[2010/08/25 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Opera
[2011/04/28 23:29:58 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Orbit
[2009/12/10 15:12:01 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\PowerCinema
[2011/02/05 17:21:28 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\PPStream
[2010/04/23 11:55:58 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Scendix Software
[2011/05/01 10:48:45 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Simply Super Software
[2009/12/10 15:12:14 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\SoftDMA
[2010/10/07 20:28:43 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/05 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Template
[2011/04/26 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Tencent
[2011/04/20 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\TTPlayer
[2010/07/13 13:37:18 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\uTorrent
[2010/04/01 08:40:55 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Vbuzzer Messenger
[2010/12/10 01:00:51 | 000,000,000 | ---D | M] -- C:\Users\vg\AppData\Roaming\Windows Live Writer
[2010/03/14 19:00:59 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by sunriseg, 04 May 2011 - 04:09 PM.

[Advertisements]

NEED HELP!!!

I just copied and pasted OTL.

[sunriseg]

NEED HELP!!!

I just copied and pasted OTL.

[Salagubang]

Hi sunriseg,

My is Salagubang and Welcome to GeekstoGo.

Sorry for the delay.

The amount in my trading account was changed.

This is serious as you may have a backdoor infection. Though the infection can be identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted.

If you do decide to attempt cleaning rather than a reformat, do understand that although we may be able to remove all known visible malware, we cannot guarantee that unknown and unseen malware will have been removed, nor will your system be restored to its re-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damages it may possibly have caused to vital system files.

Should you have any questions, please feel free to ask.
Please let me know what you have decided to do in your next post.

[Salagubang]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.