Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Backdoor-Win32/IRCbot.gen!K

Started by Sam Cheow , Apr 17 2012 03:58 AM

  • Please log in to reply

#1
Sam Cheow
Posted 17 April 2012 - 03:58 AM

Sam Cheow

    Member

  • Member
  • PipPip
  • 10 posts
These few days recently, everytime the computer boot, I will receive about the Windows Defender message about the removal of -"Backdoor-Win32/IRCbot.gen!K"- things. I perform the "remove" in Windows Defender, but the message will still appear everytime boots after the removal. Clearly it doesn't remove the thing, and from google search it suppose to be a backdoor trojan.

So the problem I facing is such as these:
1, my computer start to lag, browser loading speed is inconsistent (on Google.com it will sometime load and sometime doesn't load at all)
2, from task manager, there are alot unknown processes being run, with it description stating that it's of "hitachi phone dialer"
3, the RAM speed has obvious decrease, even a small game I usually play will experience spike lag ( i know the term is for internet-base software, but my experience the game tells me something like that)

That's all, hope you guys can help out!

Here's the log from OTL:

=====================================================================================================================================

OTL logfile created on: 17/4/2012 5:36:57 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

1.74 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.37% Memory free
3.48 Gb Paging File | 1.74 Gb Available in Paging File | 50.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.04 Gb Total Space | 307.08 Gb Free Space | 68.23% Space Free | Partition Type: NTFS
Drive E: | 931.48 Gb Total Space | 853.30 Gb Free Space | 91.61% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 17:36:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2012/04/17 16:48:36 | 000,040,448 | ---- | M] (hitachi corp.) -- C:\Users\user\AppData\Roaming\F060.tmp
PRC - [2012/04/17 16:48:29 | 000,040,448 | ---- | M] (hitachi corp.) -- C:\Users\user\AppData\Roaming\D3BB.tmp
PRC - [2012/04/17 16:48:19 | 000,040,448 | ---- | M] (hitachi corp.) -- C:\Users\user\AppData\Roaming\AD08.tmp
PRC - [2012/04/17 16:47:57 | 000,117,848 | ---- | M] () -- C:\Users\user\AppData\Roaming\590D.tmp
PRC - [2012/04/17 16:47:40 | 000,017,920 | ---- | M] (lastFiret) -- C:\Users\user\AppData\Roaming\13B3.tmp
PRC - [2012/04/17 16:47:11 | 000,040,448 | ---- | M] (hitachi corp.) -- C:\Users\user\AppData\Roaming\A2B8.tmp
PRC - [2012/04/17 16:47:02 | 000,040,448 | ---- | M] (hitachi corp.) -- C:\Users\user\AppData\Roaming\7FFB.tmp
PRC - [2012/04/17 16:46:34 | 000,040,448 | ---- | M] (hitachi corp.) -- C:\Users\user\AppData\Roaming\1370.tmp
PRC - [2012/04/12 10:39:18 | 000,980,832 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/01/05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 14:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/09/18 23:54:38 | 000,100,864 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Rainmeter.exe
PRC - [2011/01/01 12:05:26 | 001,029,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/01/01 12:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/01 12:05:26 | 000,289,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/12/24 06:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/24 06:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/12/10 14:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010/09/28 11:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/18 08:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/18 08:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/04 12:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 12:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/04 06:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 06:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\Program Files (x86)\PPStream\PPSAP.exe
PRC - [2010/01/29 08:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 21:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/17 16:47:57 | 000,117,848 | ---- | M] () -- C:\Users\user\AppData\Roaming\590D.tmp
MOD - [2012/04/14 15:21:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/14 15:20:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/14 15:19:48 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/04/12 14:51:55 | 008,743,584 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MOD - [2012/04/12 14:51:55 | 008,743,584 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\APPLIC~1\180102~1.162\gcswf32.dll
MOD - [2012/03/26 15:55:39 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/03/26 15:13:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/03/26 15:12:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/03/26 15:12:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/26 15:11:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/26 15:11:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/03/26 15:11:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/03/19 18:52:36 | 000,171,520 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
MOD - [2012/01/05 14:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/09/18 23:55:18 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Plugins\Win7AudioPlugin.dll
MOD - [2011/09/18 23:55:16 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Plugins\WifiStatus.dll
MOD - [2011/09/18 23:55:14 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Plugins\RecycleManager.dll
MOD - [2011/09/18 23:54:56 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Plugins\SysInfo.dll
MOD - [2011/09/18 23:54:50 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Plugins\PowerPlugin.dll
MOD - [2011/09/18 23:54:46 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Plugins\PerfMon.dll
MOD - [2011/09/18 23:54:38 | 000,100,864 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Rainmeter.exe
MOD - [2011/09/18 23:54:36 | 000,625,152 | ---- | M] () -- C:\Program Files (x86)\Rainmeter\Rainmeter.dll
MOD - [2010/12/24 06:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/24 06:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/30 02:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 08:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/15 18:35:45 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/04/01 18:39:22 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/12/22 18:03:38 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 15:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2011/01/01 12:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/12/31 07:04:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/28 10:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/08/31 11:10:08 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 12:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/04 06:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/04 06:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/01/08 21:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 07:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/08/19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/31 07:38:55 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2010/12/31 07:38:55 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2010/12/31 07:38:55 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/09 10:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/23 01:47:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/31 10:54:18 | 000,297,320 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/08/31 10:54:18 | 000,273,768 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/31 10:54:18 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/08/31 10:54:18 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/08/31 10:54:18 | 000,057,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/08/31 10:54:18 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/08/31 10:54:18 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/08/30 20:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/26 04:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/25 09:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/10 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/05/12 10:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/12 16:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/04 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/20 10:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/11 04:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/10/17 17:00:00 | 000,179,768 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2008/10/17 17:00:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/17 17:00:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.155.com/?id=2012
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{8B10530D-6D80-4BEC-A5E6-CE120105C6D7}: "URL" = http://www.baidu.com...d={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:5.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.1
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..keyword.URL: "http://www.baidu.com...=dealio_dg&wd="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(885).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 18:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 18:17:22 | 000,000,000 | ---D | M]

[2011/05/23 02:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/04/14 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions
[2011/11/12 15:26:47 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2012/01/23 17:26:44 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/14 17:58:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/23 19:13:04 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2012/03/14 20:01:06 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012/03/14 20:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/26 03:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/05 19:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/07/18 19:17:53 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/06/08 15:13:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/06/08 15:12:55 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/07/18 19:17:52 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/04/14 21:51:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/04/14 21:51:44 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2010/09/15 23:04:54 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files (x86)\mozilla firefox\components\ThunderComponent.dll
[2012/03/05 19:45:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/26 16:48:52 | 000,003,958 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\baidu.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: xl_chrome_plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_1\xl_chrome.dll
CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(885).dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Wanderfly = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagdipmbmjapagaikbbhffjiegplccld\3.0.0.23_0\
CHR - Extension: Angry Birds = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: FB Chat Sidebar Disabler = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald\1.7_0\
CHR - Extension: Proxy Switchy! = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Babylon Translator = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Daum Equation Editor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe\1.2.130_0\
CHR - Extension: Planetarium = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Camaro = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgoelhaolmbnobnpmhlcepjhpliicee\1.0_0\
CHR - Extension: Marvel Comics = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: \u8FC5\u96F7\u4E0B\u8F7D\u652F\u6301\u6D4B\u8BD5\u7248 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_1\
CHR - Extension: Troll Emoticons = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.7_0\
CHR - Extension: deviantART muro = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\
CHR - Extension: Flight = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncceffnkmmhggjnfdbkgmihjdmgccfmo\2.0.1_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\
CHR - Extension: Psykopaint = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.5_0\

O1 HOSTS File: ([2012/03/10 15:20:26 | 000,001,280 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2:64bit: - BHO: (迅雷下载支持) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [elmq5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe (hitachi corp.)
O4 - HKCU..\Run: [emails5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe (hitachi corp.)
O4 - HKCU..\Run: [ep185] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe (hitachi corp.)
O4 - HKCU..\Run: [epp1305] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe (hitachi corp.)
O4 - HKCU..\Run: [etef5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe (hitachi corp.)
O4 - HKCU..\Run: [five922] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe (hitachi corp.)
O4 - HKCU..\Run: [mixswd] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe (hitachi corp.)
O4 - HKCU..\Run: [mp735] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe (hitachi corp.)
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKCU..\Run: [uzfive172] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe (hitachi corp.)
O4 - HKCU..\Run: [zaber0] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe (lastFiret)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9008F41B-4743-40F3-B9B9-3885E5DAAF80}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF901404-658A-4999-A628-D1E627984C57}: DhcpNameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF901404-658A-4999-A628-D1E627984C57}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe (hitachi corp.)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe (lastFiret)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {4562B511-62E9-4533-B7B2-56A8BB10B482} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(885).dll (深圳市迅雷网络技术有限公司)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{fbb666fa-a850-11e0-945e-206a8a307b2c}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb666fa-a850-11e0-945e-206a8a307b2c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\E\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/17 16:59:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TestApp
[2012/04/17 16:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/16 18:56:28 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2012/04/15 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PunkBuster
[2012/04/15 21:11:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Activision
[2012/04/15 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/04/14 21:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/04/14 21:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012/04/14 21:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/04/12 16:17:32 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bullying
[2012/04/07 20:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2012/03/24 17:40:05 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Angry.Birds.Space.v1.0.0.cracked.READ.NFO-THETA
[2012/03/24 16:33:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/03/24 16:31:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[17 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/17 17:36:44 | 000,002,149 | ---- | M] () -- C:\Users\user\Desktop\迅雷7.lnk
[2012/04/17 17:26:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/17 17:16:56 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/17 17:16:56 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/17 17:16:55 | 000,783,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/17 17:12:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/17 17:02:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000UA.job
[2012/04/17 17:02:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000Core.job
[2012/04/17 16:59:21 | 000,001,683 | ---- | M] () -- C:\Users\user\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/04/17 16:49:37 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 16:49:37 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/17 16:42:36 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/04/17 16:42:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/17 16:42:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/17 16:42:13 | 1400,188,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/16 19:03:17 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/15 18:35:45 | 000,682,280 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/15 18:35:45 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/14 15:21:53 | 000,002,395 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/04/11 18:17:25 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/05 23:47:29 | 000,000,025 | ---- | M] () -- C:\Windows\SysWow64\mylk.dat
[2012/04/04 16:43:21 | 000,769,266 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/02 19:52:06 | 000,001,472 | ---- | M] () -- C:\Users\user\.recently-used.xbel
[2012/04/01 00:18:29 | 000,051,270 | ---- | M] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2012/03/31 15:36:31 | 000,001,401 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/31 03:08:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/31 03:08:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/25 14:18:16 | 000,445,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[17 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 16:59:21 | 000,001,683 | ---- | C] () -- C:\Users\user\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
[2012/04/15 18:35:49 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/15 18:35:45 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/15 18:35:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/02 19:52:06 | 000,001,472 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2012/04/01 18:39:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 03:08:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/31 03:08:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/30 15:48:17 | 000,007,606 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011/08/29 14:55:34 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:04:52 | 000,769,266 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/28 00:14:27 | 000,094,208 | ---- | C] () -- C:\Users\user\AppData\Roaming\chrtmp
[2011/08/05 22:57:34 | 000,051,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2011/06/23 18:39:30 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011/06/23 18:38:05 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/05/30 20:43:35 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/24 22:56:49 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/13 17:02:18 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/02/13 16:59:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/13 16:59:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/02/13 16:59:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/02/13 16:59:10 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/13 16:59:10 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/02/13 16:58:40 | 000,001,495 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/12/31 07:39:31 | 000,000,079 | ---- | C] () -- C:\Windows\WISGAPas.ini
[2010/12/31 07:10:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/12/31 05:30:51 | 000,000,321 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/12/31 05:30:51 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/12/31 05:30:51 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/11/17 08:51:38 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\mylk.dat
[2010/11/01 10:34:58 | 000,000,021 | ---- | C] () -- C:\Windows\KwYl.dat

========== LOP Check ==========

[2012/01/03 18:49:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2011/09/02 00:11:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2011/12/13 01:03:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BITS
[2011/11/07 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CD Art Display
[2011/06/23 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FlashGet
[2011/06/23 18:36:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FlashGetBHO
[2011/09/27 21:28:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaMessenger
[2012/04/15 02:08:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
[2011/09/17 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2011/07/15 21:41:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kingsoft
[2011/05/27 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2011/10/23 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2011/09/27 21:52:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient2
[2012/01/27 17:21:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mobipocket
[2011/05/30 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PowerCinema
[2012/03/12 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPStream
[2011/10/08 22:07:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rainmeter
[2012/03/24 22:40:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rovio
[2012/01/04 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sports Interactive
[2012/04/17 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
[2011/05/24 21:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TTPlayer
[2011/06/20 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2012/01/16 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2012/04/14 17:27:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/06/09 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xunlei
[2012/03/02 21:11:57 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 17 April 2012 - 09:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I don't think I've seen this infection before. It looks like OTL alone can fix it but we'll run the full battery of scans to make sure.

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
[2011/06/26 03:19:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [elmq5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe (hitachi corp.)
O4 - HKCU..\Run: [emails5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe (hitachi corp.)
O4 - HKCU..\Run: [ep185] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe (hitachi corp.)
O4 - HKCU..\Run: [epp1305] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe (hitachi corp.)
O4 - HKCU..\Run: [etef5] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe (hitachi corp.)
O4 - HKCU..\Run: [five922] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe (hitachi corp.)
O4 - HKCU..\Run: [mixswd] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe (hitachi corp.)
O4 - HKCU..\Run: [mp735] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe (hitachi corp.)
O4 - HKCU..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKCU..\Run: [uzfive172] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe (hitachi corp.)
O4 - HKCU..\Run: [zaber0] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe (lastFiret)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe (hitachi corp.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe) - C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe (lastFiret)
O33 - MountPoints2\{fbb666fa-a850-11e0-945e-206a8a307b2c}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb666fa-a850-11e0-945e-206a8a307b2c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup\rsrc\Autorun.exe
O33 - MountPoints2\E\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\user\AppData\Roaming\*.tmp  
   
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Copy and paste the log that it creates into a reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
Sam Cheow
Posted 18 April 2012 - 05:08 AM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for helping out!

Here is the OTL log:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\elmq5 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\emails5 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ep185 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\epp1305 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\etef5 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\five922 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mixswd not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mp735 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PPS Accelerator deleted successfully.
C:\Program Files (x86)\PPStream\PPSAP.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uzfive172 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zaber0 not found.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1170\ufive17.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1272\uffive92.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0069\mmails2.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0096\mp1lmq2.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mixhdg.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0016\mip982.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0076\mp130982.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0056\mp18982.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0068\mtefq2.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe deleted successfully.
File C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbb666fa-a850-11e0-945e-206a8a307b2c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbb666fa-a850-11e0-945e-206a8a307b2c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbb666fa-a850-11e0-945e-206a8a307b2c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbb666fa-a850-11e0-945e-206a8a307b2c}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Directx\dxsetup.exe not found.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:ADF211B1 deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
C:\Users\user\AppData\Roaming\1370.tmp moved successfully.
C:\Users\user\AppData\Roaming\13B3.tmp moved successfully.
C:\Users\user\AppData\Roaming\177.tmp moved successfully.
C:\Users\user\AppData\Roaming\2166.tmp moved successfully.
C:\Users\user\AppData\Roaming\317B.tmp moved successfully.
C:\Users\user\AppData\Roaming\389D.tmp moved successfully.
C:\Users\user\AppData\Roaming\41F7.tmp moved successfully.
C:\Users\user\AppData\Roaming\590D.tmp moved successfully.
C:\Users\user\AppData\Roaming\6105.tmp moved successfully.
C:\Users\user\AppData\Roaming\7FFB.tmp moved successfully.
C:\Users\user\AppData\Roaming\809B.tmp moved successfully.
C:\Users\user\AppData\Roaming\A2B8.tmp moved successfully.
C:\Users\user\AppData\Roaming\AC3F.tmp moved successfully.
C:\Users\user\AppData\Roaming\AD08.tmp moved successfully.
C:\Users\user\AppData\Roaming\B5AF.tmp moved successfully.
C:\Users\user\AppData\Roaming\CAE.tmp moved successfully.
C:\Users\user\AppData\Roaming\D3BB.tmp moved successfully.
C:\Users\user\AppData\Roaming\F060.tmp moved successfully.
C:\Users\user\AppData\Roaming\F1BD.tmp moved successfully.
C:\Users\user\AppData\Roaming\FCA7.tmp moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: user
->Flash cache emptied: 1019 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04182012_174511

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 17:56:11
-----------------------------
17:56:11.096 OS Version: Windows x64 6.1.7601 Service Pack 1
17:56:11.096 Number of processors: 4 586 0x2505
17:56:11.096 ComputerName: USER-PC UserName: user
17:56:12.718 Initialize success
17:56:34.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:56:34.077 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
17:56:34.092 Disk 0 MBR read successfully
17:56:34.108 Disk 0 MBR scan
17:56:34.108 Disk 0 Windows VISTA default MBR code
17:56:34.124 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16000 MB offset 2048
17:56:34.139 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 32770048
17:56:34.155 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460838 MB offset 32974848
17:56:34.170 Disk 0 scanning C:\Windows\system32\drivers
17:56:41.612 Service scanning
17:57:03.561 Modules scanning
17:57:03.576 Scan finished successfully
18:00:24.036 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
18:00:24.036 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"



ComboFix log:

ComboFix 12-04-17.01 - user 4/2012 Wed 18:11:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.1780.809 [GMT 8:00]
执行位置: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\user\AppData\Roaming\chrtmp
.
.
((((((((((((((((((((((((( 2012-03-18 至 2012-04-18 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-18 10:19 . 2012-04-18 10:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 00:43 . 2012-04-18 00:43 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-04-18 00:43 . 2012-04-18 00:43 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 16:02 . 2012-04-17 16:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19B701D4-F710-4D8C-B431-C615A7FEA21B}\offreg.dll
2012-04-17 15:52 . 2012-04-17 15:52 -------- d-----w- C:\_OTL
2012-04-17 15:43 . 2012-04-17 15:43 -------- d-----w- c:\programdata\Kaspersky Lab
2012-04-17 08:59 . 2012-04-17 08:59 -------- d-----w- c:\users\user\AppData\Roaming\TestApp
2012-04-17 08:59 . 2012-04-17 08:59 -------- d-----w- c:\programdata\PC Tools
2012-04-17 08:47 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{19B701D4-F710-4D8C-B431-C615A7FEA21B}\mpengine.dll
2012-04-15 13:59 . 2012-04-15 13:59 -------- d-----w- c:\users\user\AppData\Local\PunkBuster
2012-04-15 13:11 . 2012-04-15 13:11 -------- d-----w- c:\users\user\AppData\Local\Activision
2012-04-15 10:35 . 2012-04-16 11:03 111928 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-15 10:35 . 2012-04-15 10:35 682280 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-04-15 10:35 . 2012-04-15 10:35 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-15 10:29 . 2012-04-15 10:29 -------- d-----w- c:\program files (x86)\Activision
2012-04-14 13:51 . 2012-04-14 13:51 -------- d-----w- c:\program files (x86)\Application Updater
2012-04-14 13:51 . 2012-04-14 13:51 -------- d-----w- c:\program files (x86)\YouTube Downloader Toolbar
2012-04-14 13:51 . 2012-04-14 13:51 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-04-13 19:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 19:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 19:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 13:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 13:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 13:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 13:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 13:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 13:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 13:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 12:59 . 2012-04-07 12:59 -------- d-----w- c:\program files (x86)\Valve
2012-04-01 10:39 . 2012-04-01 10:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-25 06:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-25 06:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-24 08:33 . 2012-03-24 08:33 -------- d-----w- c:\windows\system32\SPReview
2012-03-24 08:31 . 2012-03-24 08:31 -------- d-----w- c:\windows\system32\EventProviders
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 10:39 . 2011-08-19 16:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 08:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-24 08:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-05 11:45 . 2011-06-25 19:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 01:18 . 2011-05-27 16:41 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 08:13 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 08:13 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 08:13 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 08:13 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 15:42 . 2012-02-10 14:12 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-10 15:42 . 2012-02-10 14:12 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-10 15:42 . 2012-02-10 14:12 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-10 15:42 . 2012-02-10 14:12 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-10 06:36 . 2012-03-14 08:39 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 08:39 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-14 08:39 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:33 . 2012-03-14 08:13 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2011-09-29 07:38 251504 ----a-w- c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(885).dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-01-01 1029200]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2011-07-14 3327600]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files (x86)\Rainmeter\Rainmeter.exe [2011-9-18 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4562B511-62E9-4533-B7B2-56A8BB10B482}"= "c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(885).dll" [2011-09-29 251504]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 136176]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 136176]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2008-10-17 106040]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-12 784792]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-08-31 52896]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-01-01 310864]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ XLDoctor Service
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
‘计划任务’ 文件夹 里的内容
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:39]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 13:43]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 13:43]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 13:27]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-23 13:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}]
2011-10-14 07:33 627888 ----a-w- c:\program files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.3.3254.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-11 2186856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-19 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-19 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-19 386584]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-08-31 610464]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-08-31 379040]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.155.com/?id=2012
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
IE: &使用&迅雷下载 - c:\program files (x86)\Thunder Network\Thunder\BHO\geturl.htm
IE: &使用&迅雷下载全部链接 - c:\program files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: &使用&迅雷离线下载 - c:\program files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Download all by FlashGet3 - c:\users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: 使用快车3下载 - c:\users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: 使用快车3下载全部链接 - c:\users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: 使用迅雷查看图片 - c:\program files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files (x86)\Thunder Network\Thunder\Program\repairimage.htm
TCP: DhcpNameServer = 202.188.0.133 202.188.1.5
TCP: Interfaces\{9008F41B-4743-40F3-B9B9-3885E5DAAF80}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{CF901404-658A-4999-A628-D1E627984C57}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\
FF - prefs.js: keyword.URL - hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=
FF - Ext: Babylon Spelling and Proofreading: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Babylon OCR: [email protected] - c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀 N}廬
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\geturl.htm"
"Name"="xl_geturl"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀 N}廻Q钀]
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\GetAllUrl.htm"
"Name"="xl_getallurl"
"Contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\Internet Explorer\MenuExt\&*O(u&*艔鳀粂縹 N}廬
@="c:\\Program Files (x86)\\Thunder Network\\Thunder\\BHO\\OfflineDownload.htm"
"Name"="xl_offlinedownload"
"Contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u隷f?* N}廬
@="c:\\Users\\user\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u隷f?* N}廻Q钀]
@="c:\\Users\\user\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-04-18 18:22:48
ComboFix-quarantined-files.txt 2012-04-18 10:22
.
Pre-Run: 331,889,336,320 bytes free
Post-Run: 331,745,939,456 bytes free
.
- - End Of File - - 4016150E2676E261B5F77259925A389B


TDSSKiller.txt:

18:24:54.0491 3592 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:24:55.0031 3592 ============================================================
18:24:55.0031 3592 Current date / time: 2012/04/18 18:24:55.0031
18:24:55.0031 3592 SystemInfo:
18:24:55.0031 3592
18:24:55.0031 3592 OS Version: 6.1.7601 ServicePack: 1.0
18:24:55.0031 3592 Product type: Workstation
18:24:55.0031 3592 ComputerName: USER-PC
18:24:55.0032 3592 UserName: user
18:24:55.0032 3592 Windows directory: C:\Windows
18:24:55.0032 3592 System windows directory: C:\Windows
18:24:55.0032 3592 Running under WOW64
18:24:55.0032 3592 Processor architecture: Intel x64
18:24:55.0032 3592 Number of processors: 4
18:24:55.0032 3592 Page size: 0x1000
18:24:55.0032 3592 Boot type: Normal boot
18:24:55.0032 3592 ============================================================
18:24:55.0535 3592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:55.0544 3592 \Device\Harddisk0\DR0:
18:24:55.0544 3592 MBR used
18:24:55.0544 3592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40800, BlocksNum 0x32000
18:24:55.0544 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72800, BlocksNum 0x38413030
18:24:55.0571 3592 Initialize success
18:24:55.0571 3592 ============================================================
18:25:42.0696 2392 ============================================================
18:25:42.0696 2392 Scan started
18:25:42.0696 2392 Mode: Manual; SigCheck; TDLFS;
18:25:42.0696 2392 ============================================================
18:25:44.0178 2392 1394hub - ok
18:25:44.0272 2392 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:25:44.0428 2392 1394ohci - ok
18:25:44.0522 2392 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:25:44.0537 2392 ACPI - ok
18:25:44.0615 2392 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:25:44.0709 2392 AcpiPmi - ok
18:25:44.0849 2392 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:25:44.0880 2392 AdobeFlashPlayerUpdateSvc - ok
18:25:44.0958 2392 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:25:44.0990 2392 adp94xx - ok
18:25:45.0099 2392 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:25:45.0130 2392 adpahci - ok
18:25:45.0177 2392 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:25:45.0208 2392 adpu320 - ok
18:25:45.0270 2392 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:25:45.0317 2392 AeLookupSvc - ok
18:25:45.0411 2392 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:25:45.0473 2392 AFD - ok
18:25:45.0551 2392 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:25:45.0567 2392 agp440 - ok
18:25:45.0629 2392 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:25:45.0660 2392 ALG - ok
18:25:45.0770 2392 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:25:45.0785 2392 aliide - ok
18:25:45.0801 2392 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:25:45.0816 2392 amdide - ok
18:25:45.0863 2392 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:25:45.0894 2392 AmdK8 - ok
18:25:45.0957 2392 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:25:46.0004 2392 AmdPPM - ok
18:25:46.0066 2392 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:25:46.0082 2392 amdsata - ok
18:25:46.0144 2392 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:25:46.0175 2392 amdsbs - ok
18:25:46.0191 2392 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:25:46.0222 2392 amdxata - ok
18:25:46.0269 2392 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:25:46.0394 2392 AppID - ok
18:25:46.0456 2392 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:25:46.0534 2392 AppIDSvc - ok
18:25:46.0612 2392 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:25:46.0674 2392 Appinfo - ok
18:25:46.0768 2392 Application Updater (4b3e40c1ae77880678b984a2c748cb85) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
18:25:46.0799 2392 Application Updater - ok
18:25:46.0893 2392 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:25:46.0908 2392 arc - ok
18:25:46.0924 2392 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:25:46.0940 2392 arcsas - ok
18:25:47.0096 2392 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:25:47.0127 2392 aspnet_state - ok
18:25:47.0189 2392 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:25:47.0252 2392 AsyncMac - ok
18:25:47.0314 2392 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:25:47.0330 2392 atapi - ok
18:25:47.0392 2392 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
18:25:47.0408 2392 AthBTPort - ok
18:25:47.0470 2392 AtherosSvc (07d15aa6e882e598918e66e02c17ea95) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
18:25:47.0486 2392 AtherosSvc - ok
18:25:47.0595 2392 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
18:25:47.0657 2392 athr - ok
18:25:47.0751 2392 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:25:47.0813 2392 AudioEndpointBuilder - ok
18:25:47.0829 2392 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:25:47.0876 2392 AudioSrv - ok
18:25:47.0954 2392 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:25:48.0063 2392 AxInstSV - ok
18:25:48.0141 2392 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:25:48.0203 2392 b06bdrv - ok
18:25:48.0281 2392 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:25:48.0328 2392 b57nd60a - ok
18:25:48.0406 2392 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:25:48.0515 2392 BCM43XX - ok
18:25:48.0578 2392 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:25:48.0640 2392 BDESVC - ok
18:25:48.0703 2392 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:25:48.0765 2392 Beep - ok
18:25:48.0827 2392 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:25:48.0921 2392 BFE - ok
18:25:48.0999 2392 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:25:49.0061 2392 BITS - ok
18:25:49.0124 2392 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:25:49.0155 2392 blbdrive - ok
18:25:49.0217 2392 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:25:49.0249 2392 bowser - ok
18:25:49.0311 2392 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:25:49.0342 2392 BrFiltLo - ok
18:25:49.0358 2392 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:25:49.0373 2392 BrFiltUp - ok
18:25:49.0436 2392 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:25:49.0514 2392 BridgeMP - ok
18:25:49.0576 2392 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:25:49.0639 2392 Browser - ok
18:25:49.0685 2392 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:25:49.0748 2392 Brserid - ok
18:25:49.0795 2392 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:25:49.0841 2392 BrSerWdm - ok
18:25:49.0888 2392 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:25:49.0919 2392 BrUsbMdm - ok
18:25:49.0982 2392 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:25:49.0997 2392 BrUsbSer - ok
18:25:50.0044 2392 BTATH_A2DP (9df8cf0e37d9f97fde77e67b852e2808) C:\Windows\system32\drivers\btath_a2dp.sys
18:25:50.0060 2392 BTATH_A2DP - ok
18:25:50.0091 2392 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
18:25:50.0091 2392 BTATH_BUS - ok
18:25:50.0153 2392 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
18:25:50.0169 2392 BTATH_HCRP - ok
18:25:50.0200 2392 BTATH_LWFLT (d8e5f51b3816e196c130bd6aeb68f09d) C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:25:50.0200 2392 BTATH_LWFLT - ok
18:25:50.0216 2392 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
18:25:50.0231 2392 BTATH_RCP - ok
18:25:50.0309 2392 BtFilter (4882e5c8f37f7500b3c7ad689f90ff53) C:\Windows\system32\DRIVERS\btfilter.sys
18:25:50.0341 2392 BtFilter - ok
18:25:50.0387 2392 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:25:50.0465 2392 BthEnum - ok
18:25:50.0543 2392 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:25:50.0590 2392 BTHMODEM - ok
18:25:50.0637 2392 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:25:50.0684 2392 BthPan - ok
18:25:50.0793 2392 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:25:50.0840 2392 BTHPORT - ok
18:25:50.0902 2392 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:25:50.0980 2392 bthserv - ok
18:25:51.0011 2392 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:25:51.0058 2392 BTHUSB - ok
18:25:51.0089 2392 catchme - ok
18:25:51.0167 2392 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:25:51.0245 2392 cdfs - ok
18:25:51.0292 2392 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:25:51.0339 2392 cdrom - ok
18:25:51.0433 2392 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:25:51.0495 2392 CertPropSvc - ok
18:25:51.0589 2392 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:25:51.0620 2392 circlass - ok
18:25:51.0682 2392 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:25:51.0713 2392 CLFS - ok
18:25:51.0791 2392 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:51.0807 2392 clr_optimization_v2.0.50727_32 - ok
18:25:51.0854 2392 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:25:51.0869 2392 clr_optimization_v2.0.50727_64 - ok
18:25:51.0994 2392 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:52.0010 2392 clr_optimization_v4.0.30319_32 - ok
18:25:52.0041 2392 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:25:52.0057 2392 clr_optimization_v4.0.30319_64 - ok
18:25:52.0119 2392 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:25:52.0135 2392 CmBatt - ok
18:25:52.0181 2392 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:25:52.0197 2392 cmdide - ok
18:25:52.0259 2392 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:25:52.0353 2392 CNG - ok
18:25:52.0415 2392 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:25:52.0447 2392 Compbatt - ok
18:25:52.0509 2392 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:25:52.0556 2392 CompositeBus - ok
18:25:52.0603 2392 COMSysApp - ok
18:25:52.0634 2392 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:25:52.0649 2392 crcdisk - ok
18:25:52.0712 2392 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:25:52.0759 2392 CryptSvc - ok
18:25:52.0852 2392 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:25:52.0915 2392 DcomLaunch - ok
18:25:52.0961 2392 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:25:53.0024 2392 defragsvc - ok
18:25:53.0086 2392 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:25:53.0164 2392 DfsC - ok
18:25:53.0242 2392 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:25:53.0320 2392 Dhcp - ok
18:25:53.0351 2392 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:25:53.0383 2392 discache - ok
18:25:53.0476 2392 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:25:53.0507 2392 Disk - ok
18:25:53.0539 2392 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:25:53.0585 2392 Dnscache - ok
18:25:53.0648 2392 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:25:53.0726 2392 dot3svc - ok
18:25:53.0773 2392 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:25:53.0835 2392 DPS - ok
18:25:53.0913 2392 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:25:53.0960 2392 drmkaud - ok
18:25:54.0053 2392 DsiWMIService (53e4843e1cd3653e665daa32241f8f8b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
18:25:54.0116 2392 DsiWMIService - ok
18:25:54.0209 2392 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:25:54.0256 2392 DXGKrnl - ok
18:25:54.0334 2392 EagleX64 - ok
18:25:54.0381 2392 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:25:54.0459 2392 EapHost - ok
18:25:54.0584 2392 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:25:54.0740 2392 ebdrv - ok
18:25:54.0818 2392 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:25:54.0833 2392 EFS - ok
18:25:54.0927 2392 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
18:25:54.0943 2392 EgisTec Ticket Service - ok
18:25:55.0021 2392 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:25:55.0083 2392 ehRecvr - ok
18:25:55.0114 2392 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:25:55.0145 2392 ehSched - ok
18:25:55.0223 2392 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:25:55.0255 2392 elxstor - ok
18:25:55.0364 2392 ePowerSvc (8e12d885d17ec5fa4f52d2c6e953e285) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
18:25:55.0395 2392 ePowerSvc - ok
18:25:55.0457 2392 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:25:55.0489 2392 ErrDev - ok
18:25:55.0571 2392 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:25:55.0630 2392 EventSystem - ok
18:25:55.0696 2392 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:25:55.0776 2392 exfat - ok
18:25:55.0798 2392 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:25:55.0859 2392 fastfat - ok
18:25:55.0968 2392 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:25:56.0041 2392 Fax - ok
18:25:56.0111 2392 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:25:56.0141 2392 fdc - ok
18:25:56.0169 2392 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:25:56.0213 2392 fdPHost - ok
18:25:56.0261 2392 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:25:56.0326 2392 FDResPub - ok
18:25:56.0374 2392 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:25:56.0387 2392 FileInfo - ok
18:25:56.0448 2392 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:25:56.0531 2392 Filetrace - ok
18:25:56.0638 2392 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:25:56.0666 2392 FLEXnet Licensing Service - ok
18:25:56.0727 2392 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:25:56.0751 2392 flpydisk - ok
18:25:56.0806 2392 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:25:56.0827 2392 FltMgr - ok
18:25:56.0879 2392 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:25:56.0946 2392 FontCache - ok
18:25:57.0036 2392 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:57.0052 2392 FontCache3.0.0.0 - ok
18:25:57.0103 2392 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:25:57.0122 2392 FsDepends - ok
18:25:57.0162 2392 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:25:57.0173 2392 Fs_Rec - ok
18:25:57.0215 2392 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:25:57.0235 2392 fvevol - ok
18:25:57.0277 2392 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:25:57.0290 2392 gagp30kx - ok
18:25:57.0388 2392 GGSAFERDriver - ok
18:25:57.0478 2392 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:25:57.0553 2392 gpsvc - ok
18:25:57.0648 2392 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:25:57.0664 2392 GREGService - ok
18:25:57.0754 2392 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:25:57.0774 2392 gupdate - ok
18:25:57.0806 2392 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:25:57.0821 2392 gupdatem - ok
18:25:57.0878 2392 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:25:57.0911 2392 hcw85cir - ok
18:25:57.0960 2392 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:25:58.0011 2392 HdAudAddService - ok
18:25:58.0099 2392 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:25:58.0145 2392 HDAudBus - ok
18:25:58.0186 2392 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:25:58.0197 2392 HECIx64 - ok
18:25:58.0243 2392 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:25:58.0276 2392 HidBatt - ok
18:25:58.0296 2392 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:25:58.0332 2392 HidBth - ok
18:25:58.0397 2392 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:25:58.0442 2392 HidIr - ok
18:25:58.0478 2392 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:25:58.0556 2392 hidserv - ok
18:25:58.0633 2392 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:25:58.0652 2392 HidUsb - ok
18:25:58.0684 2392 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:25:58.0765 2392 hkmsvc - ok
18:25:58.0803 2392 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:25:58.0857 2392 HomeGroupListener - ok
18:25:58.0926 2392 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:25:58.0969 2392 HomeGroupProvider - ok
18:25:59.0024 2392 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:25:59.0044 2392 HpSAMD - ok
18:25:59.0134 2392 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:25:59.0229 2392 HTTP - ok
18:25:59.0313 2392 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:25:59.0332 2392 hwpolicy - ok
18:25:59.0386 2392 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:25:59.0403 2392 i8042prt - ok
18:25:59.0477 2392 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
18:25:59.0500 2392 iaStor - ok
18:25:59.0673 2392 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:25:59.0687 2392 IAStorDataMgrSvc - ok
18:25:59.0779 2392 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:25:59.0810 2392 iaStorV - ok
18:25:59.0903 2392 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:25:59.0939 2392 idsvc - ok
18:26:00.0476 2392 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:26:01.0178 2392 igfx - ok
18:26:01.0272 2392 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:26:01.0303 2392 iirsp - ok
18:26:01.0381 2392 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:26:01.0459 2392 IKEEXT - ok
18:26:01.0630 2392 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:26:01.0708 2392 Impcd - ok
18:26:01.0974 2392 IntcAzAudAddService (dd1fc331286a33f396945115ae4e5e8a) C:\Windows\system32\drivers\RTKVHD64.sys
18:26:02.0052 2392 IntcAzAudAddService - ok
18:26:02.0145 2392 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:26:02.0208 2392 IntcDAud - ok
18:26:02.0286 2392 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:26:02.0301 2392 intelide - ok
18:26:02.0348 2392 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:26:02.0395 2392 intelppm - ok
18:26:02.0457 2392 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:26:02.0520 2392 IPBusEnum - ok
18:26:02.0551 2392 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:26:02.0598 2392 IpFilterDriver - ok
18:26:02.0707 2392 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:26:02.0769 2392 iphlpsvc - ok
18:26:02.0847 2392 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:26:02.0878 2392 IPMIDRV - ok
18:26:02.0925 2392 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:26:02.0988 2392 IPNAT - ok
18:26:03.0066 2392 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:26:03.0159 2392 IRENUM - ok
18:26:03.0253 2392 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:26:03.0268 2392 isapnp - ok
18:26:03.0284 2392 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:26:03.0300 2392 iScsiPrt - ok
18:26:03.0331 2392 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:26:03.0346 2392 kbdclass - ok
18:26:03.0424 2392 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:26:03.0471 2392 kbdhid - ok
18:26:03.0518 2392 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:26:03.0549 2392 KeyIso - ok
18:26:03.0643 2392 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:26:03.0658 2392 KSecDD - ok
18:26:03.0674 2392 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:26:03.0705 2392 KSecPkg - ok
18:26:03.0752 2392 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:26:03.0830 2392 ksthunk - ok
18:26:03.0892 2392 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:26:03.0970 2392 KtmRm - ok
18:26:04.0002 2392 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
18:26:04.0033 2392 L1C - ok
18:26:04.0095 2392 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
18:26:04.0142 2392 L1E - ok
18:26:04.0204 2392 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:26:04.0282 2392 LanmanServer - ok
18:26:04.0376 2392 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:26:04.0454 2392 LanmanWorkstation - ok
18:26:04.0516 2392 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:26:04.0594 2392 lltdio - ok
18:26:04.0657 2392 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:26:04.0750 2392 lltdsvc - ok
18:26:04.0782 2392 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:26:04.0813 2392 lmhosts - ok
18:26:04.0922 2392 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:26:04.0953 2392 LMS - ok
18:26:05.0031 2392 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:26:05.0047 2392 LSI_FC - ok
18:26:05.0078 2392 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:26:05.0078 2392 LSI_SAS - ok
18:26:05.0094 2392 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:26:05.0109 2392 LSI_SAS2 - ok
18:26:05.0140 2392 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:26:05.0156 2392 LSI_SCSI - ok
18:26:05.0218 2392 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:26:05.0296 2392 luafv - ok
18:26:05.0343 2392 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:26:05.0390 2392 Mcx2Svc - ok
18:26:05.0452 2392 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:26:05.0468 2392 megasas - ok
18:26:05.0530 2392 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:26:05.0546 2392 MegaSR - ok
18:26:05.0655 2392 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:26:05.0671 2392 Microsoft Office Groove Audit Service - ok
18:26:05.0780 2392 Mkd2Nadr (957cc0c0b992adbc625ae1858115487c) C:\Windows\system32\drivers\Mkd2Nadr.sys
18:26:05.0796 2392 Mkd2Nadr - ok
18:26:05.0827 2392 Mkd3kfNt (a3ab450c7c31a546badc268d6b11703c) C:\Windows\system32\drivers\Mkd3kfNt.sys
18:26:05.0842 2392 Mkd3kfNt - ok
18:26:05.0874 2392 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:26:05.0967 2392 MMCSS - ok
18:26:06.0030 2392 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:26:06.0108 2392 Modem - ok
18:26:06.0123 2392 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:26:06.0154 2392 monitor - ok
18:26:06.0264 2392 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:26:06.0279 2392 mouclass - ok
18:26:06.0326 2392 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:26:06.0373 2392 mouhid - ok
18:26:06.0466 2392 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:26:06.0482 2392 mountmgr - ok
18:26:06.0529 2392 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:26:06.0544 2392 mpio - ok
18:26:06.0576 2392 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:26:06.0622 2392 mpsdrv - ok
18:26:06.0716 2392 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:26:06.0778 2392 MpsSvc - ok
18:26:06.0872 2392 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:26:06.0919 2392 MRxDAV - ok
18:26:06.0981 2392 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:26:07.0028 2392 mrxsmb - ok
18:26:07.0106 2392 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:26:07.0153 2392 mrxsmb10 - ok
18:26:07.0200 2392 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:26:07.0215 2392 mrxsmb20 - ok
18:26:07.0293 2392 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:26:07.0309 2392 msahci - ok
18:26:07.0356 2392 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:26:07.0371 2392 msdsm - ok
18:26:07.0418 2392 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:26:07.0434 2392 MSDTC - ok
18:26:07.0512 2392 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:26:07.0574 2392 Msfs - ok
18:26:07.0590 2392 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:26:07.0636 2392 mshidkmdf - ok
18:26:07.0668 2392 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:26:07.0683 2392 msisadrv - ok
18:26:07.0761 2392 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:26:07.0839 2392 MSiSCSI - ok
18:26:07.0839 2392 msiserver - ok
18:26:07.0933 2392 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:26:07.0995 2392 MSKSSRV - ok
18:26:08.0011 2392 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:26:08.0058 2392 MSPCLOCK - ok
18:26:08.0073 2392 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:26:08.0120 2392 MSPQM - ok
18:26:08.0198 2392 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:26:08.0229 2392 MsRPC - ok
18:26:08.0276 2392 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:26:08.0292 2392 mssmbios - ok
18:26:08.0370 2392 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:26:08.0432 2392 MSTEE - ok
18:26:08.0463 2392 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:26:08.0479 2392 MTConfig - ok
18:26:08.0557 2392 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:26:08.0588 2392 Mup - ok
18:26:08.0619 2392 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:26:08.0635 2392 mwlPSDFilter - ok
18:26:08.0697 2392 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:26:08.0713 2392 mwlPSDNServ - ok
18:26:08.0728 2392 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:26:08.0744 2392 mwlPSDVDisk - ok
18:26:08.0791 2392 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:26:08.0869 2392 napagent - ok
18:26:08.0947 2392 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:26:09.0009 2392 NativeWifiP - ok
18:26:09.0072 2392 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:26:09.0103 2392 NDIS - ok
18:26:09.0165 2392 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:26:09.0243 2392 NdisCap - ok
18:26:09.0290 2392 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:26:09.0321 2392 NdisTapi - ok
18:26:09.0415 2392 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:26:09.0493 2392 Ndisuio - ok
18:26:09.0524 2392 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:26:09.0586 2392 NdisWan - ok
18:26:09.0680 2392 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:26:09.0727 2392 NDProxy - ok
18:26:09.0758 2392 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:26:09.0820 2392 NetBIOS - ok
18:26:09.0930 2392 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:26:09.0992 2392 NetBT - ok
18:26:10.0086 2392 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:26:10.0101 2392 Netlogon - ok
18:26:10.0148 2392 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:26:10.0210 2392 Netman - ok
18:26:10.0351 2392 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:10.0366 2392 NetMsmqActivator - ok
18:26:10.0398 2392 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:10.0398 2392 NetPipeActivator - ok
18:26:10.0491 2392 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:26:10.0569 2392 netprofm - ok
18:26:10.0725 2392 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:10.0741 2392 NetTcpActivator - ok
18:26:10.0756 2392 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:26:10.0756 2392 NetTcpPortSharing - ok
18:26:10.0850 2392 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:26:10.0866 2392 nfrd960 - ok
18:26:10.0912 2392 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:26:10.0990 2392 NlaSvc - ok
18:26:11.0131 2392 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:26:11.0193 2392 NOBU - ok
18:26:11.0271 2392 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:26:11.0334 2392 Npfs - ok
18:26:11.0365 2392 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:26:11.0412 2392 nsi - ok
18:26:11.0474 2392 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:26:11.0536 2392 nsiproxy - ok
18:26:11.0599 2392 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:26:11.0646 2392 Ntfs - ok
18:26:11.0739 2392 NTI IScheduleSvc (d27a4546417ed7c4aea7b3420d4f1f50) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
18:26:11.0770 2392 NTI IScheduleSvc - ok
18:26:11.0833 2392 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
18:26:11.0848 2392 NTIDrvr - ok
18:26:11.0895 2392 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:26:11.0942 2392 Null - ok
18:26:12.0020 2392 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:26:12.0051 2392 nvraid - ok
18:26:12.0082 2392 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:26:12.0098 2392 nvstor - ok
18:26:12.0145 2392 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:26:12.0160 2392 nv_agp - ok
18:26:12.0254 2392 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:26:12.0270 2392 odserv - ok
18:26:12.0348 2392 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:26:12.0394 2392 ohci1394 - ok
18:26:12.0488 2392 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:26:12.0504 2392 ose - ok
18:26:12.0582 2392 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:26:12.0628 2392 p2pimsvc - ok
18:26:12.0675 2392 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:26:12.0691 2392 p2psvc - ok
18:26:12.0753 2392 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:26:12.0784 2392 Parport - ok
18:26:12.0831 2392 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:26:12.0862 2392 partmgr - ok
18:26:12.0909 2392 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:26:12.0972 2392 PcaSvc - ok
18:26:13.0018 2392 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:26:13.0034 2392 pci - ok
18:26:13.0112 2392 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:26:13.0128 2392 pciide - ok
18:26:13.0174 2392 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:26:13.0206 2392 pcmcia - ok
18:26:13.0252 2392 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:26:13.0268 2392 pcw - ok
18:26:13.0315 2392 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:26:13.0393 2392 PEAUTH - ok
18:26:13.0471 2392 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:26:13.0518 2392 PerfHost - ok
18:26:13.0627 2392 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:26:13.0720 2392 pla - ok
18:26:13.0830 2392 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:26:13.0892 2392 PlugPlay - ok
18:26:13.0986 2392 PnkBstrA - ok
18:26:14.0017 2392 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:26:14.0048 2392 PNRPAutoReg - ok
18:26:14.0126 2392 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:26:14.0157 2392 PNRPsvc - ok
18:26:14.0204 2392 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:26:14.0266 2392 PolicyAgent - ok
18:26:14.0344 2392 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:26:14.0454 2392 Power - ok
18:26:14.0516 2392 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:26:14.0610 2392 PptpMiniport - ok
18:26:14.0672 2392 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:26:14.0719 2392 Processor - ok
18:26:14.0766 2392 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:26:14.0844 2392 ProfSvc - ok
18:26:14.0922 2392 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:26:14.0953 2392 ProtectedStorage - ok
18:26:15.0015 2392 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:26:15.0093 2392 Psched - ok
18:26:15.0218 2392 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:26:15.0265 2392 ql2300 - ok
18:26:15.0327 2392 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:26:15.0358 2392 ql40xx - ok
18:26:15.0390 2392 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:26:15.0436 2392 QWAVE - ok
18:26:15.0499 2392 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:26:15.0530 2392 QWAVEdrv - ok
18:26:15.0561 2392 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:26:15.0639 2392 RasAcd - ok
18:26:15.0686 2392 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:26:15.0764 2392 RasAgileVpn - ok
18:26:15.0826 2392 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:26:15.0904 2392 RasAuto - ok
18:26:15.0998 2392 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:26:16.0060 2392 Rasl2tp - ok
18:26:16.0123 2392 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:26:16.0185 2392 RasMan - ok
18:26:16.0263 2392 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:26:16.0326 2392 RasPppoe - ok
18:26:16.0341 2392 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:26:16.0388 2392 RasSstp - ok
18:26:16.0450 2392 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:26:16.0528 2392 rdbss - ok
18:26:16.0606 2392 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:26:16.0638 2392 rdpbus - ok
18:26:16.0669 2392 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:26:16.0731 2392 RDPCDD - ok
18:26:16.0809 2392 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:26:16.0872 2392 RDPENCDD - ok
18:26:16.0903 2392 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:26:16.0950 2392 RDPREFMP - ok
18:26:17.0028 2392 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:26:17.0090 2392 RDPWD - ok
18:26:17.0184 2392 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:26:17.0215 2392 rdyboost - ok
18:26:17.0246 2392 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:26:17.0324 2392 RemoteAccess - ok
18:26:17.0386 2392 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:26:17.0449 2392 RemoteRegistry - ok
18:26:17.0480 2392 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:26:17.0527 2392 RFCOMM - ok
18:26:17.0589 2392 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:26:17.0652 2392 RpcEptMapper - ok
18:26:17.0667 2392 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:26:17.0683 2392 RpcLocator - ok
18:26:17.0761 2392 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
18:26:17.0854 2392 RpcSs - ok
18:26:17.0932 2392 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:26:18.0010 2392 rspndr - ok
18:26:18.0120 2392 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\System32\Drivers\RtsUStor.sys
18:26:18.0182 2392 RSUSBSTOR - ok
18:26:18.0213 2392 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:26:18.0229 2392 SamSs - ok
18:26:18.0307 2392 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:26:18.0338 2392 sbp2port - ok
18:26:18.0369 2392 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:26:18.0416 2392 SCardSvr - ok
18:26:18.0510 2392 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
18:26:18.0525 2392 SCDEmu - ok
18:26:18.0572 2392 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:26:18.0634 2392 scfilter - ok
18:26:18.0744 2392 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:26:18.0806 2392 Schedule - ok
18:26:18.0884 2392 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:26:18.0946 2392 SCPolicySvc - ok
18:26:18.0978 2392 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:26:19.0040 2392 SDRSVC - ok
18:26:19.0102 2392 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:26:19.0149 2392 secdrv - ok
18:26:19.0180 2392 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:26:19.0227 2392 seclogon - ok
18:26:19.0290 2392 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:26:19.0368 2392 SENS - ok
18:26:19.0383 2392 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:26:19.0430 2392 SensrSvc - ok
18:26:19.0492 2392 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:26:19.0539 2392 Serenum - ok
18:26:19.0586 2392 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:26:19.0602 2392 Serial - ok
18:26:19.0680 2392 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:26:19.0726 2392 sermouse - ok
18:26:19.0758 2392 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:26:19.0836 2392 SessionEnv - ok
18:26:19.0898 2392 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:26:19.0960 2392 sffdisk - ok
18:26:19.0992 2392 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:26:20.0007 2392 sffp_mmc - ok
18:26:20.0023 2392 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:26:20.0054 2392 sffp_sd - ok
18:26:20.0132 2392 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:26:20.0148 2392 sfloppy - ok
18:26:20.0210 2392 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:26:20.0288 2392 SharedAccess - ok
18:26:20.0366 2392 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:26:20.0428 2392 ShellHWDetection - ok
18:26:20.0475 2392 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:26:20.0491 2392 SiSRaid2 - ok
18:26:20.0553 2392 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:26:20.0584 2392 SiSRaid4 - ok
18:26:20.0616 2392 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:26:20.0678 2392 Smb - ok
18:26:20.0740 2392 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:26:20.0787 2392 SNMPTRAP - ok
18:26:20.0818 2392 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:26:20.0850 2392 spldr - ok
18:26:20.0943 2392 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:26:20.0990 2392 Spooler - ok
18:26:21.0146 2392 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:26:21.0286 2392 sppsvc - ok
18:26:21.0364 2392 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:26:21.0427 2392 sppuinotify - ok
18:26:21.0489 2392 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:26:21.0552 2392 srv - ok
18:26:21.0645 2392 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:26:21.0676 2392 srv2 - ok
18:26:21.0692 2392 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:26:21.0723 2392 srvnet - ok
18:26:21.0832 2392 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:26:21.0879 2392 SSDPSRV - ok
18:26:21.0895 2392 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:26:21.0926 2392 SstpSvc - ok
18:26:22.0004 2392 Steam Client Service - ok
18:26:22.0051 2392 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:26:22.0082 2392 stexstor - ok
18:26:22.0129 2392 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:26:22.0191 2392 stisvc - ok
18:26:22.0269 2392 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:26:22.0285 2392 swenum - ok
18:26:22.0332 2392 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:26:22.0410 2392 swprv - ok
18:26:22.0519 2392 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys
18:26:22.0566 2392 SynTP - ok
18:26:22.0690 2392 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:26:22.0784 2392 SysMain - ok
18:26:22.0862 2392 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:26:22.0893 2392 TabletInputService - ok
18:26:22.0956 2392 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
18:26:22.0971 2392 taphss - ok
18:26:23.0049 2392 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:26:23.0112 2392 TapiSrv - ok
18:26:23.0174 2392 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
18:26:23.0221 2392 tapoas - ok
18:26:23.0283 2392 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:26:23.0346 2392 TBS - ok
18:26:23.0424 2392 tcphoc - ok
18:26:23.0564 2392 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:26:23.0626 2392 Tcpip - ok
18:26:23.0767 2392 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:26:23.0814 2392 TCPIP6 - ok
18:26:23.0892 2392 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:26:23.0954 2392 tcpipreg - ok
18:26:23.0985 2392 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:26:24.0032 2392 TDPIPE - ok
18:26:24.0110 2392 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:26:24.0141 2392 TDTCP - ok
18:26:24.0188 2392 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:26:24.0235 2392 tdx - ok
18:26:24.0328 2392 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:26:24.0344 2392 TermDD - ok
18:26:24.0391 2392 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:26:24.0469 2392 TermService - ok
18:26:24.0531 2392 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:26:24.0562 2392 Themes - ok
18:26:24.0609 2392 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:26:24.0656 2392 THREADORDER - ok
18:26:24.0718 2392 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:26:24.0796 2392 TrkWks - ok
18:26:24.0828 2392 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:26:24.0890 2392 TrustedInstaller - ok
18:26:24.0968 2392 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:26:25.0046 2392 tssecsrv - ok
18:26:25.0108 2392 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:26:25.0155 2392 TsUsbFlt - ok
18:26:25.0264 2392 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:26:25.0358 2392 tunnel - ok
18:26:25.0389 2392 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:26:25.0405 2392 uagp35 - ok
18:26:25.0467 2392 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
18:26:25.0483 2392 UBHelper - ok
18:26:25.0530 2392 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:26:25.0592 2392 udfs - ok
18:26:25.0639 2392 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:26:25.0670 2392 UI0Detect - ok
18:26:25.0764 2392 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:26:25.0779 2392 uliagpkx - ok
18:26:25.0810 2392 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:26:25.0842 2392 umbus - ok
18:26:25.0904 2392 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:26:25.0951 2392 UmPass - ok
18:26:26.0122 2392 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:26:26.0169 2392 UNS - ok
18:26:26.0247 2392 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:26:26.0263 2392 Updater Service - ok
18:26:26.0341 2392 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:26:26.0434 2392 upnphost - ok
18:26:26.0497 2392 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:26:26.0512 2392 usbccgp - ok
18:26:26.0590 2392 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:26:26.0622 2392 usbcir - ok
18:26:26.0684 2392 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:26:26.0715 2392 usbehci - ok
18:26:26.0809 2392 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:26:26.0840 2392 usbhub - ok
18:26:26.0856 2392 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:26:26.0871 2392 usbohci - ok
18:26:26.0902 2392 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:26:26.0949 2392 usbprint - ok
18:26:27.0027 2392 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:26:27.0074 2392 USBSTOR - ok
18:26:27.0105 2392 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:26:27.0152 2392 usbuhci - ok
18:26:27.0246 2392 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:26:27.0277 2392 usbvideo - ok
18:26:27.0308 2392 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:26:27.0370 2392 UxSms - ok
18:26:27.0448 2392 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:26:27.0464 2392 VaultSvc - ok
18:26:27.0526 2392 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:26:27.0558 2392 vdrvroot - ok
18:26:27.0636 2392 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:26:27.0698 2392 vds - ok
18:26:27.0760 2392 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:26:27.0792 2392 vga - ok
18:26:27.0807 2392 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:26:27.0870 2392 VgaSave - ok
18:26:27.0901 2392 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:26:27.0916 2392 vhdmp - ok
18:26:27.0994 2392 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:26:28.0010 2392 viaide - ok
18:26:28.0041 2392 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:26:28.0057 2392 volmgr - ok
18:26:28.0088 2392 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:26:28.0104 2392 volmgrx - ok
18:26:28.0150 2392 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:26:28.0166 2392 volsnap - ok
18:26:28.0260 2392 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:26:28.0275 2392 vsmraid - ok
18:26:28.0369 2392 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:26:28.0447 2392 VSS - ok
18:26:28.0509 2392 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:26:28.0540 2392 vwifibus - ok
18:26:28.0556 2392 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:26:28.0572 2392 vwififlt - ok
18:26:28.0618 2392 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:26:28.0665 2392 W32Time - ok
18:26:28.0743 2392 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:26:28.0790 2392 WacomPen - ok
18:26:28.0852 2392 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:26:28.0930 2392 WANARP - ok
18:26:28.0930 2392 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:26:28.0962 2392 Wanarpv6 - ok
18:26:29.0086 2392 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:26:29.0149 2392 WatAdminSvc - ok
18:26:29.0258 2392 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:26:29.0352 2392 wbengine - ok
18:26:29.0414 2392 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:26:29.0445 2392 WbioSrvc - ok
18:26:29.0492 2392 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:26:29.0539 2392 wcncsvc - ok
18:26:29.0617 2392 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:26:29.0648 2392 WcsPlugInService - ok
18:26:29.0679 2392 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:26:29.0695 2392 Wd - ok
18:26:29.0773 2392 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:26:29.0804 2392 WDC_SAM - ok
18:26:29.0835 2392 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:26:29.0866 2392 Wdf01000 - ok
18:26:29.0929 2392 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:26:29.0991 2392 WdiServiceHost - ok
18:26:29.0991 2392 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:26:30.0007 2392 WdiSystemHost - ok
18:26:30.0054 2392 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:26:30.0100 2392 WebClient - ok
18:26:30.0163 2392 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:26:30.0225 2392 Wecsvc - ok
18:26:30.0241 2392 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:26:30.0288 2392 wercplsupport - ok
18:26:30.0334 2392 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:26:30.0397 2392 WerSvc - ok
18:26:30.0459 2392 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:26:30.0506 2392 WfpLwf - ok
18:26:30.0537 2392 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:26:30.0553 2392 WIMMount - ok
18:26:30.0584 2392 WinDefend - ok
18:26:30.0615 2392 WinHttpAutoProxySvc - ok
18:26:30.0709 2392 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:26:30.0771 2392 Winmgmt - ok
18:26:30.0880 2392 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:26:30.0974 2392 WinRM - ok
18:26:31.0083 2392 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:26:31.0146 2392 Wlansvc - ok
18:26:31.0239 2392 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:26:31.0255 2392 wlcrasvc - ok
18:26:31.0333 2392 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:26:31.0395 2392 wlidsvc - ok
18:26:31.0489 2392 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:26:31.0520 2392 WmiAcpi - ok
18:26:31.0582 2392 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:26:31.0629 2392 wmiApSrv - ok
18:26:31.0676 2392 WMPNetworkSvc - ok
18:26:31.0754 2392 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:26:31.0785 2392 WPCSvc - ok
18:26:31.0848 2392 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:26:31.0894 2392 WPDBusEnum - ok
18:26:31.0941 2392 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:26:32.0035 2392 ws2ifsl - ok
18:26:32.0082 2392 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:26:32.0113 2392 wscsvc - ok
18:26:32.0160 2392 WSearch - ok
18:26:32.0269 2392 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:26:32.0347 2392 wuauserv - ok
18:26:32.0425 2392 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:26:32.0487 2392 WudfPf - ok
18:26:32.0596 2392 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:26:32.0643 2392 WUDFRd - ok
18:26:32.0674 2392 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:26:32.0706 2392 wudfsvc - ok
18:26:32.0784 2392 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:26:32.0846 2392 WwanSvc - ok
18:26:32.0986 2392 XLServicePlatform (f757ed4b1f0312405482564e7d138dbe) C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll
18:26:33.0002 2392 XLServicePlatform - ok
18:26:33.0049 2392 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:26:33.0220 2392 \Device\Harddisk0\DR0 - ok
18:26:33.0236 2392 Boot (0x1200) (7f211056de77d1c8e780a8bdab318790) \Device\Harddisk0\DR0\Partition0
18:26:33.0236 2392 \Device\Harddisk0\DR0\Partition0 - ok
18:26:33.0267 2392 Boot (0x1200) (60ba3e5de8c18ae5b09b846339548032) \Device\Harddisk0\DR0\Partition1
18:26:33.0267 2392 \Device\Harddisk0\DR0\Partition1 - ok
18:26:33.0267 2392 ============================================================
18:26:33.0267 2392 Scan finished
18:26:33.0267 2392 ============================================================
18:26:33.0298 5108 Detected object count: 0
18:26:33.0298 5108 Actual detected object count: 0
18:26:39.0394 4804 Deinitialize success


MalwareByte's log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [administrator]

18/4/2012 6:30:24 PM
mbam-log-2012-04-18 (18-30-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199782
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The second OTL run.
OTL:

OTL logfile created on: 18/4/2012 6:35:06 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

1.74 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 26.91% Memory free
3.48 Gb Paging File | 2.13 Gb Available in Paging File | 61.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.04 Gb Total Space | 309.02 Gb Free Space | 68.67% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 17:36:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/04/15 18:35:45 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012/01/05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 14:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/01/01 12:05:26 | 001,029,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/01/01 12:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/01 12:05:26 | 000,289,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/12/24 06:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/24 06:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/12/10 14:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010/09/28 11:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/18 08:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/18 08:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/04 12:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 12:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/04 06:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 06:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 08:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 21:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/14 15:20:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/14 15:19:48 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/03/26 15:55:39 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/03/26 15:13:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/03/26 15:12:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/03/26 15:12:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/26 15:11:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/26 15:11:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/03/26 15:11:38 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/03/19 18:52:36 | 000,171,520 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
MOD - [2012/01/05 14:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2010/12/24 06:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/24 06:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/30 02:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 08:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/15 18:35:45 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/04/01 18:39:22 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/05 14:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/12/22 18:03:38 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/14 15:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2011/01/01 12:05:26 | 000,310,864 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/12/31 07:04:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/28 10:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/08/31 11:10:08 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/06/02 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 12:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/04 06:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/04 06:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/01/08 21:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 07:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/08/19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/31 07:38:55 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2010/12/31 07:38:55 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2010/12/31 07:38:55 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/09 10:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/23 01:47:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/31 10:54:18 | 000,297,320 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/08/31 10:54:18 | 000,273,768 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/08/31 10:54:18 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/08/31 10:54:18 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/08/31 10:54:18 | 000,057,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/08/31 10:54:18 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/08/31 10:54:18 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/08/30 20:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/26 04:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/25 09:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/07/10 03:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/05/12 10:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/21 02:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/12 16:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/04 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/20 10:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/11 04:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/10/17 17:00:00 | 000,179,768 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mkd3kfnt.sys -- (Mkd3kfNt)
DRV:64bit: - [2008/10/17 17:00:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/17 17:00:00 | 000,106,040 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.155.com/?id=2012
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{8B10530D-6D80-4BEC-A5E6-CE120105C6D7}: "URL" = http://www.baidu.com...d={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: [email protected]:5.4
FF - prefs.js..extensions.enabledItems: [email protected]:5.4
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..keyword.URL: "http://www.baidu.com...=dealio_dg&wd="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(885).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/23 18:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 18:17:22 | 000,000,000 | ---D | M]

[2011/05/23 02:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/04/17 23:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions
[2011/11/12 15:26:47 | 000,000,000 | ---D | M] (Thunder Extension) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}
[2012/01/23 17:26:44 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/11/14 17:58:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/06/23 19:13:04 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2012/03/14 20:01:06 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\sc66ygum.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012/04/17 23:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/05 19:45:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/07/18 19:17:53 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/06/08 15:13:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/06/08 15:12:55 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/07/18 19:17:52 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/04/14 21:51:44 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/04/14 21:51:44 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2010/09/15 23:04:54 | 000,079,664 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) -- C:\Program Files (x86)\mozilla firefox\components\ThunderComponent.dll
[2012/03/05 19:45:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/26 16:48:52 | 000,003,958 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\baidu.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: xl_chrome_plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_1\xl_chrome.dll
CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
CHR - plugin: Intel® Threading Building Blocks for Windows (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
CHR - plugin: AhnLab Online Security (Enabled) = C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
CHR - plugin: AhnLab MyKeyDefense 2.5 (Enabled) = C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(885).dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Wanderfly = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagdipmbmjapagaikbbhffjiegplccld\3.0.0.23_0\
CHR - Extension: Angry Birds = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: FB Chat Sidebar Disabler = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald\1.7_0\
CHR - Extension: Proxy Switchy! = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Babylon Translator = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Daum Equation Editor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe\1.2.130_0\
CHR - Extension: Planetarium = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.1_0\
CHR - Extension: Camaro = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjgoelhaolmbnobnpmhlcepjhpliicee\1.0_0\
CHR - Extension: Marvel Comics = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: \u8FC5\u96F7\u4E0B\u8F7D\u652F\u6301\u6D4B\u8BD5\u7248 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_1\
CHR - Extension: Troll Emoticons = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.7_0\
CHR - Extension: deviantART muro = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\
CHR - Extension: Flight = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncceffnkmmhggjnfdbkgmihjdmgccfmo\2.0.1_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\
CHR - Extension: Psykopaint = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.5_0\

O1 HOSTS File: ([2012/04/18 18:19:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (迅雷下载支持) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : 查看网页全部图片 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9008F41B-4743-40F3-B9B9-3885E5DAAF80}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF901404-658A-4999-A628-D1E627984C57}: DhcpNameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF901404-658A-4999-A628-D1E627984C57}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {4562B511-62E9-4533-B7B2-56A8BB10B482} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(885).dll (深圳市迅雷网络技术有限公司)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Connect.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: 1 - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Megakey - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: MegakeyUpdater - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig:64bit - StartUpReg: RocketDock - hkey= - key= - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/18 18:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 18:28:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/18 18:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/18 18:09:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/18 18:09:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/18 18:09:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/18 18:09:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/18 18:09:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/18 17:30:20 | 004,466,721 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/04/18 17:27:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/04/18 08:59:57 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/04/18 08:43:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/04/18 08:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/18 08:10:24 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2012/04/17 23:52:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/17 23:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/04/17 17:36:28 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/04/17 16:59:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TestApp
[2012/04/17 16:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/15 21:59:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PunkBuster
[2012/04/15 21:11:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Activision
[2012/04/15 18:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/04/14 21:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012/04/14 21:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2012/04/14 21:51:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012/04/14 03:04:07 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/14 03:04:07 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/14 03:04:06 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/13 21:21:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/13 21:21:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/13 21:21:22 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/13 21:21:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/13 21:21:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/13 21:21:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/13 21:21:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/13 21:21:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/13 21:21:21 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/13 21:21:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/13 21:21:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/13 21:19:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/13 21:19:54 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/13 21:19:52 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/12 16:17:32 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Bullying
[2012/04/07 20:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2012/04/01 18:39:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/31 03:08:36 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/31 03:08:36 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/31 03:08:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/31 03:08:36 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/31 03:08:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/31 03:08:36 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/31 03:08:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/31 03:08:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/31 03:08:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/31 03:08:36 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/31 03:08:36 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/31 03:08:36 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/31 03:08:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/31 03:08:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/31 03:08:36 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/31 03:08:36 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/31 03:08:36 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/31 03:08:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/31 03:08:36 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/31 03:08:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/31 03:08:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/31 03:08:36 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/31 03:08:36 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/31 03:08:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/31 03:08:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/31 03:08:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/31 03:08:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/31 03:08:35 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/31 03:08:35 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/31 03:08:35 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/31 03:08:35 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/31 03:08:35 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/31 03:08:35 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/31 03:08:35 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/31 03:08:35 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/31 03:08:35 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/31 03:08:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/31 03:08:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/31 03:08:35 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/31 03:08:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/31 03:08:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/31 03:08:35 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/31 03:08:35 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/31 03:08:35 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/31 03:08:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/31 03:08:35 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/31 03:08:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/31 03:08:35 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/31 03:08:35 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/31 03:08:35 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/31 03:08:35 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/31 03:08:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/31 03:08:35 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/31 03:08:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/31 03:08:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/31 03:08:35 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/31 03:08:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/31 03:08:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/31 03:08:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/31 03:08:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/31 03:08:35 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/25 14:07:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/25 14:07:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/24 17:40:05 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Angry.Birds.Space.v1.0.0.cracked.READ.NFO-THETA
[2012/03/24 16:33:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/03/24 16:31:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

========== Files - Modified Within 30 Days ==========

[2012/04/18 18:28:38 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 18:26:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/18 18:19:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/18 18:12:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/18 18:02:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000UA.job
[2012/04/18 18:00:24 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/04/18 17:53:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 17:53:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 17:48:28 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/04/18 17:46:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/18 17:45:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 17:45:48 | 1400,188,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 17:39:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/04/18 17:34:26 | 000,061,440 | ---- | M] ( ) -- C:\Users\user\Desktop\VEW.exe
[2012/04/18 17:33:46 | 010,063,000 | ---- | M] () -- C:\Users\user\Desktop\mbam-setup-1.61.0.1400 (2).exe
[2012/04/18 17:31:22 | 004,466,721 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/04/18 08:38:43 | 000,783,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 08:38:43 | 000,655,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 08:38:43 | 000,122,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 08:16:39 | 000,002,149 | ---- | M] () -- C:\Users\user\Desktop\迅雷7.lnk
[2012/04/17 17:36:34 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/04/17 17:02:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000Core.job
[2012/04/16 19:03:17 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/15 18:35:45 | 000,682,280 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/15 18:35:45 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/14 15:21:53 | 000,002,395 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/04/11 18:17:25 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/10 16:55:18 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\TDSSKiller.exe
[2012/04/05 23:47:29 | 000,000,025 | ---- | M] () -- C:\Windows\SysWow64\mylk.dat
[2012/04/04 16:43:21 | 000,769,266 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 19:52:06 | 000,001,472 | ---- | M] () -- C:\Users\user\.recently-used.xbel
[2012/04/01 18:39:22 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/01 18:39:22 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/01 00:18:29 | 000,051,270 | ---- | M] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2012/03/31 15:36:31 | 000,001,401 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/31 03:08:36 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/31 03:08:36 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/31 03:08:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/31 03:08:36 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/31 03:08:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/31 03:08:36 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/31 03:08:36 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/31 03:08:36 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/31 03:08:36 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/31 03:08:36 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/31 03:08:36 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/31 03:08:36 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/31 03:08:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/31 03:08:36 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/31 03:08:36 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/31 03:08:36 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/31 03:08:36 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/31 03:08:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/31 03:08:36 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/31 03:08:36 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/31 03:08:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/31 03:08:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/31 03:08:36 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/31 03:08:36 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/31 03:08:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/31 03:08:36 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/31 03:08:36 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/31 03:08:36 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/31 03:08:35 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/31 03:08:35 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/31 03:08:35 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/31 03:08:35 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/31 03:08:35 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/31 03:08:35 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/31 03:08:35 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/31 03:08:35 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/31 03:08:35 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/31 03:08:35 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/31 03:08:35 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/31 03:08:35 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/31 03:08:35 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/31 03:08:35 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/31 03:08:35 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/31 03:08:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/31 03:08:35 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/31 03:08:35 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/31 03:08:35 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/31 03:08:35 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/31 03:08:35 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/31 03:08:35 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/31 03:08:35 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/31 03:08:35 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/31 03:08:35 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/31 03:08:35 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/31 03:08:35 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/31 03:08:35 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/31 03:08:35 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/31 03:08:35 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/31 03:08:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/31 03:08:35 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/31 03:08:35 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/31 03:08:35 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/31 03:08:35 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/25 14:18:16 | 000,445,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/24 16:44:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012/03/24 16:44:29 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll

========== Files Created - No Company Name ==========

[2012/04/18 18:28:38 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 18:09:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/18 18:09:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/18 18:09:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/18 18:09:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/18 18:09:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/18 18:00:24 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/04/18 17:34:18 | 000,061,440 | ---- | C] ( ) -- C:\Users\user\Desktop\VEW.exe
[2012/04/18 17:32:03 | 010,063,000 | ---- | C] () -- C:\Users\user\Desktop\mbam-setup-1.61.0.1400 (2).exe
[2012/04/15 18:35:49 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/15 18:35:45 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/04/15 18:35:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/04/02 19:52:06 | 000,001,472 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2012/04/01 18:39:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/31 03:08:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/31 03:08:35 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/30 15:48:17 | 000,007,606 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011/08/29 14:55:34 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011/08/28 02:04:52 | 000,769,266 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 22:57:34 | 000,051,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2011/06/23 18:39:30 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011/06/23 18:38:05 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/05/30 20:43:35 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/24 22:56:49 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/13 17:02:18 | 000,000,267 | ---- | C] () -- C:\Windows\LaunApp.ini
[2011/02/13 16:59:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/13 16:59:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/02/13 16:59:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/02/13 16:59:10 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/13 16:59:10 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/02/13 16:58:40 | 000,001,495 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/12/31 07:39:31 | 000,000,079 | ---- | C] () -- C:\Windows\WISGAPas.ini
[2010/12/31 05:30:51 | 000,000,321 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/12/31 05:30:51 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/12/31 05:30:51 | 000,000,166 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/11/17 08:51:38 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\mylk.dat
[2010/11/01 10:34:58 | 000,000,021 | ---- | C] () -- C:\Windows\KwYl.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/05/23 22:17:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2012/01/03 18:49:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2011/09/02 00:11:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2011/12/13 01:03:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BITS
[2011/11/07 21:00:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CD Art Display
[2011/07/30 02:34:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CyberLink
[2011/06/23 18:36:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FlashGet
[2011/06/23 18:36:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FlashGetBHO
[2011/09/27 21:28:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaMessenger
[2012/04/15 02:08:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
[2011/07/25 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Google
[2011/09/17 17:12:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
[2011/05/23 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2011/05/23 00:11:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Intel Corporation
[2011/07/15 21:41:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\kingsoft
[2011/05/27 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2011/10/23 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2011/09/27 21:52:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient2
[2011/05/23 00:11:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2012/04/18 08:43:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010/12/31 05:42:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2012/01/27 17:17:32 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2012/01/27 17:21:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mobipocket
[2011/05/23 02:13:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2011/05/30 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PowerCinema
[2012/03/12 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPStream
[2011/10/08 22:07:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rainmeter
[2012/03/24 22:40:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rovio
[2012/03/24 19:37:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
[2012/01/04 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sports Interactive
[2012/04/17 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TestApp
[2011/05/24 21:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TTPlayer
[2011/06/20 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubisoft
[2012/01/16 21:12:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2012/04/14 17:27:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/08/08 21:37:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vidalia
[2011/05/23 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
[2011/06/09 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xunlei

< MD5 for: ATAPI.SYS >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 14:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/31 06:04:09 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 14:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 14:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/31 05:53:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/31 06:04:09 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/31 05:53:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 21:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/31 06:04:09 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/31 05:53:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/31 06:04:09 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 14:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/31 05:53:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/31 06:04:09 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/31 06:04:09 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/07/23 10:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/07/23 10:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/07/23 10:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/31 03:08:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/31 03:08:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/31 03:08:36 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/31 03:08:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/03/31 03:08:36 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2010/07/23 10:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2010/07/23 10:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2010/07/23 10:06:51 | 000,552,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/12 15:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/31 03:08:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/31 03:08:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/31 03:08:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/31 03:08:36 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/03/31 03:08:36 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


extras:

OTL Extras logfile created on: 18/4/2012 6:35:06 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

1.74 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 26.91% Memory free
3.48 Gb Paging File | 2.13 Gb Available in Paging File | 61.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.04 Gb Total Space | 309.02 Gb Free Space | 68.67% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "C:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "C:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "C:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dir "%1" (酷我科技)
Directory [kwplaylist] -- "C:\Program Files (x86)\KWMUSIC\KwMusic.exe" \dirlist "%1" (酷我科技)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)
Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"GooglePinyin2" = 谷歌拼音输入法 2.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E39CA2-A11C-4b40-B6CE-B548FFEC16FA}" = YouTube Downloader Toolbar v5.4
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7IL77L-LKS1-75B1-SKYRIM-18CD6E6334R1}_is1" = The Elder Scrolls V - Skyrim version 1.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8BCC552D-5E01-494A-B503-0915384F048C}_is1" = MapleStorySEA version v1.05
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AhnLab Online Security" = AhnLab Online Security
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Babylon" = Babylon
"Bejeweled 31.0" = Bejeweled 3
"CD Art Display_is1" = CD Art Display 2.0.1
"DiRT2" = DiRT2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"FlashGet 3.7" = FlashGet 3.7
"FLV Player2.0.25" = FLV Player
"Football Manager 2012_is1" = Football Manager 2012
"Garena" = Garena 2010
"Identity Card" = Identity Card
"im" = Garena Plus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"KwMusic" = 酷我音乐盒 2011
"Left 4 Dead 2_is1" = Left 4 Dead 2
"LManager" = Launch Manager
"LoL" = Garena - League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PPStream" = PPS影音 V2.7.0.1364 正式版
"PunkBusterSvc" = PunkBuster Services
"QuickSFV" = QuickSFV (Remove only)
"Rainmeter" = Rainmeter
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 570" = Dota 2
"Steam Hacker 1.0 BETA" = Steam Hacker 1.0 BETA
"thunder_is1" = 迅雷7
"TTPlayer" = 千千静听 5.7正式版
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Zuma Deluxe RA" = Zuma Deluxe RA
"迅雷看看播放器" = 迅雷看看播放器
"迅雷看看高清播放组件" = 迅雷看看高清播放组件

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


The VEW.exe can't make a log in my comp, saying that it doesn't support the language (Chinese Simplified)

That's all.
  • 0

#4
RKinner
Posted 18 April 2012 - 09:54 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The VEW.exe can't make a log in my comp, saying that it doesn't support the language (Chinese Simplified)


See if DDS will work for you:

Please download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool.
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


Otherwise your OTL log looks a lot better and the other scans didn't find anything. Are you still seeing signs of an infection?

I don't see any anti-virus so let's install the free Avast: Download and Save the installer:

http://www.avast.com...ivirus-download

Right click on the installer and Run As Admin.

Register when it asks you to. Once it updates:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours. While scanning it will tell you where it will put the report so write that down.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
If it says it found something then open the file location you wrote down with notepad and copy and paste the text into a reply.
  • 0

#5
Sam Cheow
Posted 19 April 2012 - 07:15 AM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Before your 1st post here, I try to neutralize the malware using malwarebytes and the kaspersky free virus scanner,
And I got rid most of them, and my Internet speed is more stable now.
However the spike lag issue is not solve, but I believe is my system get older now
Anyway, here is the log from dds:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by user at 15:48:15 on 2012-04-19
Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.1780.509 [GMT 8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.155.com/?id=2012
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
BHO: ??à×FLVêó?μDáì??°?????§3?: {0ea37b17-6b8b-4085-8257-f3a4aa69c27a} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ??à×?????§3?: {889d2feb-5411-4565-8998-1dd2c5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-explorer: OldEnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &使用&迅雷下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
IE: &使用&迅雷下载全部链接 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
IE: &使用&迅雷离线下载 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
IE: Download all by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: 使用快车3下载 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: 使用快车3下载全部链接 - C:\Users\user\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: 使用迅雷查看图片 - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 202.188.0.133 202.188.1.5
TCP: Interfaces\{9008F41B-4743-40F3-B9B9-3885E5DAAF80} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{CF901404-658A-4999-A628-D1E627984C57} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{CF901404-658A-4999-A628-D1E627984C57} : DhcpNameServer = 202.188.0.133 202.188.1.5
TCP: Interfaces\{CF901404-658A-4999-A628-D1E627984C57}\3334F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF901404-658A-4999-A628-D1E627984C57}\4596D60284F6D656 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: DesktopTipsStub Class: {4562b511-62e9-4533-b7b2-56a8bb10b482} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(766).dll
BHO-X64: ??à×FLVêó?μDáì??°?????§3?: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll
BHO-X64: XlBrowserAddinBho.XlBrowserAddinBhoObject - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ??à×?????§3?: {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll
BHO-X64: XunleiBHO - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\user\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH-X64: DesktopTipsStub Class: {4562B511-62E9-4533-B7B2-56A8BB10B482} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.29.(766).dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\
FF - prefs.js: keyword.URL - hxxp://www.baidu.com/baidu?tn=dealio_dg&wd=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
FF - component: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - Ext: Babylon Spelling and Proofreading: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Babylon OCR: [email protected] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-12 784792]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-8-31 52896]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-2-13 310864]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-2-13 868224]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-31 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-13 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-12-31 243232]
R2 XLServicePlatform;XLServicePlatform;C:\Windows\system32\svchost -k XLServicePlatform --> C:\Windows\system32\svchost -k XLServicePlatform [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-30 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-30 136176]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2011-6-5 106040]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\system32\drivers\Mkd3kfNt.sys --> C:\Windows\system32\drivers\Mkd3kfNt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-18 10:51:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-18 10:28:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-18 10:28:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-18 10:09:52 98816 ----a-w- C:\Windows\sed.exe
2012-04-18 10:09:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-18 10:09:52 256000 ----a-w- C:\Windows\PEV.exe
2012-04-18 10:09:52 208896 ----a-w- C:\Windows\MBR.exe
2012-04-18 00:43:18 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2012-04-18 00:43:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 16:02:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19B701D4-F710-4D8C-B431-C615A7FEA21B}\offreg.dll
2012-04-17 15:52:26 -------- d-----w- C:\_OTL
2012-04-17 15:43:57 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-04-17 08:59:20 -------- d-----w- C:\Users\user\AppData\Roaming\TestApp
2012-04-17 08:59:20 -------- d-----w- C:\ProgramData\PC Tools
2012-04-17 08:47:42 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19B701D4-F710-4D8C-B431-C615A7FEA21B}\mpengine.dll
2012-04-15 13:59:17 -------- d-----w- C:\Users\user\AppData\Local\PunkBuster
2012-04-15 13:11:43 -------- d-----w- C:\Users\user\AppData\Local\Activision
2012-04-15 10:35:49 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-15 10:35:45 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-04-15 10:35:45 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-15 10:29:29 -------- d-----w- C:\Program Files (x86)\Activision
2012-04-14 13:51:42 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-04-14 13:51:41 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-04-14 13:51:41 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-04-13 19:04:07 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-13 19:04:07 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-13 19:04:06 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-13 13:19:54 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 13:19:54 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 13:19:54 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 13:19:52 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-13 13:19:52 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-13 13:19:52 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-13 13:19:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-07 12:59:13 -------- d-----w- C:\Program Files (x86)\Valve
2012-04-01 10:39:22 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-25 06:07:51 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-25 06:07:51 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-24 08:33:31 -------- d-----w- C:\Windows\System32\SPReview
2012-03-24 08:31:54 -------- d-----w- C:\Windows\System32\EventProviders
.
==================== Find3M ====================
.
2012-04-01 10:39:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-24 08:44:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-03-24 08:44:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-03-05 11:45:19 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 01:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 15:42:53 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-10 15:42:53 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-10 15:42:53 122968 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-10 15:42:53 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 03:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 15:49:43.49 ===============


Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2011/5/23 12:07:57 AM
System Uptime: 2012/4/19 3:33:31 PM (0 hours ago)
.
Motherboard: Acer | |
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz | CPU 1 | 1063/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 306.879 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP213: 2012/4/15 3:00:42 AM - Windows Update
RP214: 2012/4/15 2:03:26 PM - Removed Call of Duty® 2
RP215: 2012/4/15 6:26:50 PM - Installed Call of Duty® - World at War™
RP216: 2012/4/16 12:16:10 PM - Windows Update
RP217: 2012/4/16 4:27:40 PM - Windows Update
RP219: 2012/4/16 7:00:43 PM - Windows Defender Checkpoint
RP220: 2012/4/17 4:45:52 PM - Windows Update
RP222: 2012/4/18 12:03:12 AM - Windows Defender Checkpoint
RP223: 2012/4/18 7:14:55 AM - Windows Update
RP224: 2012/4/18 6:37:18 PM - OTL Restore Point - 18/4/2012 6:37:16 PM
RP225: 2012/4/18 11:49:43 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.6
AhnLab Online Security
Airport Mania First Flight
Amazonia
Angry Birds
Angry Birds Seasons
Angry Birds Space
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
Babylon
Backup Manager V3
Bejeweled 3
Cake Mania
Call of Duty® - World at War™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
CD Art Display 2.0.1
clear.fi
clear.fi Client
D3DX10
DiRT2
Dota 2
Dragon Nest SEA
Dream Day First Home
eBay Worldwide
eSobi v2
Farm Frenzy 2
FIFA 12 © EA version 1
FlashGet 3.7
FLV Player
Football Manager 2012
From Dust
Galapago
Garena - League of Legends
Garena 2010
Garena Plus
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
Heroes of Hellas
Identity Card
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Launch Manager
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.61.0.1400
MapleStorySEA version v1.05
MediaEspresso
Merriam Websters Spell Jam
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mobipocket Reader 6.2
Mozilla Firefox (3.6.8)
MSVCRT
MSVCRT_amd64
MyWinLocker 4
MyWinLocker Suite
Need for Speed Underground 2
Norton Online Backup
NTI Media Maker 9
NVIDIA PhysX
OpenAL
Poker Pop
PowerISO
PPS影音 V2.7.0.1364 正式版
PunkBuster Services
QuickSFV (Remove only)
Rainmeter
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shredder
Skype? 5.5
Spelling Dictionaries Support For Adobe Reader 9
Spin & Win
Steam
Steam Hacker 1.0 BETA
swMSM
The Elder Scrolls V - Skyrim version 1.0
Ubisoft Game Launcher
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 (32-bit)
YouTube Downloader 3.5
YouTube Downloader Toolbar v5.4
Zuma Deluxe RA
μTorrent
千千静听 5.7正式版
迅雷7
迅雷看看播放器
迅雷看看高清播放组件
酷我音乐盒 2011
.
==== Event Viewer Messages From Past Week ========
.
2012/4/18 11:50:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2603229).
.
==== End Of File ===========================


Sorry about the Avast scan log, I didn't take notice about the file location need to copy it, so I don't know where to get it.

Ends here, thanks for solving the trouble :thumbsup:

Edited by Sam Cheow, 19 April 2012 - 07:31 AM.

  • 0

#6
Sam Cheow
Posted 19 April 2012 - 07:39 AM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Update:
I think this is the scan log

04/19/2012 18:07
Scan of all local drives

File C:\Program Files (x86)\Valve\Condition Zero\czero\maps\de_knubbe_nuke.bsp.ztmp|>{bzip} Error 42130 {BZIP2 archive is corrupted.}
File C:\ProgramData\Thunder Network\Thunder\data\ThunderPush\SBTextLink2\SBTextLink2.zip.tmp|>SBTextLink2\onload.lua Error 42125 {ZIP archive is corrupted.}
File C:\TDDOWNLOAD\SmBoy.rar|>Super.Meat.Boy.incl.Update.17-ALiAS\a-smb17p.zip|>a-smb17u.r14|>Prerequisites\dxnt.cab|>dpnet.dll Error 42127 {CAB archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\1011.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\1044.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\1146.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\1149.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\1155.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\411.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\502.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\506.thunderskin.tmp|>image\hotspot.png Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\564.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\566.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\583.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\597.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\722.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\724.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\739.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\777.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\932.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Public\Documents\Thunder Network\Thunder\skin\recommend\963.thunderskin.tmp|>image\bkg.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\conduitCommon\alert\Dialogs.zip|>Dialogs\AppNotificationDialog\Images\dark\settings.png Error 42125 {ZIP archive is corrupted.}
File C:\Users\user\Downloads\Keygen Fifa 12.rar|>Keygen Fifa 12.exe is infected by Win32:Dropper-gen [Drp], Moved to chest
File C:\Users\user\Downloads\Mac-OS-X-Leopard-1.zip|>Mac OS X Leopard\Mac OS X Leopard Preview.png Error 42125 {ZIP archive is corrupted.}
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\1370.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\13B3.tmp is infected by Win32:Kryptik-IKT [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\177.tmp is infected by Win32:Agent-AOJB [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\2166.tmp is infected by Win32:Kryptik-IKT [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\389D.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\41F7.tmp is infected by Win32:Agent-AOJB [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\590D.tmp is infected by Win32:Agent-AOJB [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\6105.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\7FFB.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\809B.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\A2B8.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\AC3F.tmp is infected by Win32:Kryptik-IKT [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\AD08.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\B5AF.tmp is infected by Win32:Kryptik-IKT [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\CAE.tmp is infected by Win32:Kryptik-IKT [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\D3BB.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\F060.tmp is infected by Win32:Crypt-MEQ [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\F1BD.tmp is infected by Win32:Agent-AOJB [Trj], Moved to chest
File C:\_OTL\MovedFiles\04182012_174511\C_Users\user\AppData\Roaming\FCA7.tmp is infected by Win32:Kryptik-IKT [Trj], Moved to chest
Number of searched folders: 36545
Number of tested files: 1058867
Number of infected files: 20


=========END==============
  • 0

#7
RKinner
Posted 19 April 2012 - 08:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You can uninstall Intel® Management Engine Components unless your computer is part of a large company. This is used to remote control computers by system admins.

Mozilla Firefox (3.6.8) is out of date. You need to download the latest version:
http://www.mozilla.org
It should replace the old version.

I don't have much use for download managers so I would uninstall FlashGet 3.7
Also uninstall:
YouTube Downloader 3.5
YouTube Downloader Toolbar v5.4

You have an older version of Adobe Reader. You need to uninstall it and get the latest version from adobe.com. Don't let them give you any toolbars or security scans. (Uncheck them before downloading)

I guess we are not going to get the error logs. You can check them manually.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Click on System. Wait for it to read the logs. Click on the Column Header: Level This will eventually sort the errors with the worst ones at the top. Hopefully you don't have any red or yellow marked errors but if you do. Click on the first one. Then on Copy (bottom left). Move to a reply and Ctrl + v to paste it. Repeat for all of the red and yellow marked events. (If you have multiples of the same errors, just copy and paste the first one.) Doesn't matter that they are in Chinese.

Once you have all of the red and yellow errors then click on Application in the left pane and repeat the process. (If you don't have any errors then just be glad.)

For your lag let's try:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute of so for things to settle down then
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Also
Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.
  • 0

#8
Sam Cheow
Posted 19 April 2012 - 09:57 AM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have a question here:
so the avast run the scan and it say the malicious files move to chest. What should I do about it?

Here's all the error log:

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 2012/4/18 11:50:25 PM
Event ID: 20
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Installation
User: SYSTEM
Computer: user-PC
Description:
Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2603229).
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000000028</Keywords>
<TimeCreated SystemTime="2012-04-18T15:50:25.037619200Z" />
<EventRecordID>126189</EventRecordID>
<Correlation />
<Execution ProcessID="456" ThreadID="1320" />
<Channel>System</Channel>
<Computer>user-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="errorCode">0x8024200d</Data>
<Data Name="updateTitle">Update for Windows 7 for x64-based Systems (KB2603229)</Data>
<Data Name="updateGuid">{91C80095-4B18-4BCC-BA46-18B3D4AD7124}</Data>
<Data Name="updateRevisionNumber">100</Data>
</EventData>
</Event>


Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2012/4/19 9:27:23 PM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: user-PC
Description:
Name resolution for the name apps.facebook.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-19T13:27:23.795821600Z" />
<EventRecordID>126633</EventRecordID>
<Correlation />
<Execution ProcessID="1232" ThreadID="4816" />
<Channel>System</Channel>
<Computer>user-PC</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">apps.facebook.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035D043DCDC0000000000000000</Data>
</EventData>
</Event>


Log Name: System
Source: Microsoft-Windows-WLAN-AutoConfig
Date: 2012/4/18 6:50:55 PM
Event ID: 4001
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: user-PC
Description:
WLAN AutoConfig service has successfully stopped.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-WLAN-AutoConfig" Guid="{9580D7DD-0379-4658-9870-D5BE7D52D6DE}" />
<EventID>4001</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-18T10:50:55.894571800Z" />
<EventRecordID>125985</EventRecordID>
<Correlation />
<Execution ProcessID="116" ThreadID="3912" />
<Channel>System</Channel>
<Computer>user-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
</EventData>
</Event>


I don't know what's the error mean, but happen in very recent time. Is it bad or something?

For Application:

This program actually a Chinese download manager, and it keep hanging there just now when i'm downloading something

Log Name: Application
Source: Application Hang
Date: 2012/4/19 4:52:18 PM
Event ID: 1002
Task Category: (101)
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
The program Thunder.exe version 7.2.3.3254 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 590
Start Time: 01cd1e04251f8ffc
Termination Time: 110
Application Path: C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
Report Id: da8ed851-89fc-11e1-a576-206a8a307b2c

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Hang" />
<EventID Qualifiers="0">1002</EventID>
<Level>2</Level>
<Task>101</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-04-19T08:52:18.000000000Z" />
<EventRecordID>28731</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data>Thunder.exe</Data>
<Data>7.2.3.3254</Data>
<Data>590</Data>
<Data>01cd1e04251f8ffc</Data>
<Data>110</Data>
<Data>C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe</Data>
<Data>da8ed851-89fc-11e1-a576-206a8a307b2c</Data>
<Binary>55006E006B006E006F0077006E0000000000</Binary>
</EventData>
</Event>




Log Name: Application
Source: SideBySide
Date: 2012/4/18 8:17:44 PM
Event ID: 33
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
Activation context generation failed for "c:\program files (x86)\KWMUSIC\bin\lidx.dll". Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">33</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-04-18T12:17:44.000000000Z" />
<EventRecordID>28660</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data>Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\program files (x86)\KWMUSIC\bin\lidx.dll</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>


Log Name: Application
Source: Application Error
Date: 2012/4/18 6:52:14 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
Faulting application name: Babylon.exe, version: 9.0.3.12, time stamp: 0x4e1ea1f7
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00033325
Faulting process id: 0xdd4
Faulting application start time: 0x01cd1d514680370f
Faulting application path: C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 8e0ef967-8944-11e1-9474-206a8a307b2c
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-04-18T10:52:14.000000000Z" />
<EventRecordID>28639</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data>Babylon.exe</Data>
<Data>9.0.3.12</Data>
<Data>4e1ea1f7</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec49b8f</Data>
<Data>c0000005</Data>
<Data>00033325</Data>
<Data>dd4</Data>
<Data>01cd1d514680370f</Data>
<Data>C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe</Data>
<Data>C:\Windows\SysWOW64\ntdll.dll</Data>
<Data>8e0ef967-8944-11e1-9474-206a8a307b2c</Data>
</EventData>
</Event>


Log Name: Application
Source: SideBySide
Date: 2012/4/19 4:34:57 PM
Event ID: 63
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: user-PC
Description:
Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="SideBySide" />
<EventID Qualifiers="49409">63</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-04-19T08:34:57.000000000Z" />
<EventRecordID>28728</EventRecordID>
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security />
</System>
<EventData>
<Data>assemblyIdentity</Data>
<Data>version</Data>
<Data>MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll</Data>
<Data>c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll</Data>
<Data>3</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>


Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 2012/4/18 11:49:34 PM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: user-PC
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-3948966759-673693716-3023624284-1000:
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\My
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\CA
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\Root
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\trust
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-04-18T15:49:34.524730500Z" />
<EventRecordID>28673</EventRecordID>
<Correlation ActivityID="{032CCA48-F800-0001-05F2-892D511DCD01}" />
<Execution ProcessID="456" ThreadID="412" />
<Channel>Application</Channel>
<Computer>user-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">15 user registry handles leaked from \Registry\User\S-1-5-21-3948966759-673693716-3023624284-1000:
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\My
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Policies\Microsoft\SystemCertificates
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\CA
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\Root
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\trust
Process 1880 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3948966759-673693716-3023624284-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
</Data>
</EventData>
</Event>


Process Explorer log:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 87.22 0 K 24 K
procexp64.exe 1224 5.00 33,232 K 53,772 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
WmiPrvSE.exe 5840 1.53 5,980 K 10,396 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 4016 0.95 68,936 K 28,360 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 904 0.86 5,840 K 5,596 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 0.80 0 K 0 K Hardware Interrupts and DPCs
lsass.exe 792 0.73 6,968 K 6,072 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 676 0.68 37,324 K 30,668 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Speccy64.exe 5280 0.55 27,756 K 35,912 K Speccy Piriform Ltd (Verified) Piriform Ltd
chrome.exe 5240 0.34 80,572 K 75,560 K Google Chrome Google Inc. (Verified) Google Inc
System 4 0.34 208 K 1,696 K
csrss.exe 680 0.30 4,288 K 16,324 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1068 0.15 24,464 K 27,760 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
ePowerTray.exe 3416 0.14 5,844 K 2,968 K ePowerTray Acer Incorporated (Verified) Acer Incorporated
explorer.exe 3404 0.12 62,376 K 51,316 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ePowerEvent.exe 1588 0.08 2,700 K 1,600 K ePowerEvent Acer Incorporated (Verified) Acer Incorporated
chrome.exe 5964 0.07 88,140 K 121,016 K Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 1004 0.03 6,280 K 5,744 K Host Process for Windows Services Microsoft Corporation (Unable to verify) Microsoft Corporation
WmiApSrv.exe 4408 0.02 2,888 K 7,224 K WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 1524 0.02 2,888 K 2,116 K Local Manageability Service Intel Corporation (Verified) Intel Corporation
IAStorDataMgrSvc.exe 1876 0.01 18,636 K 6,092 K IAStorDataSvc Intel Corporation (Verified) Intel Corporation
IAStorIcon.exe 4388 0.01 23,712 K 8,260 K IAStorIcon Intel Corporation (Verified) Intel Corporation
AvastUI.exe 4808 0.01 13,728 K 7,836 K avast! Antivirus AVAST Software (Verified) AVAST Software
AvastSvc.exe 1388 0.01 31,240 K 37,552 K avast! Service AVAST Software (Verified) AVAST Software
NOBuAgent.exe 1456 0.01 3,432 K 1,704 K Norton Online Backup Service Symantec Corporation (Verified) Symantec Corporation
PnkBstrA.exe 1508 0.01 1,516 K 1,140 K (Unable to verify)
svchost.exe 2244 < 0.01 3,176 K 3,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 3456 < 0.01 9,236 K 4,020 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 2664 < 0.01 12,512 K 12,612 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 2676 < 0.01 4,240 K 2,704 K User Notification Service Intel Corporation (Verified) Intel Corporation
dsiwmis.exe 1256 < 0.01 2,776 K 1,372 K Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
svchost.exe 1120 < 0.01 11,880 K 9,436 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4432 < 0.01 13,216 K 8,520 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2192 < 0.01 8,624 K 4,424 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 1232 < 0.01 17,788 K 10,648 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2264 < 0.01 51,260 K 29,028 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2648 < 0.01 9,060 K 9,132 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
IScheduleSvc.exe 1940 < 0.01 5,712 K 7,840 K Backup Manager Module NTI Corporation (Verified) NTI Corporation
svchost.exe 1632 < 0.01 14,968 K 11,684 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 632 < 0.01 2,616 K 2,540 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
wuauclt.exe 556 3,248 K 1,828 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6136 7,472 K 15,236 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2404 2,268 K 1,104 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 736 3,680 K 1,892 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 688 2,544 K 1,228 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 2140 1,456 K 1,536 K Updater Service Acer Group (Verified) Acer Incorporated
unsecapp.exe 3152 3,212 K 2,756 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 5880 7,076 K 7,204 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 3600 3,520 K 3,620 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 640 64,028 K 55,132 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2160 37,064 K 19,252 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 240 25,280 K 20,112 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2712 3,360 K 2,376 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SuiteTray.exe 752 2,116 K 1,684 K SuiteTray Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
spoolsv.exe 1580 7,688 K 4,824 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 456 552 K 528 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 784 6,912 K 6,296 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RAVCpl64.exe 3000 12,816 K 3,544 K Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RAVBg64.exe 3432 11,968 K 3,148 K HD Audio Background Process Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
procexp.exe 4216 2,168 K 6,736 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PmmUpdate.exe 4600 4,728 K 7,780 K PMM Update Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
MMDx64Fx.exe 4608 3,680 K 2,024 K MMDx64Fx Application Dritek System Inc. (Verified) Dritek System Inc.
lsm.exe 800 3,396 K 2,176 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
LMworker.exe 4672 5,908 K 1,200 K Launch Manager Worker Dritek System Inc. (Verified) Dritek System Inc.
LManager.exe 4352 11,560 K 3,792 K Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
jusched.exe 4780 1,552 K 1,032 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
igfxtray.exe 1216 4,196 K 2,536 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2640 3,920 K 4,292 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3044 4,368 K 2,784 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 3004 3,308 K 2,136 K igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 3384 7,004 K 3,532 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
GREGsvc.exe 1164 1,084 K 736 K Global Registration Service Acer Incorporated (Verified) Acer Incorporated
ePowerSvc.exe 1288 4,072 K 1,716 K ePowerSvc Acer Incorporated (Verified) Acer Incorporated
EgisUpdate.exe 4828 3,488 K 2,040 K EgisUpdate Release Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
DMREngine.exe 4116 5,548 K 1,724 K DMREngine CyberLink (Verified) CyberLink
dllhost.exe 4844 3,328 K 1,876 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
clear.fiMovieService.exe 4680 4,452 K 2,312 K clear.fi Movie Resident Program CyberLink Corp. (Verified) CyberLink
clear.fiAgent.exe 3496 1,960 K 636 K clear.fi Resident Program CyberLink Corp. (Verified) CyberLink
chrome.exe 6064 96,336 K 119,784 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3616 16,912 K 17,308 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1348 18,236 K 16,952 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5928 23,216 K 22,604 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5996 17,952 K 17,320 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 2180 16,524 K 13,856 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 184 4,220 K 10,300 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5732 4,196 K 9,388 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3776 5,844 K 9,772 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 5792 43,976 K 51,096 K Google Chrome Google Inc. (Verified) Google Inc
BtvStack.exe 2888 9,452 K 2,796 K Bluetooth Stack Server Atheros Commnucations (Verified) Atheros Communications Inc.
BackupManagerTray.exe 4652 3,612 K 5,064 K Acer Backup Manager NTI Corporation (Verified) NTI Corporation
AthBtTray.exe 4004 5,252 K 3,664 K Bluetooth Tray Atheros Commnucations (Verified) Atheros Communications Inc.
ApplicationUpdater.exe 1812 3,304 K 3,632 K Application Updater Spigot, Inc. (Verified) Spigot, Inc.
AdminService.exe 1980 2,872 K 1,544 K AdminService Application Atheros Commnucations (Verified) Atheros Communications Inc.


Speccy log:

Summary
Operating System
MS Windows 7 Home Premium 64-bit SP1
CPU
Intel Core i3 380M @ 2.53GHz 50 °C
Arrandale 32nm Technology
RAM
2.00 GB Single-Channel DDR3 @ 532MHz (7-7-7-20)
Motherboard
Acer 53 °C
Graphics
Generic PnP Monitor (1366x768@60Hz)
Intel® HD Graphics
Hard Drives
488GB Hitachi Hitachi HTS545050B9A300 (SATA) 41 °C
Optical Drives
Slimtype DVD A DS8A5SH
Audio
Realtek High Definition Audio
Operating System
MS Windows 7 Home Premium 64-bit SP1
Installation Date: 23 May 2011, 00:07

Windows Security Center
User Account Control (UAC) Disabled
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Windows Defender
Windows Defender Enabled
Environment Variables
USERPROFILE C:\Users\user
SystemRoot C:\Windows
User Variables
TEMP C:\Users\user\AppData\Local\Temp
TMP C:\Users\user\AppData\Local\Temp
Machine Variables
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path C:\Windows\system32
C:\Windows
C:\Windows\system32\wbem
C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
C:\Program Files (x86)\EgisTec MyWinLocker\x64
C:\Program Files (x86)\EgisTec MyWinLocker
C:\Program Files (x86)\Windows Live\Shared
C:\Program Files (x86)\Common Files\Thunder Network\KanKan\Codecs
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\Windows\TEMP
TMP C:\Windows\TEMP
USERNAME SYSTEM
windir C:\Windows
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 4
PROCESSOR_LEVEL 6
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
PROCESSOR_REVISION 2505
Battery
AC line Online
Battery full time Unknown
Battery Charge % Unknown
Battery State No Battery
Amount of time remaining (sec) Unknown
Power Profile
Active power scheme Home/Office Desk
Hibernation Enabled
Power Shutdown Enabled
Power Suspend Enabled
Turn Off Monitor after: (On AC Power) 20 min
Turn Off Monitor after: (On Battery Power) 5 min
Turn Off Hard Disk after: (On AC Power) Never
Turn Off Hard Disk after: (On Battery Power) 10 min
Suspend after: (On AC Power) Never
Suspend after: (On Battery Power) 5 min
Screen saver Enabled
Uptime
Current Session
Current Time 2012/4/19 11:53:43 PM
Current Uptime 20819 sec (0 d, 05 h, 46 m, 59 s)
Last Boot Time 2012/4/19 6:06:44 PM
Last ShutDown Time 2012/4/19 6:06:02 PM
Uptime Statistics
First Boot Time 2012/4/18 6:51:28 PM
First Shutdown Time 2012/4/18 6:50:50 PM
Total Uptime 47683 sec (0 d, 13 h, 14 m, 43 s)
Total Downtime 63632 sec (0 d, 17 h, 40 m, 32 s)
Longest Uptime 20613 sec (0 d, 05 h, 43 m, 33 s)
Longest Downtime 56604 sec (0 d, 15 h, 43 m, 24 s)
Total Reboots 3
System Availability 42.84%
TimeZone
TimeZone GMT +8 Hours
Language Chinese (Simplified)
Country United States
Currency $
Date Format yyyy/M/d
Time Format h:mm:ss tt
Scheduler
2012/4/20 12:02 AM; GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000UA
2012/4/20 12:12 AM; Adobe Flash Player Updater
2012/4/20 12:26 AM; GoogleUpdateTaskMachineUA
2012/4/20 5:02 PM; GoogleUpdateTaskUserS-1-5-21-3948966759-673693716-3023624284-1000Core
2012/4/20 10:26 PM; GoogleUpdateTaskMachineCore
Google Pinyin Daemon
SidebarExecute
Process List
adminservice.exe
Process ID 1980
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
Memory Usage 1.49 MB
Peak Memory Usage 6.51 MB
applicationupdater.exe
Process ID 1812
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
Memory Usage 3.63 MB
Peak Memory Usage 8.50 MB
athbttray.exe
Process ID 4004
User user
Domain user-PC
Path C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
Memory Usage 3.54 MB
Peak Memory Usage 13 MB
audiodg.exe
Process ID 2028
avastsvc.exe
Process ID 1388
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Memory Usage 34 MB
Peak Memory Usage 95 MB
avastui.exe
Process ID 4808
User user
Domain user-PC
Path C:\Program Files\AVAST Software\Avast\AvastUI.exe
Memory Usage 7.59 MB
Peak Memory Usage 27 MB
backupmanagertray.exe
Process ID 4652
User user
Domain user-PC
Path C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
Memory Usage 5.05 MB
Peak Memory Usage 11 MB
btvstack.exe
Process ID 2888
User user
Domain user-PC
Path C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
Memory Usage 2.68 MB
Peak Memory Usage 13 MB
chrome.exe
Process ID 5996
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 17 MB
Peak Memory Usage 41 MB
chrome.exe
Process ID 1348
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 17 MB
Peak Memory Usage 43 MB
chrome.exe
Process ID 3616
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 17 MB
Peak Memory Usage 40 MB
chrome.exe
Process ID 2180
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 14 MB
Peak Memory Usage 40 MB
chrome.exe
Process ID 5732
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 9.16 MB
Peak Memory Usage 33 MB
chrome.exe
Process ID 5792
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 50 MB
Peak Memory Usage 50 MB
chrome.exe
Process ID 6064
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 116 MB
Peak Memory Usage 143 MB
chrome.exe
Process ID 3776
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 9.54 MB
Peak Memory Usage 35 MB
chrome.exe
Process ID 184
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 10 MB
Peak Memory Usage 33 MB
chrome.exe
Process ID 5928
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 22 MB
Peak Memory Usage 49 MB
chrome.exe
Process ID 5240
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 73 MB
Peak Memory Usage 156 MB
chrome.exe
Process ID 5964
User user
Domain user-PC
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Memory Usage 118 MB
Peak Memory Usage 135 MB
clear.fiagent.exe
Process ID 3496
User user
Domain user-PC
Path C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
Memory Usage 628 KB
Peak Memory Usage 6.21 MB
clear.fimovieservice.exe
Process ID 4680
User user
Domain user-PC
Path C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
Memory Usage 2.26 MB
Peak Memory Usage 11 MB
csrss.exe
Process ID 632
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 2.27 MB
Peak Memory Usage 5.42 MB
csrss.exe
Process ID 680
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 16 MB
Peak Memory Usage 25 MB
dllhost.exe
Process ID 4844
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\DllHost.exe
Memory Usage 1.81 MB
Peak Memory Usage 8.15 MB
dmrengine.exe
Process ID 4116
User user
Domain user-PC
Path C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
Memory Usage 1.38 MB
Peak Memory Usage 9.06 MB
dsiwmis.exe
Process ID 1256
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Launch Manager\dsiwmis.exe
Memory Usage 1.38 MB
Peak Memory Usage 6.57 MB
dwm.exe
Process ID 4016
User user
Domain user-PC
Path C:\Windows\system32\Dwm.exe
Memory Usage 28 MB
Peak Memory Usage 49 MB
egisupdate.exe
Process ID 4828
User user
Domain user-PC
Path C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
Memory Usage 2.00 MB
Peak Memory Usage 7.91 MB
epowerevent.exe
Process ID 1588
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
Memory Usage 1.55 MB
Peak Memory Usage 5.87 MB
epowersvc.exe
Process ID 1288
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
Memory Usage 1.66 MB
Peak Memory Usage 8.65 MB
epowertray.exe
Process ID 3416
User user
Domain user-PC
Path C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Memory Usage 2.85 MB
Peak Memory Usage 12 MB
explorer.exe
Process ID 3404
User user
Domain user-PC
Path C:\Windows\Explorer.EXE
Memory Usage 50 MB
Peak Memory Usage 83 MB
gregsvc.exe
Process ID 1164
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
Memory Usage 736 KB
Peak Memory Usage 3.22 MB
hkcmd.exe
Process ID 3384
User user
Domain user-PC
Path C:\Windows\System32\hkcmd.exe
Memory Usage 3.41 MB
Peak Memory Usage 16 MB
iastordatamgrsvc.exe
Process ID 1876
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Memory Usage 5.91 MB
Peak Memory Usage 16 MB
iastoricon.exe
Process ID 4388
User user
Domain user-PC
Path C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Memory Usage 8.07 MB
Peak Memory Usage 21 MB
igfxext.exe
Process ID 3004
User user
Domain user-PC
Path C:\Windows\system32\igfxext.exe
Memory Usage 2.07 MB
Peak Memory Usage 7.33 MB
igfxpers.exe
Process ID 3044
User user
Domain user-PC
Path C:\Windows\System32\igfxpers.exe
Memory Usage 2.68 MB
Peak Memory Usage 11 MB
igfxsrvc.exe
Process ID 2640
User user
Domain user-PC
Path C:\Windows\system32\igfxsrvc.exe
Memory Usage 4.19 MB
Peak Memory Usage 8.41 MB
igfxtray.exe
Process ID 1216
User user
Domain user-PC
Path C:\Windows\System32\igfxtray.exe
Memory Usage 2.46 MB
Peak Memory Usage 8.62 MB
ischedulesvc.exe
Process ID 1940
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
Memory Usage 7.66 MB
Peak Memory Usage 11 MB
jusched.exe
Process ID 4780
User user
Domain user-PC
Path C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Memory Usage 1.00 MB
Peak Memory Usage 5.02 MB
lmanager.exe
Process ID 4352
User user
Domain user-PC
Path C:\Program Files (x86)\Launch Manager\LManager.exe
Memory Usage 3.69 MB
Peak Memory Usage 14 MB
lms.exe
Process ID 1524
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Memory Usage 2.08 MB
Peak Memory Usage 5.31 MB
lmworker.exe
Process ID 4672
User user
Domain user-PC
Path C:\Program Files (x86)\Launch Manager\LMworker.exe
Memory Usage 1.19 MB
Peak Memory Usage 5.02 MB
lsass.exe
Process ID 792
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsass.exe
Memory Usage 5.86 MB
Peak Memory Usage 14 MB
lsm.exe
Process ID 800
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsm.exe
Memory Usage 2.10 MB
Peak Memory Usage 5.39 MB
mmdx64fx.exe
Process ID 4608
User user
Domain user-PC
Path C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
Memory Usage 1.96 MB
Peak Memory Usage 6.77 MB
nobuagent.exe
Process ID 1456
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
Memory Usage 1.66 MB
Peak Memory Usage 6.89 MB
pmmupdate.exe
Process ID 4600
User user
Domain user-PC
Path C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
Memory Usage 7.68 MB
Peak Memory Usage 10 MB
pnkbstra.exe
Process ID 1508
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\SysWOW64\PnkBstrA.exe
Memory Usage 1.11 MB
Peak Memory Usage 4.71 MB
procexp.exe
Process ID 4216
User user
Domain user-PC
Path C:\Users\user\Desktop\procexp.exe
Memory Usage 6.64 MB
Peak Memory Usage 6.64 MB
procexp64.exe
Process ID 1224
User user
Domain user-PC
Path C:\Users\user\Desktop\procexp64.exe
Memory Usage 40 MB
Peak Memory Usage 81 MB
ravbg64.exe
Process ID 3432
User user
Domain user-PC
Path C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Memory Usage 3.03 MB
Peak Memory Usage 12 MB
ravcpl64.exe
Process ID 3000
User user
Domain user-PC
Path C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Memory Usage 3.44 MB
Peak Memory Usage 15 MB
searchfilterhost.exe
Process ID 1372
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchFilterHost.exe
Memory Usage 8.71 MB
Peak Memory Usage 8.81 MB
searchindexer.exe
Process ID 2264
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchIndexer.exe
Memory Usage 28 MB
Peak Memory Usage 42 MB
searchprotocolhost.exe
Process ID 3440
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\SearchProtocolHost.exe
Memory Usage 12 MB
Peak Memory Usage 12 MB
services.exe
Process ID 784
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\services.exe
Memory Usage 6.25 MB
Peak Memory Usage 18 MB
smss.exe
Process ID 456
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 528 KB
Peak Memory Usage 1.23 MB
speccy64.exe
Process ID 5280
User user
Domain user-PC
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 27 MB
Peak Memory Usage 27 MB
spoolsv.exe
Process ID 1580
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\spoolsv.exe
Memory Usage 2.99 MB
Peak Memory Usage 13 MB
suitetray.exe
Process ID 752
User user
Domain user-PC
Path C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
Memory Usage 1.66 MB
Peak Memory Usage 5.78 MB
svchost.exe
Process ID 2712
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 2.32 MB
Peak Memory Usage 7.82 MB
svchost.exe
Process ID 4432
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 8.33 MB
Peak Memory Usage 17 MB
svchost.exe
Process ID 904
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 4.70 MB
Peak Memory Usage 11 MB
svchost.exe
Process ID 240
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 20 MB
Peak Memory Usage 30 MB
svchost.exe
Process ID 1232
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 10 MB
Peak Memory Usage 20 MB
svchost.exe
Process ID 1004
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 5.55 MB
Peak Memory Usage 10 MB
svchost.exe
Process ID 1120
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 9.22 MB
Peak Memory Usage 20 MB
svchost.exe
Process ID 676
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 26 MB
Peak Memory Usage 242 MB
svchost.exe
Process ID 640
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 54 MB
Peak Memory Usage 96 MB
svchost.exe
Process ID 1632
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 11 MB
Peak Memory Usage 20 MB
svchost.exe
Process ID 2244
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\SysWOW64\svchost.exe
Memory Usage 3.19 MB
Peak Memory Usage 7.34 MB
svchost.exe
Process ID 2648
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 8.84 MB
Peak Memory Usage 25 MB
svchost.exe
Process ID 2160
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 25 MB
Peak Memory Usage 43 MB
system
Process ID 4
system idle process
Process ID 0
taskeng.exe
Process ID 3600
User user
Domain user-PC
Path C:\Windows\system32\taskeng.exe
Memory Usage 3.53 MB
Peak Memory Usage 8.68 MB
taskhost.exe
Process ID 5880
User user
Domain user-PC
Path C:\Windows\system32\taskhost.exe
Memory Usage 7.00 MB
Peak Memory Usage 14 MB
taskhost.exe
Process ID 3456
User user
Domain user-PC
Path C:\Windows\system32\taskhost.exe
Memory Usage 3.91 MB
Peak Memory Usage 12 MB
uns.exe
Process ID 2676
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
Memory Usage 2.64 MB
Peak Memory Usage 9.27 MB
unsecapp.exe
Process ID 3152
User user
Domain user-PC
Path C:\Windows\system32\wbem\unsecapp.exe
Memory Usage 2.70 MB
Peak Memory Usage 7.66 MB
updaterservice.exe
Process ID 2140
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Acer\Acer Updater\UpdaterService.exe
Memory Usage 1.52 MB
Peak Memory Usage 4.25 MB
wininit.exe
Process ID 688
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wininit.exe
Memory Usage 1.17 MB
Peak Memory Usage 5.80 MB
winlogon.exe
Process ID 736
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\winlogon.exe
Memory Usage 1.83 MB
Peak Memory Usage 9.36 MB
wlidsvc.exe
Process ID 2192
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Memory Usage 4.34 MB
Peak Memory Usage 18 MB
wlidsvcm.exe
Process ID 2404
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Memory Usage 1.07 MB
Peak Memory Usage 4.42 MB
wmiprvse.exe
Process ID 1068
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 4.32 MB
Peak Memory Usage 8.14 MB
wmiprvse.exe
Process ID 6136
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 11 MB
Peak Memory Usage 11 MB
wmpnetwk.exe
Process ID 2664
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 12 MB
Peak Memory Usage 30 MB
wuauclt.exe
Process ID 556
User user
Domain user-PC
Path C:\Windows\system32\wuauclt.exe
Memory Usage 1.76 MB
Peak Memory Usage 8.16 MB
Hotfixes
2012/4/18 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/17 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/17 Definition Update for Windows Defender - KB915597 (Definition 1.123.1936.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/4/17 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/16 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/16 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/14 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/13 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/4/13 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/13 Update for Windows 7 for x64-based Systems (KB2679255)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/13 Windows Malicious Software Removal Tool x64 - April 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2012/4/13 Definition Update for Windows Defender - KB915597 (Definition 1.123.1683.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/4/13 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656373)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/4/13 Update for Microsoft Office 2007 suites (KB2598306)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2012/4/13 Security Update for Microsoft Office 2007 suites (KB2598041)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2012/4/13 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/13 Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2675157)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2012/4/13 Security Update for Microsoft Office 2007 suites (KB2596871)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2012/4/13 Security Update for Windows 7 for x64-based Systems (KB2653956)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/4/12 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/4/12 Update for Windows 7 for x64-based Systems (KB2679255)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/12 Windows Malicious Software Removal Tool x64 - April 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2012/4/12 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/4/12 Update for Windows 7 for x64-based Systems (KB2679255)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/12 Windows Malicious Software Removal Tool x64 - April 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2012/4/11 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/10 Definition Update for Windows Defender - KB915597 (Definition 1.123.1430.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/4/10 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/8 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/7 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/6 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/6 Definition Update for Windows Defender - KB915597 (Definition 1.123.1222.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/4/6 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/4 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/4 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/4 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
2012/4/3 Definition Update for Windows Defender - KB915597 (Definition 1.123.978.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/4/2 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/2 Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2600217)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
2012/4/2 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/4/1 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/30 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/30 Windows Internet Explorer 9 for Windows 7 for x64-based Systems
Windows Internet Explorer 9 delivers web sites and applications
that look and perform like native PC applications through the
power of Windows.

Fast: Internet Explorer 9 is all-around fast.
Designed to take full advantage of your PC’s hardware through
Windows, Internet Explorer 9 delivers graphically rich and immersive
experiences that are as fast and responsive as native applications
installed on your PC.

Clean: Internet Explorer puts the focus
on the Web sites you love with a clean look and increased viewing
area that makes your Web sites shine. Intuitive and seamless
integration with Windows 7 provides one-click access to Web applications
pinned directly to your Taskbar.

Trusted: Internet Explorer
is the trusted way to the Web because it has a robust set of
built-in security, privacy and reliability technologies that
keep you safer and your browsing experience uninterrupted.


Interoperable: Support for HTML5 and modern Web standards architected
to take advantage of the GPU means that the same mark-up not
only works across the Web, but runs faster and delivers a richer
experience through Windows and Internet Explorer 9.
2012/3/30 Definition Update for Windows Defender - KB915597 (Definition 1.123.738.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/30 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/29 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/27 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/27 The 2007 Microsoft Office Suite Service Pack 3 (SP3)
Service Pack 3 provides the latest updates to the 2007 Microsoft
Office Suite. This update also applies to Microsoft Office Project,
Microsoft Office SharePoint Designer, Microsoft Office Visio,
and Visual Web Developer.
2012/3/27 Definition Update for Windows Defender - KB915597 (Definition 1.123.449.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/27 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/26 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/26 Security Update for Windows 7 for x64-based Systems (KB2667402)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2012/3/26 Update for Office File Validation 2010 (KB2553065), 32-bit Edition
Microsoft has released an update for Microsoft Office File Validation
2010, 32-bit Edition. This update provides the latest fixes to
Microsoft Office File Validation 2010, 32-bit Edition. Additionally,
this update contains stability and performance improvements.
2012/3/26 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/26 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2633873)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/26 Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2518869)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2012/3/26 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2572077)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/25 Security Update for Windows 7 for x64-based Systems (KB2560656)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/25 Update for Windows 7 for x64-based Systems (KB2547666)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/25 Security Update for Windows 7 for x64-based Systems (KB2667402)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2012/3/25 Update for Windows 7 for x64-based Systems (KB2545698)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/25 Update for Windows 7 for x64-based Systems (KB2541014)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/25 Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845)
This Compatibility View List update helps make Web sites that
are designed for older browsers look better in Internet Explorer
8. When users install Internet Explorer 8, they will be given
a choice about opting-in to a list of sites that should be displayed
in Compatibility View. After you install this item, you may have
to restart Internet Explorer.
2012/3/25 Update for Windows 7 for x64-based Systems (KB2529073)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/25 Update for Windows 7 for x64-based Systems (KB982018)
This is a reliability update. This update resolves some performance
and reliability issues in Windows. By applying this update, you
can achieve better performance and responsiveness in various
scenarios. For more information please see the Knowledge Base
article. After you install this item, you may have to restart
your computer.
2012/3/25 Security Update for Windows 7 for x64-based Systems (KB2654428)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/24 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/24 Windows Malicious Software Removal Tool x64 - March 2012 (KB890830)
After the download, this tool runs one time to check your computer
for infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that
is found. If an infection is found, the tool will display a status
report the next time that you start your computer. A new version
of the tool will be offered every month. If you want to manually
run the tool on your computer, you can download a copy from the
Microsoft Download Center, or you can run an online version from
microsoft.com. This tool is not a replacement for an antivirus
product. To help protect your computer, you should use an antivirus
product.
2012/3/24 Microsoft Office File Validation Add-in
Microsoft Office File Validation is a security add-in for Office
2003 and 2007. Office File Validation is used to validate that
Binary File Format files conform to the Microsoft Office File
Format. The user will be notified of possible security risks
if files fail to conform to the format.
2012/3/24 Windows 7 Service Pack 1 for x64-based Systems (KB976932)
Windows 7 Service Pack 1 is a recommended collection of updates
and improvements to Windows that are combined into a single installable
update. The service pack can help make your computer safer and
more reliable. A typical installation will take about 30 minutes
to complete, and you will have to restart your computer about
halfway through the process.
2012/3/23 Definition Update for Windows Defender - KB915597 (Definition 1.123.212.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/20 Definition Update for Windows Defender - KB915597 (Definition 1.121.1871.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/17 Definition Update for Windows Defender - KB915597 (Definition 1.121.1660.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/14 Security Update for Windows 7 for x64-based Systems (KB2641653)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/14 Security Update for Windows 7 for x64-based Systems (KB2667402)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2012/3/14 Security Update for Windows 7 for x64-based Systems (KB2665364)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected application to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2012/3/14 Update for Windows 7 for x64-based Systems (KB2639308)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/3/14 Security Update for Windows 7 for x64-based Systems (KB2621440)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/3/14 Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2647518)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
2012/3/14 Update for Microsoft Office 2007 suites (KB2597970)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2012/3/13 Definition Update for Windows Defender - KB915597 (Definition 1.121.1421.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/9 Definition Update for Windows Defender - KB915597 (Definition 1.121.1200.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/7 Definition Update for Windows Defender - KB915597 (Definition 1.121.966.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/3/2 Definition Update for Windows Defender - KB915597 (Definition 1.121.737.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/28 Definition Update for Windows Defender - KB915597 (Definition 1.121.548.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/24 Definition Update for Windows Defender - KB915597 (Definition 1.121.303.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/21 Definition Update for Windows Defender - KB915597 (Definition 1.121.61.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/17 Definition Update for Windows Defender - KB915597 (Definition 1.119.2141.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/16 Security Update for Microsoft Silverlight (KB2668562)
This security update to Silverlight includes fixes outlined in
KBs 2651026 and 2668562. This update is backward compatible with
web applications built using previous versions of Silverlight.
2012/2/16 Update for Windows 7 for x64-based Systems (KB2640148)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/2/16 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2633870)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/2/16 Update for Windows 7 for x64-based Systems (KB2660075)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/2/16 Security Update for Windows 7 for x64-based Systems (KB2660465)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/2/16 Security Update for Windows 7 for x64-based Systems (KB2645640)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/2/16 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2633879)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/2/16 Update for Microsoft Office 2007 suites (KB2597998)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2012/2/16 Security Update for Microsoft Silverlight (KB2668562)
This security update to Silverlight includes fixes outlined in
KBs 2651026 and 2668562. This update is backward compatible with
web applications built using previous versions of Silverlight.
2012/2/16 Security Update for Windows 7 for x64-based Systems (KB2654428)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/2/16 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2647516)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2012/2/15 Definition Update for Windows Defender - KB915597 (Definition 1.119.1924.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/14 Definition Update for Windows Defender - KB915597 (Definition 1.119.1924.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/10 Definition Update for Windows Defender - KB915597 (Definition 1.119.1683.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/8 Definition Update for Windows Defender - KB915597 (Definition 1.119.1519.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/7 Definition Update for Windows Defender - KB915597 (Definition 1.119.1449.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/2/3 Definition Update for Windows Defender - KB915597 (Definition 1.119.1249.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/31 Definition Update for Windows Defender - KB915597 (Definition 1.119.978.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/27 Definition Update for Windows Defender - KB915597 (Definition 1.119.772.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/24 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system with Microsoft Visual
C++ 2005 Service Pack 1 Redistributable Package and gain complete
control over it. You can help protect your computer by installing
this update from Microsoft. After you install this item, you
may have to restart your computer.
2012/1/24 Definition Update for Windows Defender - KB915597 (Definition 1.119.477.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/20 Definition Update for Windows Defender - KB915597 (Definition 1.119.236.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/18 Definition Update for Windows Defender - KB915597 (Definition 1.117.3022.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/13 Definition Update for Windows Defender - KB915597 (Definition 1.117.2807.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/12 Security Update for Windows 7 for x64-based Systems (KB2585542)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
2012/1/12 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656351)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/1/11 Security Update for Windows 7 for x64-based Systems (KB2631813)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/1/11 Update for Windows 7 for x64-based Systems (KB2632503)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2012/1/11 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/1/11 Update for Microsoft Office 2007 suites (KB2596686)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2012/1/11 Security Update for Windows 7 for x64-based Systems (KB2644615)
A security issue has been identified that could allow an attacker
to break or bypass a security feature in the affected software.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2012/1/11 Security Update for Windows 7 for x64-based Systems (KB2584146)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2012/1/10 Definition Update for Windows Defender - KB915597 (Definition 1.117.2549.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/6 Definition Update for Windows Defender - KB915597 (Definition 1.117.2358.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2012/1/3 Definition Update for Windows Defender - KB915597 (Definition 1.117.2154.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/30 Definition Update for Windows Defender - KB915597 (Definition 1.117.1973.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/27 Definition Update for Windows Defender - KB915597 (Definition 1.117.1787.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/23 Definition Update for Windows Defender - KB915597 (Definition 1.117.1627.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/20 Definition Update for Windows Defender - KB915597 (Definition 1.117.1411.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/16 Definition Update for Windows Defender - KB915597 (Definition 1.117.1189.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/14 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2618444)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/12/14 Security Update for Microsoft Office PowerPoint 2007 (KB2596764)
A security vulnerability exists in Microsoft Office PowerPoint
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/12/14 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
2011/12/14 Security Update for Windows 7 for x64-based Systems (KB2620712)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/12/14 Security Update for Microsoft Office PowerPoint 2007 (KB2596912)
A security vulnerability exists in Microsoft Office PowerPoint
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/12/14 Update for Microsoft Office Excel 2007 (KB2596596)
Microsoft has released an update for Microsoft Office Excel 2007
. This update provides the latest fixes to Microsoft Office Excel
2007 . Additionally, this update contains stability and performance
improvements.
2011/12/14 Security Update for Microsoft Office Publisher 2007 (KB2596705)
A security vulnerability exists in Microsoft Office Publisher
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/12/14 Security Update for Microsoft Office 2007 suites (KB2596785)
A security vulnerability exists in Microsoft Office 2007 suites
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/12/14 Update for Microsoft Office 2007 suites (KB2596651)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2011/12/14 Security Update for Windows 7 for x64-based Systems (KB2639417)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/12/14 Update for Microsoft Office 2007 suites (KB2596789)
Microsoft has released an update for Microsoft Office 2007 suites
. This update provides the latest fixes to Microsoft Office 2007
suites . Additionally, this update contains stability and performance
improvements.
2011/12/14 Security Update for Windows 7 for x64-based Systems (KB2619339)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/12/14 Update for Windows 7 for x64-based Systems (KB2633952)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2012. After you install this item, you
may have to restart your computer.
2011/12/13 Definition Update for Windows Defender - KB915597 (Definition 1.117.953.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/9 Definition Update for Windows Defender - KB915597 (Definition 1.117.692.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/8 Definition Update for Windows Defender - KB915597 (Definition 1.117.614.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/6 Definition Update for Windows Defender - KB915597 (Definition 1.117.433.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/12/2 Definition Update for Windows Defender - KB915597 (Definition 1.117.154.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/29 Definition Update for Windows Defender - KB915597 (Definition 1.115.2785.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/25 Definition Update for Windows Defender - KB915597 (Definition 1.115.2571.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/22 Definition Update for Windows Defender - KB915597 (Definition 1.115.2351.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/18 Definition Update for Windows Defender - KB915597 (Definition 1.115.2100.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/15 Definition Update for Windows Defender - KB915597 (Definition 1.115.1923.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/14 Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/11/11 Update for Windows 7 for x64-based Systems (KB2641690)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
2011/11/11 Definition Update for Windows Defender - KB915597 (Definition 1.115.1674.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/9 Security Update for Windows 7 for x64-based Systems (KB2620704)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/11/9 Security Update for Windows 7 for x64-based Systems (KB2588516)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/11/9 Security Update for Windows 7 for x64-based Systems (KB2617657)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2011/11/8 Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/11/8 Definition Update for Windows Defender - KB915597 (Definition 1.115.1462.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/11/4 Definition Update for Windows Defender - KB915597 (Definition 1.115.1237.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/28 Definition Update for Windows Defender - KB915597 (Definition 1.115.766.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/27 Update for Windows 7 for x64-based Systems (KB2603229)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/10/27 Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845)
This Compatibility View List update helps make Web sites that
are designed for older browsers look better in Internet Explorer
8. When users install Internet Explorer 8, they will be given
a choice about opting-in to a list of sites that should be displayed
in Compatibility View. After you install this item, you may have
to restart Internet Explorer.
2011/10/25 Definition Update for Windows Defender - KB915597 (Definition 1.115.502.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/21 Definition Update for Windows Defender - KB915597 (Definition 1.115.250.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/18 Definition Update for Windows Defender - KB915597 (Definition 1.113.1886.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/14 Definition Update for Windows Defender - KB915597 (Definition 1.113.1652.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/12 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2572076)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/10/12 Security Update for Microsoft Silverlight (KB2617986)
This security update to Silverlight includes fixes outlined in
KBs 2604930 and 2617986. This update is backward compatible with
web applications built using previous versions of Silverlight.
2011/10/12 Security Update for Windows 7 for x64-based Systems (KB2567053)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/10/12 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2586448)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/10/12 Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2572078)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/10/12 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2596560)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 with a more current definition of which e-mail messages
should be considered junk e-mail.
2011/10/12 Security Update for Windows 7 for x64-based Systems (KB2579686)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/10/12 Security Update for Windows 7 for x64-based Systems (KB2564958)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/10/12 Definition Update for Windows Defender - KB915597 (Definition 1.113.1466.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/11 Definition Update for Windows Defender - KB915597 (Definition 1.113.1394.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/8 Definition Update for Windows Defender - KB915597 (Definition 1.113.1136.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/7 Definition Update for Windows Defender - KB915597 (Definition 1.113.1136.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/10/4 Definition Update for Windows Defender - KB915597 (Definition 1.113.874.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/30 Definition Update for Windows Defender - KB915597 (Definition 1.113.631.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/27 Definition Update for Windows Defender - KB915597 (Definition 1.113.359.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/23 Definition Update for Windows Defender - KB915597 (Definition 1.113.126.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/20 Definition Update for Windows Defender - KB915597 (Definition 1.111.2630.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/18 Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871)
Install this update to resolve issues in Microsoft .NET Framework
4. For a complete listing of the issues that are included in
this update, see the associated Microsoft Knowledge Base article
for more information. After you install this item, you may have
to restart your computer.
2011/9/18 Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)
This update addresses stability, reliability, and performance
issues in Microsoft .NET Framework 4. After you install this
item, you may have to restart your computer.
2011/9/16 Definition Update for Windows Defender - KB915597 (Definition 1.111.2389.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/15 Security Update for Microsoft Office 2007 System (KB2553090)
A security vulnerability exists in Microsoft Office 2007 System
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/9/15 Security Update for Microsoft Office Excel 2007 (KB2553073)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/9/15 Security Update for Microsoft Office Groove 2007 (KB2552997)
A security vulnerability exists in Microsoft Groove 2007 that
could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/9/15 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2553110)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 with a more current definition of which e-mail messages
should be considered junk e-mail.
2011/9/15 Security Update for Windows 7 for x64-based Systems (KB2570947)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/9/15 Security Update for Microsoft Office 2007 System (KB2553089)
A security vulnerability exists in Microsoft Office 2007 System
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/9/15 Security Update for the 2007 Microsoft Office System (KB2553074)
A security vulnerability exists in the 2007 Microsoft Office
System and the Microsoft Office Compatibility Pack that could
allow arbitrary code to run when a maliciously modified file
is opened. This update resolves that vulnerability.
2011/9/15 Update for Microsoft Office Outlook 2007 (KB2583910)
Microsoft has released an update for Microsoft Office Outlook
2007. This update provides the latest fixes to Microsoft Office
Outlook 2007. Additionally, this update contains stability and
performance improvements.
2011/9/15 Security Update for Microsoft Office 2007 System (KB2584063)
A security vulnerability exists in Microsoft Office 2007 System
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/9/15 Update for Windows 7 for x64-based Systems (KB2616676)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
2011/9/13 Definition Update for Windows Defender - KB915597 (Definition 1.111.2089.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/10 Security Update for Microsoft Visual C++ 2010 Redistributable Package (KB2467173)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/9/9 Definition Update for Windows Defender - KB915597 (Definition 1.111.1823.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/7 Update for Windows 7 for x64-based Systems (KB2607712)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
2011/9/6 Definition Update for Windows Defender - KB915597 (Definition 1.111.1554.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/9/2 Definition Update for Windows Defender - KB915597 (Definition 1.111.1301.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/30 Definition Update for Windows Defender - KB915597 (Definition 1.111.1045.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/28 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2416472)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
2011/8/28 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2487367)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
2011/8/26 Definition Update for Windows Defender - KB915597 (Definition 1.111.775.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/24 Update for Windows 7 for x64-based Systems (KB2570791)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2011. After you install this item, you
may have to restart your computer.
2011/8/24 Definition Update for Windows Defender - KB915597 (Definition 1.111.490.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/19 Definition Update for Windows Defender - KB915597 (Definition 1.111.216.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/18 Definition Update for Windows Defender - KB915597 (Definition 1.111.35.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/16 Definition Update for Windows Defender - KB915597 (Definition 1.109.1918.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/12 Definition Update for Windows Defender - KB915597 (Definition 1.109.1657.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/11 Update for Windows 7 for x64-based Systems (KB2563227)
Install this update to resolve performance and reliability issues
in Windows. By applying this update, you can achieve better performance
and responsiveness in various scenarios. For a complete listing
of the issues that are included in this update, see the associated
Microsoft Knowledge Base article for more information. After
you install this item, you may have to restart your computer.
2011/8/11 Security Update for Windows 7 for x64-based Systems (KB2560656)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/8/11 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2586924)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 with a more current definition of which e-mail messages
should be considered junk e-mail.
2011/8/11 Security Update for Windows 7 for x64-based Systems (KB2536276)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/8/11 Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2562937)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
2011/8/11 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2539634)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
2011/8/11 Security Update for Windows 7 for x64-based Systems (KB2567680)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/8/11 Security Update for Windows 7 for x64-based Systems (KB2563894)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2011/8/11 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2539636)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
2011/8/11 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2559049)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/8/11 Security Update for Windows 7 for x64-based Systems (KB2556532)
A security issue has been identified that could allow an authenticated
local attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2011/8/11 Definition Update for Windows Defender - KB915597 (Definition 1.109.1371.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/9 Games for Windows Software V3.5
This release is the latest version of the Games for Windows software,
which includes an updated version of the Games for Windows Marketplace
client and the Games for Windows – LIVE in-game experience.
This is a minor update that improves the downloading capabilities
and includes fixes to improve overall stability and reliability.
For more details on what’s included in this update, please click
on the “More Information” link below.
2011/8/9 Definition Update for Windows Defender - KB915597 (Definition 1.109.1136.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/5 Definition Update for Windows Defender - KB915597 (Definition 1.109.1136.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/8/2 Definition Update for Windows Defender - KB915597 (Definition 1.109.869.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/29 Definition Update for Windows Defender - KB915597 (Definition 1.109.625.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/26 Definition Update for Windows Defender - KB915597 (Definition 1.109.351.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/22 Definition Update for Windows Defender - KB915597 (Definition 1.109.116.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/19 Definition Update for Windows Defender - KB915597 (Definition 1.107.2067.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/15 Definition Update for Windows Defender - KB915597 (Definition 1.107.1837.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/13 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2553975)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 with a more current definition of which e-mail messages
should be considered junk e-mail.
2011/7/13 Security Update for Windows 7 for x64-based Systems (KB2507938)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/7/13 Update for Windows 7 for x64-based Systems (KB2529073)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/7/13 Security Update for Windows 7 for x64-based Systems (KB2532531)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/7/13 Security Update for Windows 7 for x64-based Systems (KB2555917)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/7/13 Update for Windows 7 for x64-based Systems (KB982018)
This is a reliability update. This update resolves some performance
and reliability issues in Windows. By applying this update, you
can achieve better performance and responsiveness in various
scenarios. For more information please see the Knowledge Base
article. After you install this item, you may have to restart
your computer.
2011/7/13 Update for Windows 7 for x64-based Systems (KB2533623)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/7/12 Definition Update for Windows Defender - KB915597 (Definition 1.107.1567.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/8 Definition Update for Windows Defender - KB915597 (Definition 1.107.1308.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/5 Definition Update for Windows Defender - KB915597 (Definition 1.107.1036.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/7/1 Definition Update for Windows Defender - KB915597 (Definition 1.107.834.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/29 Update for Windows 7 for x64-based Systems (KB2552343)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/6/29 Update for Windows 7 for x64-based Systems (KB2547666)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/6/29 Update for Windows 7 for x64-based Systems (KB2545698)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/6/28 Definition Update for Windows Defender - KB915597 (Definition 1.107.553.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/24 Definition Update for Windows Defender - KB915597 (Definition 1.107.328.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/21 Definition Update for Windows Defender - KB915597 (Definition 1.107.49.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/18 Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/6/18 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2518870)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/6/18 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2478663)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/6/18 Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2478661)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/6/17 Definition Update for Windows Defender - KB915597 (Definition 1.105.2171.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/16 Security Update for Microsoft Office InfoPath 2007 (KB2510061)
A security vulnerability exists in Microsoft Office InfoPath
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2535512)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/6/16 Security Update for Microsoft Office Excel 2007 (KB2541007)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/6/16 Update for Microsoft Office 2007 System (KB2539530)
Microsoft has released an update for Microsoft Office 2007 System.
This update provides the latest fixes to Microsoft Office 2007
System. Additionally, this update adds support for the new Indian
rupee currency symbol.
2011/6/16 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2503665)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/6/16 Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2544521)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2536276)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/6/16 Security Update for Microsoft Silverlight (KB2512827)
This security update to Silverlight includes fixes outlined in
KBs 2514842 and 2512827. This update is backward compatible with
web applications built using previous versions of Silverlight.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2525694)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/6/16 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2530548)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/6/16 Security Update for the 2007 Microsoft Office System (KB2541012)
A security vulnerability exists in the 2007 Microsoft Office
System and the Microsoft Office Compatibility Pack that could
allow arbitrary code to run when a maliciously modified file
is opened. This update resolves that vulnerability.
2011/6/16 Update for Windows 7 for x64-based Systems (KB2488113)
This is a reliability update. This update resolves some performance
and reliability issues in Windows. By applying this update, you
can achieve better performance and responsiveness in various
scenarios. For more information please see the Knowledge Base
article. After you install this item, you may have to restart
your computer.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2536275)
A security issue has been identified that could allow an unauthenticated
remote attacker to cause the affected system to stop responding.
You can help protect your system by installing this update from
Microsoft. After you install this update, you may have to restart
your system.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2476490)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/6/16 Security Update for Windows 7 for x64-based Systems (KB2544893)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
2011/6/16 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/6/14 Definition Update for Windows Defender - KB915597 (Definition 1.105.1913.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/10 Definition Update for Windows Defender - KB915597 (Definition 1.105.1687.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/7 Definition Update for Windows Defender - KB915597 (Definition 1.105.1413.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/6/3 Definition Update for Windows Defender - KB915597 (Definition 1.105.1184.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/5/31 Definition Update for Windows Defender - KB915597 (Definition 1.105.929.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/5/27 Definition Update for Windows Defender - KB915597 (Definition 1.105.646.0)
Install this update to revise the definition files used to detect
spyware and other potentially unwanted software. Once you have
installed this item, it cannot be removed.
2011/5/26 Update for Windows 7 for x64-based Systems (KB2505438)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/26 Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2467175)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/5/26 Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2467174)
A security issue has been identified leading to MFC application
vulnerability in DLL planting due to MFC not specifying the full
path to system/localization DLLs. You can protect your computer
by installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/5/26 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2446708)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/5/25 Update for Microsoft Office Outlook 2007 (KB2509470)
Microsoft has released an update for Microsoft Office Outlook
2007. This update provides the latest fixes to Microsoft Office
Outlook 2007. Additionally, this update contains stability and
performance improvements.
2011/5/25 Security Update for Microsoft Office Excel 2007 (KB2464583)
A security vulnerability exists in Microsoft Office Excel 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Microsoft Office Publisher 2007 (KB2284697)
A security vulnerability exists in Microsoft Office Publisher
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Update for Microsoft Office OneNote 2007 (KB980729)
Microsoft has released an update for Microsoft Office OneNote
2007. This update provides the latest fixes to Microsoft Office
OneNote 2007. Additionally, this update contains stability and
performance improvements.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB2345043)
A security vulnerability exists in the 2007 Microsoft Office
System and the Microsoft Office Compatibility Pack that could
allow arbitrary code to run when a maliciously modified file
is opened. This update resolves that vulnerability.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB2288621)
A security vulnerability exists in the 2007 Microsoft Office
System that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
A security vulnerability exists in Microsoft Office PowerPoint
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Microsoft Office Word 2007 (KB2344993)
A security vulnerability exists in Microsoft Office Word 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/5/25 Update for Windows 7 for x64-based Systems (KB2541014)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/25 Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
A security vulnerability exists in Microsoft Office Visio Viewer
2007 that could allow arbitrary code to run when a maliciously
modified web page is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Microsoft Office InfoPath 2007 (KB979441)
A security vulnerability exists in Microsoft Office InfoPath
2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB972581)
A security vulnerability exists in the 2007 Microsoft Office
System that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves the vulnerability
so that the 2007 Microsoft Office System documents are handled
appropriately.
2011/5/25 Security Update for Microsoft Office 2007 System (KB2509488)
A security vulnerability exists in Microsoft Office 2007 System
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Microsoft Office Access 2007 (KB979440)
A security vulnerability exists in Microsoft Office Access 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB976321)
A security vulnerability exists in the 2007 Microsoft Office
System that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB969559)
A security vulnerability exists in the 2007 Microsoft Office
System that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves the vulnerability
so that the 2007 Microsoft Office System documents are handled
appropriately.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB2466156)
A security vulnerability exists in the 2007 Microsoft Office
System and the Microsoft Office Compatibility Pack that could
allow arbitrary code to run when a maliciously modified file
is opened. This update resolves that vulnerability.
2011/5/25 Security Update for the 2007 Microsoft Office System (KB974234)
This update resolves a problem that can cause programs that use
the Outlook View Control with Forms 2.0, such as Microsoft Office
Outlook with Business Contact Manager, to stop functioning as
expected after Security Update for Microsoft Office Outlook 2007
(KB972363) is installed.
2011/5/25 Security Update for Microsoft Office 2007 System (KB2288931)
A security vulnerability exists in the 2007 Microsoft Office
System that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Update for the 2007 Microsoft Office System (KB2284654)
Microsoft has released an update for 2007 Microsoft Office System.
This update is an accumulation of the latest fixes, including
solutions for stability and performance with Visual Studio.
2011/5/25 Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
A security vulnerability exists in Microsoft Office PowerPoint
Viewer 2007 that could allow arbitrary code to run when a maliciously
modified file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Groove 2007 (KB2494047)
A security vulnerability exists in Microsoft Groove 2007 that
could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/5/25 Security Update for Microsoft Office Outlook 2007 (KB2288953)
A security vulnerability exists in Microsoft Office Outlook 2007
that could allow arbitrary code to run when a maliciously modified
file is opened. This update resolves that vulnerability.
2011/5/25 Microsoft .NET Framework 4 Client Profile for Windows 7 x64-based Systems (KB982670)
The Microsoft .NET Framework 4 Client Profile provides a subset
of features from the .NET Framework 4. The Client Profile is
designed to run client applications and to enable the fastest
possible deployment for Windows Presentation Foundation (WPF)
and Windows Forms technology.
2011/5/24 Update for Microsoft Office PowerPoint 2007 Help (KB963669)
This update installs the latest assistance content for the Microsoft
Office PowerPoint 2007 Help file and the Office PowerPoint 2007
Developer Help file.
2011/5/24 Update for Microsoft Office Word 2007 Help (KB963665)
This update installs the latest assistance content for the Microsoft
Office Word 2007 Help file and the Office Word 2007 Developer
Help file.
2011/5/24 Update for Microsoft Office Outlook 2007 Help (KB963677)
This update installs the latest assistance content for the Microsoft
Office Outlook 2007 Help file and the Office Outlook 2007 Developer
Help file.
2011/5/24 Update for Microsoft Office Excel 2007 Help (KB963678)
This update installs the latest assistance content for the Microsoft
Office Excel 2007 Help file and the Office Excel 2007 Developer
Help file.
2011/5/24 The 2007 Microsoft Office Suite Service Pack 2 (SP2)
Service Pack 2 provides the latest updates to the 2007 Microsoft
Office Suite. This update also applies to Microsoft Office Project,
Microsoft Office SharePoint Designer, Microsoft Expression Web,
Microsoft Office Visio, and Visual Web Developer.
2011/5/24 Update for Microsoft Office OneNote 2007 Help (KB963670)
This update installs the latest assistance content for the Microsoft
Office OneNote 2007 Help file.
2011/5/24 Update for Microsoft Office Publisher 2007 Help (KB963667)
This update installs the latest assistance content for the Microsoft
Office Publisher 2007 Help file and the Office Publisher 2007
Developer Help file.
2011/5/24 Security Update for Microsoft Office 2007 (KB951550)
A security vulnerability exists in Microsoft Office 2007 that
could allow information disclosure. This update resolves that
issue.
2011/5/24 Update for Microsoft Silverlight (KB2526954)
This update to Silverlight improves security, reliability, accessibility
support, startup performance, enhances line-of-business support
and includes several fixes to better support rich internet applications.
This update is backward compatible with web applications built
using previous versions of Silverlight.
2011/5/24 Update for Microsoft Office Access 2007 Help (KB963663)
This update installs the latest assistance content for the Microsoft
Office Access 2007 Help file and the Office Access 2007 Developer
Help file.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2425227)
A security issue has been identified that could allow an attacker
to misrepresent a system action or behavior without the knowledge
of the user. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2387530)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2443685)
Install this update to resolve issues caused by revised daylight
saving time and time zone laws in several countries. This update
enables your computer to automatically adjust the computer clock
on the correct date in 2011. After you install this item, you
may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2533552)
Install this update to enable future updates to install successfully
on all editions of Windows 7 or Windows Server 2008 R2. This
update may be required before selected future updates can be
installed. After you install this item, it cannot be removed.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2515325)
This is a reliability update. This update resolves some performance
and reliability issues in Windows. By applying this update, you
can achieve better performance and responsiveness in various
scenarios. For more information please see the Knowledge Base
article. After you install this item, you may have to restart
your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2479943)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2447568)
This Compatibility View List update helps make Web sites that
are designed for older browsers look better in Internet Explorer
8. When users install Internet Explorer 8, they will be given
a choice about opting-in to a list of sites that should be displayed
in Compatibility View. After you install this item, you may have
to restart Internet Explorer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2305420)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB983590)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB978542)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2446709)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain complete control over it. You can help
protect your computer by installing this update from Microsoft.
After you install this item, you may have to restart your computer.
2011/5/23 Microsoft .NET Framework 3.5 SP1 Security Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB979916)
A security issue has been identified that could allow an attacker
to tamper with digitally signed content without being detected,
when this content is being consumed by an application that makes
use of the Microsoft .NET Framework on a Windows-based system.
You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
2011/5/23 Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2508272)
Security issues have been identified in ActiveX controls that
could allow an attacker to compromise a system running Microsoft
Internet Explorer and gain control over it. You can help protect
your system by installing this update from Microsoft. After you
install this item, you may have to restart your computer.
2011/5/23 Update for Microsoft Office 2007 System (KB2508958)
Microsoft has released an update for Microsoft Office 2007 System.
This update decreases installation failures for updates installed
on Microsoft Office 2007 System.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2511250)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2534366)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Security Update for the 2007 Microsoft Office System (KB951944)
A security vulnerability exists in the 2007 Microsoft Office
System and the Compatibility Pack for the 2007 Office system
that could allow remote code execution. This update resolves
that vulnerability.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2510531)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2467023)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2522422)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2506223)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2506212)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for the 2007 Microsoft Office System Help for Common Features (KB963673)
This update installs the latest assistance content for the Microsoft
Office 2007 Help file.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2508429)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2492386)
Install this update to resolve a set of known application compatibility
issues with Windows. For a complete listing of the issues that
are included in this update, see the associated Microsoft Knowledge
Base article for more information. After you install this item,
you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2524375)
Install this update to resolve an issue which requires an update
to the certificate revocation list on Windows systems and to
keep your systems certificate list up to date. After you install
this update, you may have to restart your system.
2011/5/23 Microsoft .NET Framework 3.5 SP1 Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB982526)
This update addresses a set of known issues of the Microsoft
.NET Framework 3.5 Service Pack 1. After you install this item,
you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2484033)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2536413)
This update provides the Junk E-mail Filter in Microsoft Office
Outlook 2007 with a more current definition of which e-mail messages
should be considered junk e-mail.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2507618)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2497640)
Security issues have been identified that could allow an attacker
to compromise a system that is running Microsoft Internet Explorer
and gain control over it. You can help protect your system by
installing this update from Microsoft. After you install this
item, you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2487426)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2454826)
This is a reliability update. Install this update to enable a
set of performance and functionality updates for graphics, Media
Foundation, and XPS components on Windows 7 and Windows Server
2008 R2 systems. After you install this item, you may have to
restart your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2385678)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Windows 7 for x64-based Systems (KB975496)
Install this update to resolve the issue in which a computer
stops responding during shutdown if BitLocker is enabled on the
system drive on a computer that is running Windows 7 or Windows
Server 2008 R2. After you install this item, you may have to
restart your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2509553)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for Microsoft .NET Framework 3.5.1, Windows 7, and Windows Server 2008 R2 for x64-based Systems (KB2416471)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system that is running the Microsoft
.NET Framework and gain access to information. You can help protect
your computer by installing this update from Microsoft. After
you install this item, you may have to restart your computer.
2011/5/23 Update for Windows 7 for x64-based Systems (KB971033)
This update to Windows Activation Technologies detects activation
exploits and tampering to key Windows system files. These exploits
try to bypass regular Windows activation and are sometimes included
within counterfeit copies of Windows.
2011/5/23 Update for the 2007 Microsoft Office System (KB967642)
This update fixes an error that may occur when installing the
Microsoft Office suite Service Packs.
2011/5/23 Update for Microsoft Office InfoPath 2007 Help (KB963662)
This update installs the latest assistance content for the Microsoft
Office InfoPath 2007 Help file and the Office InfoPath 2007 Developer
Help file.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2393802)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2503658)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain access to
information. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2423089)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2079403)
A security issue has been identified that could allow an authenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2506014)
An issue has been identified that could allow a user with administrative
permissions to load an unsigned driver. This update resolves
that issue. You can help protect your system by installing this
update from Microsoft. After you install this update, you may
have to restart your system.
2011/5/23 Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924)
A security issue has been identified that could allow an attacker
to compromise your Windows-based system with Microsoft Visual
C++ 2008 Redistributable Package and gain complete control over
it. You can help protect your computer by installing this update
from Microsoft. After you install this item, you may have to
restart your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2483614)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Windows 7 for x64-based Systems (KB2506928)
Install this update to resolve issues in Windows. For a complete
listing of the issues that are included in this update, see the
associated Microsoft Knowledge Base article for more information.
After you install this item, you may have to restart your computer.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2491683)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2442962)
A security issue has been identified that could allow an authenticated
local attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2511455)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/5/23 Update for Microsoft Script Editor Help (KB963671)
This update installs the latest assistance content for the Microsoft
Script Editor Help file that is included with the 2007 Office
System.
2011/5/23 Security Update for Windows 7 for x64-based Systems (KB2419640)
A security issue has been identified that could allow an unauthenticated
remote attacker to compromise your system and gain control over
it. You can help protect your system by installing this update
from Microsoft. After you install this update, you may have to
restart your system.
2011/2/13 Hotfix for Windows (KB2300535)
Fix for KB2300535
2011/2/13 Hotfix for Windows (KB2120976)
Fix for KB2120976
System Folders
Path for burning CD C:\Users\user\AppData\Local\Microsoft\Windows\Burn\Burn
Application Data C:\ProgramData
Public Desktop C:\Users\Public\Desktop
Documents C:\Users\Public\Documents
Global Favorites C:\Users\user\Favorites
Music C:\Users\Public\Music
Pictures C:\Users\Public\Pictures
Start Menu Programs C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Start Menu C:\ProgramData\Microsoft\Windows\Start Menu
Startup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Templates C:\ProgramData\Microsoft\Windows\Templates
Videos C:\Users\Public\Videos
Cookies C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\user\Desktop
Physical Desktop C:\Users\user\Desktop
User Favorites C:\Users\user\Favorites
Fonts C:\Windows\Fonts
Internet History C:\Users\user\AppData\Local\Microsoft\Windows\History
Temporary Internet Files C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files
Local Application Data C:\Users\user\AppData\Local
Windows directory C:\Windows
Windows/System C:\Windows\system32
Program Files C:\Program Files
Device Tree
ACPI x64-based PC
Microsoft ACPI-Compliant System
Intel® Core™ i3 CPU M 380 @ 2.53GHz
Intel® Core™ i3 CPU M 380 @ 2.53GHz
Intel® Core™ i3 CPU M 380 @ 2.53GHz
Intel® Core™ i3 CPU M 380 @ 2.53GHz
ACPI Thermal Zone
ACPI Thermal Zone
ACPI Lid
ACPI Sleep Button
Microsoft Windows Management Interface for ACPI
Microsoft Windows Management Interface for ACPI
Microsoft Windows Management Interface for ACPI
ACPI Fixed Feature Button
PCI bus
Intel® processor DRAM Controller - 0044
Intel® Management Engine Interface
Intel® 82801 PCI Bridge - 2448
Intel® 5 Series/3400 Series Chipset Family SMBus Controller - 3B30
Intel® Turbo Boost Technology Driver
Motherboard resources
Intel® HD Graphics
Generic PnP Monitor
Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C
USB Root Hub
Generic USB Hub
High Definition Audio Controller
Realtek High Definition Audio
Intel® Display Audio
Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 1 - 3B42
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 2 - 3B44
Atheros AR5B97 Wireless Network Adapter
Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34
USB Root Hub
Generic USB Hub
USB Input Device
HID-compliant mouse
USB Composite Device
1.3M HD WebCam
Intel® HM55 Express Chipset LPC Interface Controller - 3B09
Direct memory access controller
Intel® 82802 Firmware Hub Device
High precision event timer
Programmable interrupt controller
Numeric data processor
Motherboard resources
System CMOS/real time clock
System timer
Standard PS/2 Keyboard
Synaptics PS/2 Port TouchPad
Microsoft ACPI-Compliant Embedded Controller
Microsoft ACPI-Compliant Control Method Battery
Microsoft AC Adapter
Intel® 5 Series 4 Port SATA AHCI Controller
Hitachi HTS545050B9A300
Slimtype DVD A DS8A5SH
PCI bus
QuickPath Architecture Generic Non-core Registers - 2C62
QuickPath Architecture System Address Decoder - 2D01
QPI Link 0 - 2D10
QPI Physical 0 - 2D11
Reserved - 2D12
Reserved - 2D13
Services
Running Acer ePower Service
Running Application Experience
Running Application Updater
Running AtherosSvc
Running avast! Antivirus
Running Base Filtering Engine
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Diagnostic System Host
Running Distributed Link Tracking Client
Running DNS Client
Running Dritek WMI Service
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running GREGService
Running Group Policy Client
Running HomeGroup Listener
Running HomeGroup Provider
Running IKE and AuthIP IPsec Keying Modules
Running Intel® Management & Security Application User Notification Service
Running Intel® Management and Security Application Local Management Service
Running Intel® Rapid Storage Technology
Running IP Helper
Running IPsec Policy Agent
Running Multimedia Class Scheduler
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running Norton Online Backup
Running NTI IScheduleSvc
Running Peer Name Resolution Protocol
Running Peer Networking Grouping
Running Peer Networking Identity Manager
Running Plug and Play
Running PnkBstrA
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Secondary Logon
Running Secure Socket Tunneling Protocol Service
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Themes
Running Updater Service
Running UPnP Device Host
Running User Profile Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Defender
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Live ID Sign-in Assistant
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Search
Running Windows Update
Running WLAN AutoConfig
Running Workstation
Running XLServicePlatform
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Adobe Flash Player Update Service
Stopped Application Identity
Stopped Application Information
Stopped Application Layer Gateway Service
Stopped ASP.NET State Service
Stopped Background Intelligent Transfer Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Certificate Propagation
Stopped COM+ System Application
Stopped Credential Manager
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped EgisTec Ticket Service
Stopped Encrypting File System (EFS)
Stopped Fax
Stopped FLEXnet Licensing Service
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management
Stopped Human Interface Device Access
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X64
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X64
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Office Diagnostics Service
Stopped Microsoft Office Groove Audit Service
Stopped Microsoft Software Shadow Copy Provider
Stopped Net.Msmq Listener Adapter
Stopped Net.Pipe Listener Adapter
Stopped Net.Tcp Listener Adapter
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped Parental Controls
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Protected Storage
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped Steam Client Service
Stopped Tablet PC Input Service
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Activation Technologies Service
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Connect Now - Config Registrar
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Image Acquisition (WIA)
Stopped Windows Installer
Stopped Windows Live Mesh remote connections service
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Time
Stopped WinHTTP Web Proxy Auto-Discovery Service
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
CPU
Intel Core i3 380M
Cores 2
Threads 4
Name Intel Core i3 380M
Code Name Arrandale
Package Socket 989 rPGA
Technology 32nm
Specification Intel® Core™ i3 CPU M 380 @ 2.53GHz
Family 6
Extended Family 6
Model 5
Extended Model 25
Stepping 5
Revision K0
Instructions MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, Intel 64
Virtualization Supported, Enabled
Hyperthreading Supported, Enabled
Bus Speed 133.0 MHz
Rated Bus Speed 2394.2 MHz
Stock Core Speed 2533 MHz
Stock Bus Speed 133 MHz
Average Temperature 50 °C
Caches
L1 Data Cache Size 2 x 32 KBytes
L1 Instructions Cache Size 2 x 32 KBytes
L2 Unified Cache Size 2 x 256 KBytes
L3 Unified Cache Size 3072 KBytes
Core 0
Core Speed 1463.2 MHz
Multiplier x 9.0
Bus Speed 133.0 MHz
Rated Bus Speed 2394.2 MHz
Temperature 46 °C
Thread 1
APIC ID 0
Thread 2
APIC ID 1
Core 1
Core Speed 931.1 MHz
Multiplier x 9.0
Bus Speed 133.0 MHz
Rated Bus Speed 2394.2 MHz
Temperature 53 °C
Thread 1
APIC ID 4
Thread 2
APIC ID 5
RAM
Memory slots
Total memory slots 4
Used memory slots 1
Free memory slots 3
Memory
Type DDR3
Size 2048 MBytes
Channels # Single
DRAM Frequency 532.0 MHz
CAS# Latency (CL) 7 clocks
RAS# to CAS# Delay (tRCD) 7 clocks
RAS# Precharge (tRP) 7 clocks
Cycle Time (tRAS) 20 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 72 %
Total Physical 1.74 GB
Available Physical 496 MB
Total Virtual 3.48 GB
Available Virtual 1.65 GB
SPD
Number Of SPD Modules 1
Slot #1
Type DDR3
Size 2048 MBytes
Manufacturer Nanya Technology
Max Bandwidth PC3-10700 (667 MHz)
Part Number NT2GC64B88B0NS-CG
Serial Number 1864066C
Week/year 49 / 10
SPD Ext. EPP
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Motherboard
Manufacturer Acer
Version V1.06
Chipset Vendor Intel
Chipset Model Havendale/Clarkdale Host Bridge
Chipset Revision 18
Southbridge Vendor Intel
Southbridge Model HM55
Southbridge Revision 05
System Temperature 53 °C
BIOS
Brand Phoenix Technologies LTD
Version V1.06
Date 01/24/2011
PCI Data
Slot PCI
Slot Type PCI
Slot Usage In Use
Bus Width Unknown
Slot Designation PCI Express Slot J6D2
Slot Number 0
Graphics
Monitor
Name Generic PnP Monitor on Intel HD Graphics
Current Resolution 1366x768 pixels
Work Resolution 1366x768 pixels
State enabled, primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
Intel® HD Graphics
Memory 762 MB
Memory type 2
Driver version 8.15.10.2202
OpenGL
Version 2.1.0 - Build 8.15.10.2202
Vendor Intel
Renderer Intel® HD Graphics
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 16
GL_MAX_TEXTURE_SIZE 4096
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_blend_color
GL_EXT_abgr
GL_EXT_texture3D
GL_EXT_clip_volume_hint
GL_EXT_compiled_vertex_array
GL_SGIS_texture_edge_clamp
GL_SGIS_generate_mipmap
GL_EXT_draw_range_elements
GL_SGIS_texture_lod
GL_EXT_rescale_normal
GL_EXT_packed_pixels
GL_EXT_texture_edge_clamp
GL_EXT_separate_specular_color
GL_ARB_multitexture
GL_EXT_texture_env_combine
GL_EXT_bgra
GL_EXT_blend_func_separate
GL_EXT_secondary_color
GL_EXT_fog_coord
GL_EXT_texture_env_add
GL_ARB_texture_cube_map
GL_ARB_transpose_matrix
GL_ARB_texture_env_add
GL_IBM_texture_mirrored_repeat
GL_EXT_multi_draw_arrays
GL_NV_blend_square
GL_ARB_texture_compression
GL_3DFX_texture_compression_FXT1
GL_EXT_texture_filter_anisotropic
GL_ARB_texture_border_clamp
GL_ARB_point_parameters
GL_ARB_texture_env_combine
GL_ARB_texture_env_dot3
GL_ARB_texture_env_crossbar
GL_EXT_texture_compression_s3tc
GL_ARB_shadow
GL_ARB_window_pos
GL_EXT_shadow_funcs
GL_EXT_stencil_wrap
GL_ARB_vertex_program
GL_EXT_texture_rectangle
GL_ARB_fragment_program
GL_EXT_stencil_two_side
GL_ATI_separate_stencil
GL_ARB_vertex_buffer_object
GL_EXT_texture_lod_bias
GL_ARB_occlusion_query
GL_ARB_fragment_shader
GL_ARB_shader_objects
GL_ARB_shading_language_100
GL_ARB_texture_non_power_of_two
GL_ARB_vertex_shader
GL_NV_texgen_reflection
GL_ARB_point_sprite
GL_EXT_blend_equation_separate
GL_ARB_depth_texture
GL_ARB_texture_rectangle
GL_ARB_draw_buffers
GL_ARB_color_buffer_float
GL_ARB_half_float_pixel
GL_ARB_texture_float
GL_ARB_pixel_buffer_object
GL_EXT_framebuffer_object
GL_ARB_draw_instanced
GL_ARB_half_float_vertex
GL_EXT_draw_buffers2
GL_WIN_swap_hint
GL_EXT_texture_sRGB
GL_EXT_packed_float
GL_EXT_texture_shared_exponent
GL_ARB_texture_rg
GL_ARB_texture_compression_rgtc
GL_NV_conditional_render
GL_EXT_texture_swizzle
GL_ARB_framebuffer_sRGB
GL_EXT_packed_depth_stencil
GL_ARB_depth_buffer_float
GL_EXT_transform_feedback
GL_EXT_framebuffer_blit
GL_ARB_vertex_array_object
GL_EXT_bgra
Hard Drives
Hitachi HTS545050B9A300
Manufacturer Hitachi
Product Family Travelstar
Series Prefix Standard
Model Capacity For This Specific Drive 500GB
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
LBA Size 48-bit LBA
Power On Count 602 times
Power On Time 94.8 days
Speed, Expressed in Revolutions Per Minute (rpm) 5400
Features S.M.A.R.T., APM, AAM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 488GB
Real size 500,107,862,016 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 100 (100 worst) Data 0000000000
02 Throughput Performance 100 (100) Data 0000000000
03 Spin-Up Time 142 (142) Data 0000000002
04 Start/Stop Count 100 (100) Data 000000032F
05 Reallocated Sectors Count 100 (100) Data 0000000000
07 Seek Error Rate 100 (100) Data 0000000000
08 Seek Time Performance 100 (100) Data 0000000000
09 Power-On Hours (POH) 095 (095) Data 00000008E2
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 100 (100) Data 000000025A
BF G-sense error rate 100 (100) Data 0000000000
C0 Power-off Retract Count 100 (100) Data 0000000003
C1 Load/Unload Cycle Count 100 (100) Data 000000065E
C2 Temperature 134 (134) Data 0000160029
C4 Reallocation Event Count 100 (100) Data 0000000000
C5 Current Pending Sector Count 100 (100) Data 0000000000
C6 Uncorrectable Sector Count 100 (100) Data 0000000000
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
DF Load/Unload Retry Count 100 (100) Data 0000000000
Temperature 41 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 15.6 GB
Partition 1
Partition ID Disk #0, Partition #1
Size 100 MB
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter C:
File System NTFS
Volume Serial Number 60612BBB
Size 450GB
Used Space 144GB (33%)
Free Space 306GB (67%)
Optical Drives
Slimtype DVD A DS8A5SH
Media Type DVD Writer
Name Slimtype DVD A DS8A5SH
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 0
SCSI Logical Unit 0
SCSI Port 0
SCSI Target Id 1
Status OK
Audio
Sound Cards
Realtek High Definition Audio
Intel® Display Audio
Playback Device
Speakers (Realtek High Definition Audio)
Recording Device
Microphone (Realtek High Definition Audio)
Speaker Configuration
Speaker type Stereo
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Location plugged into PS/2 mouse port
Driver
Date 10-8-2010
Version 15.1.18.0
File C:\Windows\system32\DRIVERS\SynTP.sys
File C:\Windows\system32\SynTPAPI.dll
File C:\Windows\system32\SynCOM.dll
File C:\Windows\system32\SynCtrl.dll
File C:\Windows\system32\SynGlwPadShlExt.dll
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynPinch.mpg
File C:\Program Files\Synaptics\SynTP\SynMomentum.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynPivotRotate_ChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingersDown.mpg
File C:\Program Files\Synaptics\SynTP\fx04.wav
File C:\Program Files\Synaptics\SynTP\SynAcer.exe
File C:\Program Files\Synaptics\SynTP\SynAcerCpl.cpl
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynSSHook.dll
File C:\Program Files\Synaptics\SynTP\SynGlwPad.exe
File C:\Program Files\Synaptics\SynTP\oemsetup.bat
File C:\Program Files\Synaptics\SynTP\OSD.exe
File C:\Program Files\Synaptics\SynTP\SynSSHookRun.exe
File C:\Program Files\Synaptics\SynTP\SynSSHook64.dll
File C:\Windows\SysWOW64\SynCOM.dll
File C:\Windows\SysWOW64\SynCtrl.dll
File C:\Windows\SysWOW64\SynTPCOM.dll
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
File C:\Windows\system32\SynTPCo4.dll
File C:\Windows\system32\WdfCoInstaller01009.dll
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Unknown
Location USB Input Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\mouhid.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
USB Video Device
Device Kind Camera/scanner
Device Name USB Video Device
Vendor Unknown
Comment 1.3M HD WebCam
Location 0000.001d.0000.001.005.000.000.000.000
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\drivers\usbvideo.sys
Printers
Fax
Printer Port SHRFAX:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 200 * 200 dpi Monochrome
Status Unknown
Driver
Driver Name Microsoft Shared Fax Driver (v4.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Microsoft XPS Document Writer (Default Printer)
Printer Port XPSPort:
Print Processor winprint
Availability Always
Priority 1
Duplex None
Print Quality 600 * 600 dpi Color
Status Unknown
Driver
Driver Name Microsoft XPS Document Writer (v6.00)
Driver Path C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Network
You are connected to the internet
Connected through Atheros AR5B97 Wireless Network Adapter
IP Address 192.168.1.33
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Preferred DNS server 208.67.222.222
Alternate DNS server 208.67.220.220
DHCP Enabled
DHCP server 192.168.1.1
External IP Address 115.132.78.7
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name USER-PC
DNS Name user-PC
Domain Name user-PC
Remote Desktop
Console
State Active
Domain user-PC
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 1
Wi-Fi (TimHome)
SSID TimHome
Frequency 2437000 kHz
Channel Number 6
Name No name
Signal Strength/Quality 100
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network WEP cipher algorithm with a cipher key of any length
Default Auth used to join this network for the first time IEEE 802.11 Open System authentication algorithm
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
Simple File Sharing Enabled
Administrative Shares Enabled
Adapters List
Atheros AR5B97 Wireless Network Adapter
IP Address 192.168.1.33
Subnet mask 255.255.255.0
Gateway server 192.168.1.1
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Network Shares
Users C:\Users
Firewall Rules
Assassin's Creed II
Path C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
Profile Public
Assassin's Creed II Update
Path C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
Profile Public
Assassin's Creed II Uplay
Path C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
Profile Public
BBInside7.2.1.3136
Path C:\Program Files (x86)\Thunder Network\Thunder\BBInside\Baidu-TB-ASBar.exe
Profile Private
BBInside7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\BBInside\Baidu-TB-ASBar.exe
Profile Private
Bejeweled 3
Path C:\Program Files\Steam\steamapps\common\bejeweled 3\Bejeweled3.exe
Profile Private
BF1942
Path C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
Profile Private
BF1942_w32ded
Path C:\program files (x86)\ea games\battlefield 1942\bf1942_w32ded.exe
Profile Private
Call of Duty® - World at War™
Path C:\Program Files (x86)\Activision\Call of Duty - World at War\CoDWaW.exe
Profile Private
Call of Duty® 4 - Modern Warfare™
Path C:\Program Files (x86)\Call of Duty 4 - Modern Warfare\iw3mp.exe
Profile Private
Call of Duty®: World at War Campaign/Coop
Path C:\program files (x86)\activision\call of duty - world at war\codwaw+lanfixed.exe
Profile Private
clear.fi
Path C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
clear.fi DMREngine
Path C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
Profile Domain
clear.fi MediaLibray Service
Path C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\CLML\CLMLSvc.exe
clear.fi Resident Program
Path C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
CoD2MP_s
Path C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
Profile Private
Condition Zero Launcher
Path C:\program files (x86)\valve\condition zero\czero.exe
Profile Public
DiRT2 Executable
Path C:\program files (x86)\codemasters\dirt2\dirt2_game.exe
Profile Private
DLL-Files.com FIXER
Path C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Port 4000
Profile Private
Dota 2
Path C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
Profile Private
Dragon Nest
Path C:\Program Files (x86)\CherryDeGames\Dragon Nest\DragonNest.exe
Profile Private
FIFA 12
Path C:\program files (x86)\ea sports\fifa 12\game\fifa.exe
Profile Private
FileLink5.9.28.1564
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe
Profile Private
FileLink7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe
Profile Private
FlashGet3
Path C:\program files (x86)\flashget network\flashget 3\flashget3.exe
Profile Public
Garena
Path C:\program files (x86)\garena plus\room\garena_room.exe
Profile Private
Garena Installer
Path C:\tddownload\lolinstaller.exe
Profile Private
Garena Messenger
Path C:\program files (x86)\garena plus\garenamessenger.exe
Profile Private
Google Chrome
Path C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Profile Public
Google Earth
Path C:\program files (x86)\google\google earth\client\googleearth.exe
Profile Private
Half-Life Launcher
Path C:\program files (x86)\valve\hl.exe
Profile Public
HSUpdate
Path C:\program files (x86)\wizet\maplestorysea\hshield\hsupdate.exe
Profile Private
iw3mp
Path C:\program files (x86)\call of duty 4 - modern warfare\iw3mp.exe
Profile Public
League of Legends Game Client
Path C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Game\League of Legends.exe
Profile Private
League of Legends Launcher
Port 6895
Profile Private
League of Legends Lobby
Path C:\Program Files (x86)\GarenaLoL\GameData\Apps\LoL\Air\LolClient.exe
Profile Private
left4dead2
Path C:\program files (x86)\left 4 dead 2\left4dead2.exe
Profile Private
LspCheck7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\NetMon\lsp_check.exe
Profile Private
McAfee Shared Service Host
Path C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
Profile Public
Microsoft Office Groove
Path C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
Profile Public
Microsoft Office OneNote
Path C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
Profile Public
Microsoft Office Outlook
Path C:\Program Files (x86)\Microsoft Office\Office12\outlook.exe
Port 6004
Profile Public
Mozilla Firefox
Path C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Profile Public
NetMonI7.2.1.3136
Path C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
Profile Private
NetMonI7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\NetMon\net_monitor_i.exe
Profile Private
Patcher MFC ?? ????
Path C:\program files (x86)\wizet\maplestorysea\patcher.exe
Profile Private
PnkBstrA
Path C:\Windows\SysWOW64\PnkBstrA.exe
Profile Private
PnkBstrB
Path C:\Windows\SysWOW64\PnkBstrB.exe
Profile Private
PPS 网络加速器
Path C:\Program Files (x86)\PPStream\PPSAP.exe
Profile Private
PPS网络电视
Path C:\Program Files (x86)\PPStream\PPStream.exe
Profile Private
pumpa.exe
Path C:\users\user\appdata\roaming\filehunter\pumpa.exe
Profile Private
ShippingPC-DBGame
Path C:\program files (x86)\dead block\binaries\win32\shippingpc-dbgame.exe
Profile Private
Skype
Path C:\Program Files (x86)\Skype\Phone\Skype.exe
speed2
Path C:\program files (x86)\ea games\need for speed underground 2\speed2.exe
Profile Private
Steam
Path C:\Program Files (x86)\Steam\Steam.exe
Profile Private
System
Path System
Thunder LiveUpdate5.9.28.1564
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderLiveUD.exe
Profile Private
Thunder LiveUpdate7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderLiveUD.exe
Profile Private
Thunder5.9.28.1564
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
Profile Private
Thunder7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\Thunder.exe
Profile Private
ThunderLAN(TCP)
Port 33673
Profile Public
ThunderLAN(UDP)
Port 33674
Profile Public
ThunderLiteViewUpdate
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\LiteUD.exe
Profile Private
ThunderLiveUD
Path C:\Program Files (x86)\Thunder Network\Xmp\Program\ThunderLiveUD.exe
Profile Private
ThunderLiveUD1.0.2.85
Path C:\Program Files (x86)\Common Files\Thunder Network\DS\Ver1\1.0.2.85\ThunderLiveUD.exe
Profile Private
ThunderLiveUD1.1.2.116
Path C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.116_1111\ThunderLiveUD.exe
Profile Private
ThunderPlatform1.1.2.116
Path C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.116_1111\ThunderPlatform.exe
Profile Private
ThunderPlatform应用程序
Path C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.102_1111\thunderplatform.exe
Profile Public
ThunderService1.0.2.85
Path C:\Program Files (x86)\Common Files\Thunder Network\DS\Ver1\1.0.2.85\ThunderService.exe
Profile Private
Touch Movie
Path C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
Touch Movie Resident Program
Path C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
Ubisoft Game Launcher
Path C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
Profile Private
war3.exe
Path C:\users\user\desktop\games\warcraft iii\war3.exe
Profile Public
Windows Live Communications Platform
Path C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
Windows Live Communications Platform (SSDP)
Port 1900
Windows Live Communications Platform (UPnP)
Port 2869
Windows Live Mesh
Path C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
Windows Live Messenger
Path C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
wmplayer.exe
Path %PROGRAMFILES%\Windows Media Player\wmplayer.exe
Profile Private
wmpnetwk.exe
Path %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe
Profile Private
XLBugReport
Path C:\Program Files (x86)\Thunder Network\Xmp\Program\XLBugReport.exe
Profile Private
XLBugReport1.0.2.85
Path C:\Program Files (x86)\Common Files\Thunder Network\DS\Ver1\1.0.2.85\XLBugReport.exe
Profile Private
XLBugReport1.1.2.116
Path C:\Program Files (x86)\Common Files\Thunder Network\TP\Ver1\1.1.2.116_1111\XLBugReport.exe
Profile Private
XLDoctorUI7.1.4.2104
Path C:\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\XLDoctorUI.exe
Profile Private
XLDoctorUI7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\XLDoctor\7.2.3.3254_4\Program\XLDoctorUI.exe
Profile Private
XMP5.9.28.1564
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\XMPBoot.exe
Profile Private
XMP7.2.3.3254
Path C:\Program Files (x86)\Thunder Network\Thunder\Program\XMPBoot.exe
Profile Private
Zuma Deluxe
Path C:\Program Files\Steam\steamapps\common\zuma deluxe\Zuma.exe
Profile Private
μTorrent (TCP-In)
Path C:\Program Files (x86)\uTorrent\uTorrent.exe
μTorrent (UDP-In)
Path C:\Program Files (x86)\uTorrent\uTorrent.exe
千千静听
Path C:\program files (x86)\ttplayer\ttplayer.exe
Profile Public
看看下载服务
Path C:\Program Files (x86)\Common Files\Thunder Network\Kankan\ThunderServiceLite.exe
Profile Private
迅雷7
Path C:\program files (x86)\thunder network\thunder\program\thunder.exe
Profile Public
迅雷下载服务
Path C:\program files (x86)\common files\thunder network\tp\ver1\1.1.2.76_1111\thunderplatform.exe
Profile Public
迅雷看看播放器
Path C:\Program Files (x86)\Thunder Network\Xmp\Program\Xmp.exe
Profile Private
酷我MV传输引擎
Path C:\Program Files (x86)\KWMUSIC\bin\KwMV.exe
Profile Private
酷我音乐盒
Path C:\program files (x86)\kwmusic\bin\kwmv.exe
Profile Public
Current TCP Connections
AvastSvc.exe (1388)
Local 127.0.0.1:27275 LISTEN
Local 127.0.0.1:12995 LISTEN
Local 192.168.1.33:50227 ESTABLISHED Remote 149.7.241.54:80 (Querying... ) (HTTP)
Local 127.0.0.1:12993 LISTEN
Local 127.0.0.1:12563 LISTEN
Local 127.0.0.1:12465 LISTEN
Local 127.0.0.1:12143 LISTEN
Local 127.0.0.1:12119 LISTEN
Local 127.0.0.1:12110 LISTEN
Local 127.0.0.1:12080 LISTEN
Local 127.0.0.1:12025 LISTEN
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (4116)
Local 0.0.0.0:50002 LISTEN
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (5964)
Local 192.168.1.33:53431 ESTABLISHED Remote 209.85.175.125:5222 (Querying... )
Local 192.168.1.33:54520 ESTABLISHED Remote 69.171.234.16:443 (Querying... ) (HTTPS)
Local 192.168.1.33:54540 ESTABLISHED Remote 69.171.227.71:443 (Querying... ) (HTTPS)
Local 192.168.1.33:55869 ESTABLISHED Remote 209.85.175.138:80 (Querying... ) (HTTP)
Local 192.168.1.33:55879 ESTABLISHED Remote 209.85.175.154:80 (Querying... ) (HTTP)
Local 192.168.1.33:55880 ESTABLISHED Remote 209.85.175.157:80 (Querying... ) (HTTP)
Local 192.168.1.33:55956 ESTABLISHED Remote 209.85.175.154:80 (Querying... ) (HTTP)
Local 192.168.1.33:55964 ESTABLISHED Remote 83.149.126.221:80 (Querying... ) (HTTP)
System Process
Local 192.168.1.33:55858 TIME-WAIT Remote 118.215.228.20:80 (Querying... ) (HTTP)
Local 192.168.1.33:55962 TIME-WAIT Remote 62.109.145.86:80 (Querying... ) (HTTP)
Local 127.0.0.1:55966 TIME-WAIT Remote 127.0.0.1:12080 (Querying... )
Local 192.168.1.33:55972 TIME-WAIT Remote 72.5.58.117:80 (Querying... ) (HTTP)
Local 192.168.1.33:55971 TIME-WAIT Remote 75.125.17.69:80 (Querying... ) (HTTP)
Local 192.168.1.33:55968 TIME-WAIT Remote 72.5.58.117:80 (Querying... ) (HTTP)
Local 192.168.1.33:55967 TIME-WAIT Remote 199.7.48.72:80 (Querying... ) (HTTP)
Local 192.168.1.33:55959 TIME-WAIT Remote 204.246.165.157:80 (Querying... ) (HTTP)
Local 192.168.1.33:55954 TIME-WAIT Remote 209.85.175.157:80 (Querying... ) (HTTP)
Local 192.168.1.33:55953 TIME-WAIT Remote 209.85.175.157:80 (Querying... ) (HTTP)
Local 192.168.1.33:55952 TIME-WAIT Remote 173.255.241.223:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:10243 LISTEN
Local 0.0.0.0:445 (Windows shares) LISTEN
Local 0.0.0.0:2869 LISTEN
Local 0.0.0.0:5357 LISTEN
Local 192.168.1.33:139 (NetBIOS session service) LISTEN
UNS.exe (2676)
Local 127.0.0.1:49177 LISTEN
lsass.exe (792)
Local 0.0.0.0:49154 LISTEN
services.exe (784)
Local 0.0.0.0:49166 LISTEN
svchost.exe (1004)
Local 0.0.0.0:135 (DCE) LISTEN
svchost.exe (240)
Local 0.0.0.0:49153 LISTEN
svchost.exe (676)
Local 0.0.0.0:49155 LISTEN
wininit.exe (688)
Local 0.0.0.0:49152 LISTEN
wmpnetwk.exe (2664)
Local 0.0.0.0:554 LISTEN


Out of the topic,
The computer that we trying to save now is a laptop. So i'm abit curious about the ability of this laptop is overclockable or not.
Would you recommend it? Since it's cooling system not that good and most of the time laptop nowaday made by the manufacturer have been optimized to maximum work rate. Just asking :lol:

Edited by Sam Cheow, 19 April 2012 - 10:05 AM.

  • 0

#9
RKinner
Posted 19 April 2012 - 11:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I wouldn't try to overclock it unless you add a cooler tray. I'd try adding some more memory first. You only have 2 GB.

You can turn off Windows Search. It's not really that useful and it takes up some CPU time.

Right click on Computer and select Manage (Continue) then Services and Applications then Services. Find Windows Search int he right pane and right click on it and select Properties then change the Startup Type: to Disabled, Apply then STOP the service.

You can also turn off the Desktop Window Manager Session Manager service the same way unless you need Aero for something. This will revert your desktop back to the basic theme so won't be as cool looking but things will run faster.

If you are not using the Windows Live stuff I would uninstall all of it. It is causing a lot of your errors.


Going through your errors:

The first one is related to KB2603229 which did not install correctly. Sometimes you can do a manual Windows Upgrade and get it to work. Other times you have to go into Windows Update catalog and download the thing separately then try and install it. If all else fails you can open a free case with MS.

http://support.micro....com/kb/2603229

Name resolution for the name apps.facebook.com timed out after none of the configured DNS servers responded.

Not sure why you got this one. Perhaps something is trying to check for something before the network is up. If it happens all the time you could just put
69.171.228.76 apps.facebook.com
in the hosts file using HostXpert:
http://www.funkytoad...m_content&id=13
or you could find what program is trying to do that and tell it to stop. Not really very important.

WLAN AutoConfig service has successfully stopped.


Normal event. Should really be just an info level event.

The program Thunder.exe version 7.2.3.3254 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.


If all it is is a download manager then uninstall it. I thought it might be your email program. If you need it try uninstall then download a new copy and right click and run as admin. to reinstall it.


Activation context generation failed for "c:\program files (x86)\KWMUSIC\bin\lidx.dll". Dependent Assembly


Not sure what this program does but it did not install correctly. I would uninstall it. Don't think it is happy on a 64bit system

Faulting application name: Babylon.exe, version: 9.0.3.12, time stamp: 0x4e1ea1f7


This one doesn't appear happy either. Is this something you really use? Most people are asking me for help removing it.

Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


Uninstall Adobe Air. You will get a new one next time you update Adobe Reader. Maybe it will install correctly.

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.


As I said before if you don't use Windows Live, uninstall it. If you do use it, uninstall it , download the latest version and right click on it and Run As Admin to reinstall.

I see from Process Explorer that wmiprvse is eating up some CPU. There are a lot of complaints about this process spiking and slowing down the PC. This is usually caused by a poorly written 3rd party application. See:

http://blogs.msdn.co...al-villain.aspx

Finally I see you have Punkbuster running. This is installed by some games and needs to run when the game does but can be stopped when the game is not running. Right click on the clock and select Task manager then Processes. Find PnkBstrA.exe, select it then End Process (ignore the warning) and you will save a few CPU cycles.

You can uninstall Speccy. I just wanted to see what it said about the temperatures and hard drive.

Do you use the Norton Online Backup? If not uninstall it.

You can delete the stuff in the Avast Chest if you want to. It did find one thing that was not in OTL's removed file folder. Click on the Avast Ball, then on Maintenance. Under Maintenance should be Virus Chest. Click on it and you will see the stuff in the chest. Click on the top line then scroll down to the bottom and hold down Shift and click on the bottom line. This should select all of them. Now right click and Delete. Yes.

We can try another scan just to see if it finds anything:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


Is it running any better now?
  • 0

#10
Sam Cheow
Posted 20 April 2012 - 11:24 AM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
About the error there:
Babylon.exe is important for me to check the meaning of certain words. My english is horrible.By the way, what's the problem that exe facing?

About the wmiprvse thing
I don't know how to decode those words, i'm too dumb at this. Can you help out?
Attached File  event file.zip   29.33KB   190 downloads

ESET online scan can't let it run till finish. It either turn back to the very 1st page asking for permission or something like that, or just turn out saying too slow. Is it must be finish on IE? Felt IE not that fast.

Finally, the BitDefender Scan log:

QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Fri Apr 20 22:15:08 2012
Machine ID: 60612BBB

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - could not be accessed
--> Process UNS.exe (1156)


No infection found.
-------------------



Processes
---------
Acer Backup Manager 4320 C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
Acer clear.fi 3212 C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
Application Updater 1660 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
avast! Antivirus 1452 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 4428 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Backup Manager 1964 C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
clear.fi Movie 4332 C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
CyberLink DMREngine 3596 C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
Dritek WMI Service 1740 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
EgisTec In-Product Service 4472 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
EgisTec In-Product Service 4196 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
Global Registration Service 1840 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
Google Chrome 1188 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1284 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5240 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2872 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4392 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4400 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4424 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2480 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4540 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4980 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5152 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5268 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5292 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5316 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 6036 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
IAStorDataSvc 3416 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
IAStorIcon 3144 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Intel® Active Management Technology L 1868 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Intel® Management & Security Applicat 1156 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
Java™ Platform SE Auto Updater 2 0 4404 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Launch Manager 3892 C:\Program Files (x86)\Launch Manager\LManager.exe
Launch Manager Worker 4148 C:\Program Files (x86)\Launch Manager\LMworker.exe
Microsoft® Windows® Operating System 2860 C:\Windows\SysWOW64\rundll32.exe
MyWinLocker Suite 1336 C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
Rainmeter 1404 C:\Program Files (x86)\Rainmeter\Rainmeter.exe
Updater Service 1052 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
Windows® Internet Explorer 5824 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3752 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Microsoft® .NET Framework 2976 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(verified) Microsoft® Windows® Operating System 1816 C:\Windows\SysWOW64\svchost.exe


Network activity
----------------
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 72.5.58.54
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 209.85.175.138
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 209.85.175.101
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 93.184.71.2
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 125.252.225.135
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 23.48.111.139
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 125.252.225.144
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 209.85.175.138
Process AvastSvc.exe (1452) connected on port 80 (HTTP) --> 209.85.175.138
Process chrome.exe (4424) connected on port 5222 (XMPP/Jabber) --> 209.85.175.125
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 209.85.175.102
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.109.177
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.109.177
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.98.110
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 125.252.225.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.109.177
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 203.106.85.32
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 125.252.225.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 125.252.225.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 203.106.85.32
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 203.106.85.32
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 125.252.225.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 203.106.85.32
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 203.106.85.32
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 125.252.225.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 125.252.225.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.99.206
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 203.106.85.32
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.98.110
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.98.110
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 69.171.228.70
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 69.171.228.70
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 204.93.223.147
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 204.93.223.147
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 204.93.223.147
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 109.68.230.148
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 109.68.230.148
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 109.68.230.148
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 66.220.146.86
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 66.220.146.86
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 66.220.146.86
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 23.48.111.139
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 209.85.175.97
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 69.171.227.71
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 117.18.237.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 117.18.237.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 117.18.237.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 117.18.237.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 117.18.237.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 117.18.237.81
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 209.85.175.102
Process chrome.exe (4424) connected on port 443 (HTTP over SSL) --> 209.85.175.132

Process DMREngine.exe (3596) listens on ports: 50002


Autoruns and critical files
---------------------------
Acer Backup Manager C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
Babylon Client C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
clear.fi Movie C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
EgisTec In-Product Service C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
EgisTec In-Product Service C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
GrooveMonitor Utility C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
HD Audio Background Process C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Launch Manager C:\Program Files (x86)\Launch Manager\LManager.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
MUI StartMenu Application C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe
MyWinLocker Suite C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
Power Management C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Rainmeter C:\Program Files (x86)\Rainmeter\Rainmeter.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
迅雷看看播放器 c:\program files (x86)\common files\thunder network\kankan\xappex.1.1.1.29.(766).dll
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe


Browser plugins
---------------
20-20 3D Viewer for IKEA C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
AhnLab MyKeyDefense 2.5 C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
AhnLab Online Security C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Babylon Chrome Plugin C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
Babylon IE Addin C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
Bitdefender QuickScan C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
flashget FlashgetXpi C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
Google Update C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Intel® Threading Building Blocks for C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
Intel® Threading Building Blocks for C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
Java Deployment Toolkit 6.0.310.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\ssv.dll
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
NPSWF32_11_2_202_228.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
RadioWMPCoreGecko10.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
RadioWMPCoreGecko5.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
RadioWMPCoreGecko6.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
RadioWMPCoreGecko7.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
RadioWMPCoreGecko8.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
RadioWMPCoreGecko9.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
Switchy! Chrome Extension 1.6 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins\npSwitchy.dll
Thunder DapCtrl Plugin C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(885).dll
Thunder7 C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll
ThunderComponent C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponentFF5.dll
ThunderComponent C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponentFF6.dll
ThunderComponent C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponentFF7.dll
Unity Player C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
xl_chrome_plugin C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_1\xl_chrome.dll
迅雷7 C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) RadioWMPCoreGecko19.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll


Scan
----
MD5: 494d391d603680f5d3ff966e6859e254 C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files (x86)\Acer\clear.fi\Movie\MFC71.DLL
MD5: 5e0dfee44882ea2ac131b2dca67b767c C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MD5: 0c331c10ad93232c9c66744191b3ca6c C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
MD5: 20fa08d4322368c8f639341038ad3711 C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\Common\CLRCEngine3.dll
MD5: a2555a53a87adf4f7adc77ba16468e15 C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLHttpDownload.dll
MD5: d92d5699708d98536c00e34711d495a0 C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MD5: d9065d4e3e116063cb8662ccf8ad3b39 C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetShow.dll
MD5: 5e0dfee44882ea2ac131b2dca67b767c C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
MD5: 0191dee9b9eb7902af2cf4f67301095d C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: c98ff6c440e8967251f59c7919b505a1 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: f9391e9a3b016e1c9d96daaee7ef794f C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
MD5: 0d083adc189abc679629a704aebdc8a1 C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
MD5: 4b3e40c1ae77880678b984a2c748cb85 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
MD5: e616f4b7ac5c1a399e3d072cb9e453f6 C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
MD5: d31766c4aa42ae828b3e1d9a382fc413 C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
MD5: 07d15aa6e882e598918e66e02c17ea95 C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
MD5: 0a40c4ab62580ba9630a174fa605e790 C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
MD5: 1d05a7499506f285107f4a50bf52e684 C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
MD5: 633db869f85f2a91172795050a88f231 C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
MD5: c47f17aa10348d7f8cf2f8b8f04ff0b8 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 885ba7ae8f650e7d7bcb5b966e00ddce C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 03e6888da1a85acf14ac2a3c328a9e62 C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
MD5: 98a078f838a70f84e1bd490d7c7675f4 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: bb0667b0171b632b97ea759515476f07 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: a78cc79e4306ac531cb591e70993835b C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: 529291ce70799366008d9c6cfeafb8f4 c:\program files (x86)\common files\thunder network\kankan\xappex.1.1.1.29.(766).dll
MD5: 30bef75e1616d5658210d497b502dd4c c:\program files (x86)\common files\thunder network\serviceplatform\XLBugHandler.dll
MD5: 03f3f191c3cb1b693ee34f717a29ef08 c:\program files (x86)\common files\thunder network\serviceplatform\XLDocSer.dll
MD5: f757ed4b1f0312405482564e7d138dbe c:\program files (x86)\common files\thunder network\serviceplatform\xlsp.dll
MD5: dc1aa3868108b8ff57f6c8045fcd4603 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
MD5: 884f47d95d11883dd620e9070e8ae0d5 C:\Program Files (x86)\EgisTec IPS\KernelController.dll
MD5: 87838ac95d7aa40391f50cbad37e4e56 C:\Program Files (x86)\EgisTec IPS\LicenseCenter.dll
MD5: e7ea57b35951d093a9647d8d5ce3340d C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
MD5: 29e7e6ea8f670c389996d26c04a875bf C:\Program Files (x86)\EgisTec IPS\UpdateModel.dll
MD5: 75ad45ed633b866d90aeaa296c21f7e8 C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: 23de5b62b0445a6f874be633c95b483e C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: 1cbad5eee017fafea2bf75e82330783d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll
MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
MD5: cc3775100aba633984f73dfae1f55cae C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
MD5: 31a0e93cdf29007d6c6fffb632f375ed C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
MD5: 25107f58d1b8f60d67d1ee95798c0de8 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MD5: bbee9bbfd1f3c339059d96c4c42b455f C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
MD5: 97a8968a66f15fd3b2f09c6f56b2170d C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
MD5: a093ed015173a0952817b05ade79e5c0 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
MD5: 760c39ab75b456b86c926b04deda9d80 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 92cb47a8dc9427d8f406aaf84384adf2 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: a9770771b622a871643ea2a4a3983e95 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
MD5: 8e6c86726b67d3faa3144849b9aac06c C:\Program Files (x86)\Java\jre6\bin\ssv.dll
MD5: 895e8820a8df999945458df1f90b66cb C:\Program Files (x86)\Launch Manager\aipflib.dll
MD5: 632a6d75feeabc846ee9aec33345ef34 C:\Program Files (x86)\Launch Manager\CDRomUtl.dll
MD5: a07f12fa297f3f074d496b333c259afa C:\Program Files (x86)\Launch Manager\ComFnUtl.dll
MD5: 53e4843e1cd3653e665daa32241f8f8b C:\Program Files (x86)\Launch Manager\dsiwmis.exe
MD5: 70963810e0fa048e83a50c102732dc16 C:\Program Files (x86)\Launch Manager\LManager.exe
MD5: 352cc5f802d8ede1faae6d3e50664958 C:\Program Files (x86)\Launch Manager\LmSmbKel.dll
MD5: 95ad9d0fef93167e60e3534ff755fb1b C:\Program Files (x86)\Launch Manager\LMworker.exe
MD5: 69259dd752862f5665413afcfb4c0b0e C:\Program Files (x86)\Launch Manager\MixerUtl.dll
MD5: c31d40afc1e5890f0b8c9d6356ae6e7b C:\Program Files (x86)\Launch Manager\NTKCUtl.dll
MD5: 20d30d8717e9dff90224b5ab37410d9d C:\Program Files (x86)\Launch Manager\OSDUtl2.dll
MD5: 71fc112959b07d686e71541bd9d4f237 C:\Program Files (x86)\Launch Manager\PowerUtl.dll
MD5: a056ac2e16103d6f4468738a8a6a5300 C:\Program Files (x86)\Launch Manager\RadioWndUtl.dll
MD5: fd5a0a28aaea0421039242a9d592212b C:\Program Files (x86)\Launch Manager\SzUPFUtl.dll
MD5: 063f592b4c0ae7f786bc1a1460fb380e C:\Program Files (x86)\Launch Manager\VistaVol.DLL
MD5: a53f59bc46766ce79e407ab6f451100d C:\Program Files (x86)\Launch Manager\Wnd2File.dll
MD5: 123271bd5237ab991dc5c21fdf8835eb C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
MD5: 0e34b7bb1fcf22bcc1e394d16f9e992b C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
MD5: 30efebdc960a482e3e188b9960b286e2 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.DLL
MD5: 30db64d316f502558db2380f7343c9fd C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
MD5: d8c2b95bc2353e1f18850d6b8f5dba13 C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
MD5: 207204af80505af51271fe164b56f662 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.DLL
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: a878453a1714870eaada83e6434bdb77 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 1b133b22b59168d130890020192404ee C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
MD5: a4639490b52476c2bf2e6a423f156c9d C:\Program Files (x86)\NTI\Acer Backup Manager\agent_stub.dll
MD5: 4dde3e01b5020b3d5deec7e3dc0f3185 C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
MD5: 2715556adc037c8b2113049094e06aee C:\Program Files (x86)\NTI\Acer Backup Manager\BookmarkDLL.dll
MD5: 990b7944d4974506505dbe605b688290 C:\Program Files (x86)\NTI\Acer Backup Manager\ISchedule.DLL
MD5: d27a4546417ed7c4aea7b3420d4f1f50 C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
MD5: 77cd75aef569240fded229f7847f6773 C:\Program Files (x86)\NTI\Acer Backup Manager\LUInterface.dll
MD5: 9eaf2e6f307614dc64afdaf7527b1037 C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
MD5: c4ead3e77f05bd03684c8a20444aa81a C:\Program Files (x86)\NTI\Acer Backup Manager\MUI\0409\lang.dll
MD5: 98c4a9ae3e95f0bbdaee049990b58514 C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookDispatch.dll
MD5: bb1f85d0a9f2035241ea49f9383860a1 C:\Program Files (x86)\NTI\Acer Backup Manager\Pehook.DLL
MD5: 789e85abf9ae62b2ef097243480f6bbf C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MD5: 1c6b1f719ae33e9bec6c05a974e3286a C:\Program Files (x86)\NTI\Acer Backup Manager\SyncDll.DLL
MD5: 63ef943ca0cdc338a764e000357031f8 C:\Program Files (x86)\NTI\Acer Backup Manager\VssAgent.dll
MD5: a3fdfc8f555465b7874ca58f621d4974 C:\Program Files (x86)\NTI\Acer Backup Manager\WinSetDLL.dll
MD5: 3126ee76b617813b323115f2ed6960cb C:\Program Files (x86)\Rainmeter\Plugins\PerfMon.dll
MD5: a3044d2ee5c81b7e24cabc5326affb2e C:\Program Files (x86)\Rainmeter\Plugins\PowerPlugin.dll
MD5: e7ed59dbbb60e73bb2815a93fa9d0234 C:\Program Files (x86)\Rainmeter\Plugins\RecycleManager.dll
MD5: 5386c0d6e276b20f5bceae96b44158ce C:\Program Files (x86)\Rainmeter\Plugins\SysInfo.dll
MD5: f527cac688fc2a69491097d8c93be82a C:\Program Files (x86)\Rainmeter\Plugins\WifiStatus.dll
MD5: 566f715374434149e4b3789c3fe61796 C:\Program Files (x86)\Rainmeter\Plugins\Win7AudioPlugin.dll
MD5: eebd1d1c0b96c6bba285e216d39f0924 C:\Program Files (x86)\Rainmeter\Rainmeter.dll
MD5: c62a32ac700421546ceb581ce391c9d6 C:\Program Files (x86)\Rainmeter\Rainmeter.exe
MD5: 6714c195776a4892879b8c0fec31d085 C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.5.64.dll
MD5: e95442c81dd639b40f8b04ebd5ff8231 C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddinKernel1.0.5.64.dll
MD5: 45c92120fde4b5e88fb4b237544cf68c C:\Program Files (x86)\Thunder Network\Thunder\BHO\xldb.7.2.3.3254.dll
MD5: b811f81d0611386999d32d8c3b175fab C:\Program Files (x86)\Thunder Network\Thunder\BHO\xldp.7.2.3.3254.dll
MD5: eb38f5c07157d1f34f66d7625967929a C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll
MD5: 8e12d885d17ec5fa4f52d2c6e953e285 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
MD5: 5fdfb8e924219645dd26d0fc378f8182 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MD5: f9ec9acd504d823d9b9ca98a4f8d3ca2 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
MD5: 53f02d0b63c0581cc75b59feb8727868 C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: e4483e1ad553b637fff75270db6ceab3 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: c7cec19606f6c6bcef7dbd5056f93724 C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: b678403bb3864b7288676764d9f3bd05 C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 5fa711c78fceb7ba5f34c31ade5707ae C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 710d1e35c7904f5b39fe46348dcf1141 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: 9ad0825d4e06e4059d4b60656cdeb2b5 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 5c1d7208e37719966fdc447d135eeadd C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 51a5228a3a5888c916f3df20075a0873 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: 0fd1252cb6091d4b2c4da60bcaed8e7a C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: bb3972c96fc1feceeca79e81433e6be1 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 0e6bc5d5ebe89ca95d29963de785277a C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: 23f655904edbe354cacec16148073d1c C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: d03a96e15f4cd81467d686b2c7c14a15 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: 1b34989ddfd77861d3bfc7bdb0ae45ea C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 309391d362fa6036f92919cda11957f7 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 9765a954bc96d5444a55aacbac91a7c4 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: 949099e7f5d1b29751d3408b945ccba6 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: 02dc44e875d05adeff52e06612a6a15f C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 90111518c52523789635e09d80c53584 C:\Program Files\AVAST Software\Avast\aswAra.dll
MD5: 0b8c72a9be02f1f1c6d2876b78f270ad C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 153c55e9f84bf079a276c0d350806dc5 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: c1101c9f70c136106c80c7de073a7801 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: d07f23592281202d8f0bed99dfaf3db2 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: a43709d69b819285970de820d3ce0df4 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: aa8b84990d8605565c31daca9903067e C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: c0c17ab13efe021d09e278e127560944 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 172c234f9c72a9bb2c939851acad734b C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: b5b3db22e559bfd2f970a8d8f5ae9275 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 0bf206e2eac174e9b607fb90930c2477 C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: a21f1d4883777c8f2b918b9a33988f52 C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: a218dc737865366494df73601a7b4626 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 7d634bb1b2bc4249e0e00ef39ddd5aab C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 0db949d42fc8b02cee4fd2a32f9b0910 C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 1d55d89c711cddc0ddff4665656e13f8 C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
MD5: 4041d31508a2a084dfb42c595854090f C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 782fef655dbf8653c9f2722bebf7a8a6 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: 5de753d819b3ed72bfb9ce4c57d3d047 C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 13ce4c2c0d2bcd12dc943ce44ef6fe35 C:\Program Files\AVAST Software\Avast\defs\12042000\algo.dll
MD5: e39f9f12372aca40d676114bbb6b3f3c C:\Program Files\AVAST Software\Avast\defs\12042000\aswCmnBS.dll
MD5: 2864a9f4f2bf6f84e34f95f39b756d2b C:\Program Files\AVAST Software\Avast\defs\12042000\aswCmnIS.dll
MD5: 95f9c426a8c732cca5f8653eb48bc36f C:\Program Files\AVAST Software\Avast\defs\12042000\aswCmnOS.dll
MD5: ce7d7b6675ce1e5fa8e71052e64a2690 C:\Program Files\AVAST Software\Avast\defs\12042000\aswEngin.dll
MD5: ec0897691aa5603c8bc4243266923c73 C:\Program Files\AVAST Software\Avast\defs\12042000\aswFiDb.dll
MD5: 521f0ab5fa7e20b31ee14f05d3034d45 C:\Program Files\AVAST Software\Avast\defs\12042000\aswRep.dll
MD5: 02f9888a5b947c01eb8502218a68cb94 C:\Program Files\AVAST Software\Avast\defs\12042000\aswScan.dll
MD5: 2da349ae4a9a5c678cb7a4e6132c04bf C:\Program Files\AVAST Software\Avast\defs\12042000\uiExt.dll
MD5: 026c3bd6f2f2fdc676eced82062c9f47 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 935a5a35d6042188f55b90808e9a6154 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
MD5: d87021a440e026684f51c0fc038f10be C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MD5: 627635ab649884f3f6a9b064a46eb087 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 392665a4beb2b1da9e3bfadfb90478e0 C:\ProgramData\Thunder Network\KanKan\Pusher\xappdrv.1.0.0.5.dll
MD5: f868d43bfa9799b570f218e880235699 C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MD5: 11baeb4d41cbacef838ee26ce930b5bb C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MD5: 631fe7f0a7731f75fb630b111e72d3f7 C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MD5: 5974bc2d26dc0f1e9755ccc2806cfda2 C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome.dll
MD5: 21ea4f30a44d80f0e6aa2277c79518ea C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
MD5: 1cea300160b85078e5fa0d126df6f59b C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\icudt.dll
MD5: 1a2623a1db85edbec3599b4f93e14117 C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dll
MD5: be297dfb7b1c18b409b6b1b05c5abca1 C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dll
MD5: c83550fcf0d19def88e81927b1242b4f C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MD5: d8c076b2ca3472f47abe8b6654ecc286 C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
MD5: 073ca785104033cf4de508af52d97271 C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: 020797aa3b60220bdbd8788683ac55dc C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins\npSwitchy.dll
MD5: be1265b021dea5f9a0175de40425e527 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
MD5: 1b031b8f06cb71f867939e96a2856ddd C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.3_1\xl_chrome.dll
MD5: 19d1bb423abaa8696639a28ff995e4e8 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
MD5: d06e87b25763640ff458469ab7fcc024 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
MD5: ec05d1b87cc762807f3fcd5699eb103c C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: a63259925adb2a1181c712513ebfb8ed C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 087c459b81c8389602f65decd4cbf0a7 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponentFF5.dll
MD5: 9eb419b62c6f14fa46cb36758010f69f C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponentFF6.dll
MD5: 232262b84b2c14c6bb79b7e5b91d461f C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponentFF7.dll
MD5: 8d7de77590f586fa630a2322e35b45ed C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
MD5: d55024f2e996643e54d736c83b4a4e8e C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
MD5: 816c504ac507224f0ec4f72f2024b028 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
MD5: 95e0102da03a71d1c908eeb38d2c310e C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL
MD5: 6d7de520d8aa80a243347becd401eb54 C:\Windows\AppPatch\AcWow64.DLL
MD5: 87013fc7f29da40be7a52bb5b07a5c8c C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\10e15089d8fc56e52c1b257b09d484e3\IAStorDataMgr.ni.dll
MD5: df0de6c8ceaefca90d9b22ec7d5c23f8 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\c3d4c8fe1b7afc44c48e5eb24689707e\IAStorDataMgrSvc.ni.exe
MD5: 98be0259940de347956e47a30fe272cf C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MD5: aecfc98a09de9fa372ed0afd2e7ab9f3 C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c9f86107711667159f5a87d8ed9e075a\IsdiInterop.ni.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MD5: 9368bac6d09b20ca367b13c5ce02730e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MD5: 960e6974343d0903de3b5607e200c94c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
MD5: 746d8a021ebb45b2602d33c2fe2c0420 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MD5: 673c39ec95b3623f198e8eed3f97f80c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 7b46a076184b73aedc1a66a71d9131e8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: cdaf3e1a99f938153701bbe7375af1d7 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: ab690cd34cf4b4e3ddf78fd4fbcf88c3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 9f8210675bd2acc283959bb33f0307df C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: e3d5e244807ad655787fcd25477cc1bc C:\Windows\system32\bthprops.cpl
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 1c9b45e87528b8bb8cfa884ea0099a85 C:\Windows\system32\d3dcompiler_43.dll
MD5: 86e39e9161c3d930d93822f1563c280d C:\Windows\system32\d3dx9_43.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 957cc0c0b992adbc625ae1858115487c C:\Windows\system32\drivers\Mkd2Nadr.sys
MD5: ccf4e830512c0a298791f1d34b81c215 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 1060d60cca69a8136a87dbe3c8f4a467 C:\Windows\system32\EhStorAPI.dll
MD5: 53af1750fd45ddd705c9b68c7dc58827 C:\Windows\system32\EVR.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: b23137887833d849edb4f03ed8124e71 C:\Windows\system32\IEFRAME.dll
MD5: cf316fa04d6bd6168223a0e029c6c874 C:\Windows\system32\IEUI.dll
MD5: b0335e0e041106e15acc6d36d6d75bf5 C:\Windows\system32\igd10umd32.dll
MD5: 10ab9c9adb89816befb077e72659d029 C:\Windows\system32\igdumd32.dll
MD5: ba38c50f523dc053488ac3f9ef99aa0b C:\Windows\system32\igdumdx32.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL
MD5: f2394835bb47efa3f8c0ee705af87cd8 C:\Windows\system32\l3codecp.acm
MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\MAPI32.dll
MD5: fdba1dec4f9be4274a00b9b850c63484 C:\Windows\system32\mf.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\system32\mscoree.dll
MD5: f82bf2cb075b49e9fab5ff213c45c020 C:\Windows\system32\MSHTML.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 3de43bfdaf3f8979699650202aa18b12 C:\Windows\system32\msmpeg2vdec.dll
MD5: bc83108b18756547013ed443b8cdb31b C:\Windows\system32\MSVCP100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Windows\system32\MSVCR100.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NetApi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 703ffd301ab900b047337c5d40fd6f96 C:\Windows\system32\OLEPRO32.DLL
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: e98278865e8daba21cfe5fe4be34210a C:\Windows\system32\PortableDeviceApi.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: ce292c4c10b8db6070f262ea2733f0dc C:\Windows\system32\sqmapi.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: 13337a3fb17f2242487fd45488ed0485 C:\Windows\system32\VSSAPI.DLL
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll
MD5: ac122407b29378ff9646f03404ac7c54 C:\Windows\system32\wshbth.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\SysWOW64\dbghelp.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\SysWOW64\DNSAPI.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: b23137887833d849edb4f03ed8124e71 C:\Windows\SysWOW64\ieframe.dll
MD5: 1341915d4705a3ba68bc49e83024ade0 C:\Windows\syswow64\iertutil.dll
MD5: b2db6aba2e292235749b80a9c3dfa867 C:\Windows\syswow64\imagehlp.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\iphlpapi.dll
MD5: 328e900311d5c31f399730c7ccc8883a C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: 85fb27e80f7286719dcca44a90454434 C:\Windows\SysWOW64\Macromed\Flash\Flash10u.ocx
MD5: 0d4c486a24a711a45fd83acdf4d18506 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 045084e4f10d31e71057fe741d87fdb0 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: 831883b107684301f48ace752c963984 C:\Windows\SysWOW64\PnkBstrA.exe
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 4c162b2a8e175f46db41b21c77688221 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\SysWOW64\USERENV.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 44465367256d1c72b58f5abaa19e7016 C:\Windows\syswow64\WININET.dll
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\SysWOW64\WINSTA.dll
MD5: a7d79e9f660340ab20cd73f12910985f C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\SysWOW64\WTSAPI32.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: 5963633010616b25503ee126f55e8de4 C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll


No file uploaded.

Scan finished - communication took 13 sec
Total traffic - 0.02 MB sent, 1.25 KB recvd
Scanned 543 files and modules - 99 seconds

==============================================================================


So far, I think it doesn't improve much, I still felt that this comp system is old rite now. :lol:
Anyway, the booting is longer rite now. Any thought about this?
  • 0

Advertisements

#11
RKinner
Posted 20 April 2012 - 12:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Babylon tends to take over your search function and tends to be hard to uninstall but if it works for you that's fine.

Your Bitdefender log shows a large number of connections to 117.18.237.81 (EdgeCast Networks Asia Pacific Network). Do you know what that is?


You can run ESET in Firefox not sure about Chrome. You have to download an add-on which is why I usually use IE.

You might try it in Safe Mode with Networking and see if it will work then.

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

For the slow boot:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

msconfig


Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.
  • 0

#12
Sam Cheow
Posted 21 April 2012 - 07:55 AM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
EdgeCast Networks Asia Pacific Network? I have no idea. But maybe it is my ISP connection to it, to ensure the users can't access some certain websites (which is the government orders).

This is ESET scan report:

C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\TDDOWNLOAD\YouTubeDownloaderSetup31.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Windows\Installer\16874b9.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined


And this is ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
OnlineCmdLineScanner.exe@High:Finished with error2002 Update status=13 3.0.2
lost connection with clientesets_scanner_update returned -1 esets_gle=36882
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2ccfe4809774f04d8809194decd26f44
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-21 10:52:56
# local_time=2012-04-21 06:52:56 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 56969 86625294 0 0
# compatibility_mode=8192 67108863 100 0 62837 62837 0 0
# scanned=266670
# found=3
# cleaned=3
# scan_time=10149
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C
C:\TDDOWNLOAD\YouTubeDownloaderSetup31.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\16874b9.msi a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C


I don't think any of the startup stuffs causing slow booting here, maybe my term of "slow" is quite fast for real
(Is actually less than 1 min from the window logo to the desktop background, except those stuff that start working after booting isn't there)

So that's all, thanks for all the helps these days! :thumbsup:
  • 0

#13
RKinner
Posted 21 April 2012 - 11:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
The boot time seems acceptable. Not sure exactly what you mean by:

except those stuff that start working after booting isn't there

Can you give me an example?

What country are you in?

Close all programs, open one IE (make sure there are not other tabs open) and run Bitdefender again and post the new log.

With that same browser and with no other programs running: Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
  • 0

#14
Sam Cheow
Posted 21 April 2012 - 12:14 PM

Sam Cheow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Oops. Sorry for making you misunderstanding the sentence. I said my english is sucks.
What I mean is that after booting, for example, rainmeter is not there yet until half a minute or so. I think the other stuff is starting quite slowly as well as you might feel the lagging when open up the folder like C:/

I'm living in Malaysia, and the best and only grounded internet broadband is from TM.

Bitdefender log:

QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Sun Apr 22 02:07:42 2012
Machine ID: 60612BBB



No infection found.
-------------------



Processes
---------
(unsigned) Rainmeter 3516 C:\Program Files (x86)\Rainmeter\Rainmeter.exe

(verified) Acer Backup Manager 4332 C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(verified) Acer clear.fi 2124 C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(verified) Application Updater 1688 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(verified) avast! Antivirus 1424 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified) avast! Antivirus 3760 C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Backup Manager 2636 C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(verified) CyberLink DMREngine 2628 C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(verified) Dritek WMI Service 2444 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(verified) EgisTec In-Product Service 4520 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(verified) EgisTec In-Product Service 4300 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(verified) Global Registration Service 2532 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(verified) IAStorDataSvc 2868 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(verified) IAStorIcon 4200 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) Intel® Active Management Technology L 2560 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(verified) Intel® Management & Security Applicat 3700 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(verified) Java™ Platform SE Auto Updater 2 0 3564 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Launch Manager 4192 C:\Program Files (x86)\Launch Manager\LManager.exe
(verified) Launch Manager Worker 4324 C:\Program Files (x86)\Launch Manager\LMworker.exe
(verified) Microsoft® Windows® Operating System 2832 C:\Windows\SysWOW64\svchost.exe
(verified) MyWinLocker Suite 1204 C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(verified) PnkBstrA.exe 2668 C:\Windows\SysWOW64\PnkBstrA.exe
(verified) Updater Service 2780 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(verified) Windows® Internet Explorer 3692 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3940 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4804 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 72.5.58.53
Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 74.125.71.139
Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 74.125.71.139
Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 118.215.231.139
Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 125.252.225.176
Process AvastSvc.exe (1424) connected on port 80 (HTTP) --> 66.235.143.118
Process DMREngine.exe (2628) connected on port 2869 (SSDP event notification, UPNP) --> 192.168.1.33
Process DMREngine.exe (2628) connected on port 54778 --> 192.168.1.33
Process DMREngine.exe (2628) connected on port 54777 --> 192.168.1.33

Process DMREngine.exe (2628) listens on ports: 50002


Autoruns and critical files
---------------------------
(unsigned) Rainmeter C:\Program Files (x86)\Rainmeter\Rainmeter.exe

(verified) Acer Backup Manager C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(verified) Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(verified) EgisTec In-Product Service C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(verified) EgisTec In-Product Service C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) GrooveMonitor Utility C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) HD Audio Background Process C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(verified) IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Launch Manager C:\Program Files (x86)\Launch Manager\LManager.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) MUI StartMenu Application C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe
(verified) MyWinLocker Suite C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(verified) Power Management C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(unsigned) Babylon Chrome Plugin C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
(unsigned) Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
(unsigned) RadioWMPCoreGecko10.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
(unsigned) RadioWMPCoreGecko12.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko12.dll
(unsigned) RadioWMPCoreGecko5.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
(unsigned) RadioWMPCoreGecko6.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
(unsigned) RadioWMPCoreGecko7.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
(unsigned) RadioWMPCoreGecko8.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
(unsigned) RadioWMPCoreGecko9.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
(unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

(verified) 20-20 3D Viewer for IKEA C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
(verified) AhnLab MyKeyDefense 2.5 C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
(verified) AhnLab Online Security C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
(verified) avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
(verified) Babylon IE Addin c:\program files (x86)\babylon\babylon-pro\utils\babyloniepi.dll
(verified) Bitdefender QuickScan C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
(verified) Bluetooth Software C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
(verified) flashget FlashgetXpi C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(verified) Google Update C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(verified) GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Intel® Threading Building Blocks for C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
(verified) Intel® Threading Building Blocks for C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
(verified) Java Deployment Toolkit 6.0.310.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\ssv.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
(verified) NPSWF32_11_2_202_228.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
(verified) RadioWMPCoreGecko11.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko11.dll
(verified) RadioWMPCoreGecko19.dll C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
(verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
(verified) Switchy! Chrome Extension 1.6 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins\npSwitchy.dll
(verified) Thunder DapCtrl NPAPI Plugin C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.1.(394).dll
(verified) Thunder DapCtrl Plugin C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(885).dll
(verified) Thunder7 c:\program files (x86)\thunder network\thunder\bho\xlbrowseraddin1.0.6.69.dll
(verified) ThunderComponent C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
(verified) Unity Player C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) xl_chrome_plugin C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbifdmobcbjlhplmlnbjbofnnoolink\1.6_0\xl_chrome.dll
(verified) XunLei Plugin C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.1.dll
(verified) 迅雷7 c:\program files (x86)\thunder network\thunder\bho\xunleibho7.2.5.3364.dll


Scan
----
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
MD5: c31d40afc1e5890f0b8c9d6356ae6e7b C:\Program Files (x86)\Launch Manager\NTKCUtl.dll
MD5: 3126ee76b617813b323115f2ed6960cb C:\Program Files (x86)\Rainmeter\Plugins\PerfMon.dll
MD5: a3044d2ee5c81b7e24cabc5326affb2e C:\Program Files (x86)\Rainmeter\Plugins\PowerPlugin.dll
MD5: e7ed59dbbb60e73bb2815a93fa9d0234 C:\Program Files (x86)\Rainmeter\Plugins\RecycleManager.dll
MD5: 5386c0d6e276b20f5bceae96b44158ce C:\Program Files (x86)\Rainmeter\Plugins\SysInfo.dll
MD5: f527cac688fc2a69491097d8c93be82a C:\Program Files (x86)\Rainmeter\Plugins\WifiStatus.dll
MD5: 566f715374434149e4b3789c3fe61796 C:\Program Files (x86)\Rainmeter\Plugins\Win7AudioPlugin.dll
MD5: eebd1d1c0b96c6bba285e216d39f0924 C:\Program Files (x86)\Rainmeter\Rainmeter.dll
MD5: c62a32ac700421546ceb581ce391c9d6 C:\Program Files (x86)\Rainmeter\Rainmeter.exe
MD5: ddadeb9f9835968c120ff05f4c532fad C:\Program Files\AVAST Software\Avast\defs\12042100\algo.dll
MD5: be1265b021dea5f9a0175de40425e527 C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
MD5: 8d7de77590f586fa630a2322e35b45ed C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
MD5: 86c4e74d70167bc01826b0ed3f442b4b C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko12.dll
MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
MD5: d55024f2e996643e54d736c83b4a4e8e C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
MD5: 816c504ac507224f0ec4f72f2024b028 C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sc66ygum.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
MD5: 87013fc7f29da40be7a52bb5b07a5c8c C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\10e15089d8fc56e52c1b257b09d484e3\IAStorDataMgr.ni.dll
MD5: df0de6c8ceaefca90d9b22ec7d5c23f8 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\c3d4c8fe1b7afc44c48e5eb24689707e\IAStorDataMgrSvc.ni.exe
MD5: 98be0259940de347956e47a30fe272cf C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MD5: aecfc98a09de9fa372ed0afd2e7ab9f3 C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c9f86107711667159f5a87d8ed9e075a\IsdiInterop.ni.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MD5: 9368bac6d09b20ca367b13c5ce02730e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MD5: 960e6974343d0903de3b5607e200c94c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
MD5: 746d8a021ebb45b2602d33c2fe2c0420 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MD5: 673c39ec95b3623f198e8eed3f97f80c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\Windows\Downloaded Program Files\qsax.dll
MD5: 9f8210675bd2acc283959bb33f0307df C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.00 MB sent, 0.14 KB recvd
Scanned 475 files and modules - 37 seconds

==============================================================================


Speedtest:
Posted Image
  • 0

#15
RKinner
Posted 21 April 2012 - 01:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Doesn't sound that bad. 1 minute for login and 30 seconds for rainmeter sounds pretty decent.

If you are still seeing the lag then leave Process Explorer up and switch to it when the lag happens and see if you can see what is using the CPU cycles. (Hitting Space bar will stop it from changing).

You can also look in the services menu for Windows Management Instrumentation. Right click on it and select Properties then Dependencies. Normally there are three:
Internet Connection Sharing (ICS),
IP Helper
Security Center

Anything else can be turned off to see if it is the cause of the problem. (Find the service, right click on it and select Properties then change the Startup Type: to Disabled then APPLY and STOP the service. HP programs are notorious for being poorly written.)

Another possibility which sometimes helps:

Download ShellExView.

http://www.nirsoft.n...s/shexview.html


Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the lags.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP