Windows Diagnostic infection - Program Files shortcut problem

C

CHLIU

New Member
continuing:

c:\Users\LIU\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\liu-pc_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flash\980ef71b_c41b_511c_2591_1c44d72c2cec.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\0592f407_3d4c_caf9_54b8_9df51e45793c.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\05ab3df7_96f7_f3c1_c7e4_57c5af04df14.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\066bfa23_9783_739f_2459_ba891ea66d34.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\0911a5df_fa44_164a_8502_afc9f921946c.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\0ff1f136_5915_bde9_a422_22aa9cbdc2a3.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\19037f00_64b6_855b_bcb5_de37f6538f97.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\19e0a898_4a6b_0ac0_f4af_5d012464b2f6.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\1bac7ebe_d7a6_54da_5dc5_933f05b6dd50.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\1e035502_89da_3c1b_2e7d_39cab9fb7307.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\202f3106_3d86_3e00_5b50_9d97a900ba03.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\35fd07a9_3462_fab1_78f0_85c07123d022.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\3bd9da56_d8a5_d6cf_afbc_c8812cb4cdea.date1305580578.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\3eefb90b_c946_8b7b_0c08_9278aef747b2.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\417a75b1_4062_888c_8890_0de6d0bf3f8f.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\42f73ea7_62a2_99f3_eff0_19077d4330c3.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\432162c3_2811_ec46_659e_e8b1b876a472.date1303597463.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\5063a532_ed17_a8ea_443d_dbb695e989ff.date1305804206.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\5399d719_1e56_bdbd_8b26_b87123013d57.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\577fbbe0_6b57_ae58_740b_4a351c6108dc.date1305694907.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\5f0875ac_463a_dcd4_c54e_d8bd9c112f4a.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\61510264_071f_a9c7_bd54_7a0509e6f48b.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\6601537d_9ad3_ad5a_abe1_21fdd3fa1126.date1305859824.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\6a8d5ed7_d2bf_c868_3f07_70831a084d3c.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\6da894eb_ebd3_fd6b_e80a_6a8b038f14b6.date1305859824.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\73991fd0_ebda_d973_cb58_c5037dc4b9af.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\75de27e8_d33f_dc61_a715_b944bae4b2dd.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\77e12a01_5f44_de43_8655_0df3bdf46564.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\7936cdc1_21e8_d648_23eb_10089fdf258a.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\8355b1e5_1e71_38ab_19db_b78d7cfef3ef.date1305694907.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\84de0843_65ac_810e_365a_67ef5cc4f69e.date1305890632.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\85982499_5c78_98bb_4d06_5935dd59088f.date1303597463.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\8bc775cd_ba7a_1296_c741_4eb61c0feb96.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\9b1f9dfe_2b01_a8ca_1a3e_0c0c37593e04.date1305600407.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\a0ee6889_0a7e_429b_03eb_775619512f74.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\a984887b_4b95_6c06_5507_9c417174458b.date1305314637.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\a9fe845b_12af_5dc4_f22b_0c3a3d9b9110.date1305314637.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\ad55237a_1d7a_1f93_91fe_f4839278e83f.date1303597463.flv (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\b14f3e5e_39be_5587_b8cd_0487407c52da.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\b36f7c70_b57f_20ca_95e6_3f21b448217d.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\b7562ce6_0285_8927_fc35_da702fb83c02.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\bce941cf_72fb_e345_6c44_39b1455466be.date1303749278.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\c355c0b8_4929_98d2_4e80_4fc7d20c6503.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\c476bf0c_8a8e_8439_868a_c6d569cf52df.date1305580578.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\c7b8eef0_99b0_8d02_0054_b4be04163027.date1304225939.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\cd6c30bc_187d_88ec_b292_97c93d341e11.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\cf6c9342_fff5_1b58_405a_404728bb52eb.date1305804206.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\d783f4f4_ff1d_dac6_0eb8_5d59d968ec05.date1305504254.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\d8e7bc85_854f_8755_a36b_79eba2a99612.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\db333118_cf35_10fa_b579_fc5ea733989b.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\e3c61cf8_e5db_8244_0413_da5351d8f69d.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\ede2b6be_33a9_139f_de84_a9981770b2d5.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\f2d9789a_7515_8793_a350_98c47e71c444.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\f5ff9a31_84e9_f8b5_fb10_8a623b7f4ebb.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\f8ea1151_8ca4_59a5_cb11_c38bd9ee26c9.date1305314636.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashNew\facc8125_adb0_c38f_6394_bdc0ed002f6c.date1303597463.swf (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\cache\flashstamp\blank.gif (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\名?探柯南-第615集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第10集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第11集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第12集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第13集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第14集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第15集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第161集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第16集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第17集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第18集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第19集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第1集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第200集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第20集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第21集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第22集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第23集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第24集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第25集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第26集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第27集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第28集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第29集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第2集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第30集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第31集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第32集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第33集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第34集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第35集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第36集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第37集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第38集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第39集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第3集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第40集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第41集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第42集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第43集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第44集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第45集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第46集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第47集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第48集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第497集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第49集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第4集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第50集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第51集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第52集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第53集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第54集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第59集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第5集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第6集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第7集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第8集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\historytorrent\海?王-第9集.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\1451101_1268545035_452.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\1451101_1269751503_694.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\14669960_1263174334_463.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1261359980_386.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1261962952_905.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1264405603_500.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1264990481_630.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1265591798_65.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1266290176_165.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1266802844_711.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1268034052_11.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\16727680_1269242510_27.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\17239948_1263779573_692.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\17239948_1267407438_926.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1282534701_591.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1283752504_562.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1287380192_78.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289116054_375.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702071_741.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702072_759.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702073_117.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702073_326.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702075_466.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702075_865.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702076_74.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702078_977.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702079_492.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702080_114.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702080_551.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702081_290.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702082_743.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702083_64.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702084_729.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702086_463.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702087_842.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702088_317.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702089_803.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702090_187.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702090_243.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702091_503.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702092_620.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702093_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702093_957.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702094_736.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702095_286.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702096_491.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702096_67.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702097_447.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702098_326.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702099_483.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702100_871.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702101_46.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702101_905.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702103_742.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702104_638.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702105_375.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702106_361.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702107_114.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702107_864.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702108_688.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702109_625.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702110_197.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702113_329.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702113_892.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702114_168.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702114_405.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702115_120.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702116_483.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702117_764.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702118_335.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702118_977.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702119_759.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702120_336.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702121_670.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702122_31.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702123_463.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702124_500.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702127_207.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702128_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702129_875.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702130_153.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702131_437.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702132_381.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702133_182.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702133_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702134_537.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702135_182.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702137_831.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702138_715.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702139_603.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702140_682.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289702141_450.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1289710688_150.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1290323624_421.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1290924688_351.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1291529290_795.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1292134703_652.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1292736073_245.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1293341342_275.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1294547124_73.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1295158123_835.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1295764215_557.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1297583420_774.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1298702526_5.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1298702527_578.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1298702527_626.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1299386997_163.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1300603282_392.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1301222377_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1303020559_643.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18277256_1304835935_652.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1284876206_11.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1285482536_226.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1286768589_133.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1287975476_199.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1288682373_833.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1296370088_685.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\18524595_1301819330_305.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\2332025_1298179840_572.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\4125403_1270462439_978.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\434208cfd4ec3a1.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1271051762_81.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1271663170_651.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1272189266_33.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1272905883_693.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1273395301_235.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1274078418_366.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1274613139_511.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1275231261_657.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1280662134_949.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1281254753_972.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1281930372_802.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1283072465_437.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1284281433_697.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1286096084_968.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649464_159.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649464_419.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649465_427.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649465_753.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649465_92.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649466_964.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649468_117.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649469_46.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649469_743.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649472_628.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649477_548.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649483_445.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649483_502.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649484_528.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649485_309.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649485_78.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649488_495.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649488_511.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649489_242.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649489_814.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649490_233.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649490_537.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649491_504.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649491_837.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649492_122.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649492_264.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649493_412.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649493_870.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649499_571.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649499_67.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649505_532.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649505_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649505_985.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649506_169.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649506_68.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649507_730.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649508_516.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649508_777.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649508_83.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649511_592.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649512_151.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649515_43.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649515_782.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649516_317.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649517_243.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649517_751.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649518_449.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649518_673.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649519_748.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649877_598.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649880_472.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1290649881_740.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\Seed\6634280_1296971890_457.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\adlinkparamfile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\ad_define.fai.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\flashnew.json (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\flashparam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\flashparam.txt.bak (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
c:\Users\LIU\funshion\update\Pop Game.lnk (Adware.Funshion) -> Quarantined
 
C

CHLIU

New Member
hijackthis logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 08:51:47, on 2011/5/20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Windows\vsnpstd3.exe
C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
E:\PPS.tv\PPStream\PPSAP.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\PPS.tv\PPStream\PPStream.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\setup_9.0.0.722_20.05.2011_08-09.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: PPS.lnk = C:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O8 - Extra context menu item: UseFlashGet - D:\Downloads\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Downloads\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用迅雷下載全部連結 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files (x86)\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra 'Tools' menuitem: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra 'Tools' menuitem: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra button: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lib-ezproxy.tamu.edu:2048/lib/tamu/support/plugins/ebraryRdr.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} (KrbClient Class) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\SoDAHK.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18483 bytes
 
johnb35

johnb35

Administrator
Staff member
Please uninstall AVG so you can perform the following procedure. Combofix will not run while AVG is installed.



Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
C

CHLIU

New Member
In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
[/QUOTE]

The ComboFix log:

ComboFix 11-05-19.02 - LIU /05/20 星期五 22:07:57.1.4 - x64
執行位置: K:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Pop Game.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Shopping Sites.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_img_415jza.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_img_914jza.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_1112hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11615hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11616hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11617hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11642hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11644hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11645hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11646hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_11648hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12872hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12873hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12904hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_12907hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13292hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13444hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13473hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13474hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13654hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_13992hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14113hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14114hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14121hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14152hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14172hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14173hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14192hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_14452hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15290hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15323hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15326hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15346hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_15353hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_16064hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_2915hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_2920hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_336hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_338hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_339hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_340hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_341hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_342hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_343hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_345hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_362hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_371hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_398hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9244hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9248hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9249hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9250hhb.jpg
c:\users\LIU\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_9261hhb.jpg
c:\users\LIU\AppData\Roaming\Adobe\plugs
c:\users\LIU\AppData\Roaming\Adobe\plugs\mmc146321496.txt
c:\users\LIU\AppData\Roaming\Adobe\shed
c:\users\LIU\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\Downloaded Program Files\1.1.0.2770
c:\windows\Downloaded Program Files\1.1.0.2770\auc_lib.dll
c:\windows\Downloaded Program Files\1.1.0.2770\daas_s.dll
c:\windows\Downloaded Program Files\1.1.0.2770\DownloadManagerV2.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\ebraryRdr.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\fds.dll
c:\windows\Downloaded Program Files\1.1.0.2770\flashplaydll.dll
c:\windows\Downloaded Program Files\1.1.0.2770\fscax.dll
c:\windows\Downloaded Program Files\1.1.0.2770\fslauncher.dll
c:\windows\Downloaded Program Files\1.1.0.2770\GNowStarter.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\gp.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\JuniperSetupClient.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\Livenet.dll
c:\windows\Downloaded Program Files\1.1.0.2770\Livenet2.dll
c:\windows\Downloaded Program Files\1.1.0.2770\medialist.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\mlist.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\npTVUAx.dll
c:\windows\Downloaded Program Files\1.1.0.2770\powerlist.ocx
c:\windows\Downloaded Program Files\1.1.0.2770\PowerPlayer.dll
c:\windows\Downloaded Program Files\1.1.0.2770\pp2play.dll
c:\windows\Downloaded Program Files\1.1.0.2770\ppsimage.dll
c:\windows\Downloaded Program Files\1.1.0.2770\psclg.dll
c:\windows\Downloaded Program Files\1.1.0.2770\psnetwork.dll
c:\windows\Downloaded Program Files\1.1.0.2770\Vodnet.dll
c:\windows\Downloaded Program Files\1.1.0.2770\Vodres.dll
c:\windows\Downloaded Program Files\cache
c:\windows\struct~.ini
c:\windows\SysWow64\admshare.dat
.
.
((((((((((((((((((((((((( 2011-04-21 至 2011-05-21 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2011-05-21 03:20 . 2011-05-21 03:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-21 03:20 . 2011-05-21 03:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-21 03:02 . 2011-05-21 03:03 -------- d-----w- C:\32788R22FWJFW
2011-05-21 00:49 . 2011-05-21 00:49 -------- d-----w- c:\users\LIU\AppData\Roaming\Malwarebytes
2011-05-21 00:49 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-21 00:49 . 2011-05-21 00:49 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 00:49 . 2011-05-21 00:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-21 00:49 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 00:44 . 2011-05-21 01:10 -------- d-----w- c:\program files (x86)\Ask.com
2011-05-20 12:15 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-20 12:15 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-20 12:15 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-05-20 10:57 . 2011-05-20 10:57 388096 ----a-r- c:\users\LIU\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 10:57 . 2011-05-20 10:57 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-20 05:43 . 2011-05-20 05:43 -------- d-----w- c:\users\LIU\AppData\Roaming\f-secure
2011-05-20 05:42 . 2011-05-20 05:42 -------- d-----w- C:\$AVG
2011-05-20 05:25 . 2011-05-20 05:25 -------- d-----w- c:\users\LIU\AppData\Roaming\AVG10
2011-05-20 05:18 . 2011-05-20 05:18 -------- d-----w- c:\programdata\Common Files
2011-05-20 05:13 . 2011-05-21 02:53 -------- d-----w- c:\programdata\AVG10
2011-05-20 05:08 . 2011-05-21 02:57 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-20 05:06 . 2011-05-20 05:06 -------- d-----w- c:\program files (x86)\AVG
2011-05-20 05:03 . 2009-10-22 18:54 40464 ----a-w- c:\windows\system32\drivers\76733322.sys
2011-05-20 05:03 . 2009-10-10 04:30 352784 ----a-w- c:\windows\system32\drivers\7673332.sys
2011-05-20 05:03 . 2009-09-25 22:59 157712 ----a-w- c:\windows\system32\drivers\76733321.sys
2011-05-20 04:52 . 2011-05-21 02:49 -------- d-----w- c:\programdata\MFAData
2011-05-20 04:27 . 2011-05-20 04:27 -------- dc----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-05-20 04:27 . 2011-05-20 04:27 -------- d-----w- c:\program files (x86)\Uniblue
2011-05-20 04:26 . 2011-05-20 04:26 -------- d-----w- c:\users\LIU\AppData\Local\PackageAware
2011-05-17 07:27 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50851374-5853-4E49-B2A6-D3F77751918E}\mpengine.dll
2011-05-17 01:38 . 2011-05-17 01:38 -------- d-----w- c:\program files (x86)\FoxTabFlvPlayer
2011-05-13 21:46 . 2011-05-21 00:56 -------- d-----w- c:\programdata\Skype Extras
2011-05-13 21:45 . 2011-05-13 21:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-11 22:50 . 2011-05-11 22:50 32 ----a-w- C:\temp.tmp
2011-05-01 17:59 . 2011-05-01 17:59 -------- d-----w- C:\avrescue
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-27 09:31 . 2011-03-27 09:31 42839 ----a-w- c:\windows\SysWow64\mp3.zip
2011-03-21 23:49 . 2011-03-21 23:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-21 23:49 . 2011-03-21 23:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-21 23:49 . 2011-03-21 23:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-21 23:49 . 2011-03-21 23:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-21 23:49 . 2011-03-21 23:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-21 23:49 . 2011-03-21 23:49 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-21 23:49 . 2011-03-21 23:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-21 23:49 . 2011-03-21 23:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-21 23:49 . 2011-03-21 23:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-21 23:49 . 2011-03-21 23:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-21 23:49 . 2011-03-21 23:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-21 23:49 . 2011-03-21 23:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-21 23:49 . 2011-03-21 23:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-21 23:49 . 2011-03-21 23:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-21 23:49 . 2011-03-21 23:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-21 23:48 . 2011-03-21 23:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-21 23:48 . 2011-03-21 23:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-21 23:48 . 2011-03-21 23:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-21 23:48 . 2011-03-21 23:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-21 23:48 . 2011-03-21 23:48 448512 ----a-w- c:\windows\system32\html.iec
2011-03-21 23:48 . 2011-03-21 23:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-21 23:48 . 2011-03-21 23:48 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-21 23:48 . 2011-03-21 23:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-21 23:48 . 2011-03-21 23:48 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-21 23:48 . 2011-03-21 23:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-21 23:48 . 2011-03-21 23:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-21 23:48 . 2011-03-21 23:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-21 23:48 . 2011-03-21 23:48 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-09 11:06 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TopmostClock"="c:\program files (x86)\Topmost Clock\TopMostClock.exe" [2002-09-07 540672]
"PPS Accelerator"="e:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
"UniblueRegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 49152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-16 126976]
.
c:\users\LIU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
funshion.lnk - c:\program files (x86)\Funshion Online\Funshion\Funshion.exe [N/A]
PPS.lnk - c:\pps.tv\PPStream\PPStream.exe [2011-4-5 4553608]
setup_9.0.0.722_20.05.2011_08-09.lnk - c:\users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe [2011-5-20 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 GPU-Z;GPU-Z;c:\users\LIU\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 76733322;76733322 Boot Guard Driver;c:\windows\system32\DRIVERS\76733322.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 76733321;76733321;c:\windows\system32\DRIVERS\76733321.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 setup_9.0.0.722_20.05.2011_08-09drv;setup_9.0.0.722_20.05.2011_08-09drv;c:\windows\system32\DRIVERS\7673332.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
‘計劃任務’ 文件夾 裡的內容
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
2011-05-21 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: UseFlashGet - d:\downloads\FlashGet\ComDlls\Bholink.htm
IE: UseFlashGetDownloadAllLink - d:\downloads\FlashGet\ComDlls\Bhoall.htm
IE: 使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bholink.htm
IE: 使用迅雷下載全部連結 - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
IE: 全部使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bhoall.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files (x86)\Thunder Network\WebThunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
IE: 轉換為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換連結目標到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換連結目標為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換選定的連結到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: 轉換選定的連結為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: 轉換選擇內容到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換選擇內容為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 附加至現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0062C9BD-B349-40DE-91A0-755F37ACD559}
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {{95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58
IE: {{95B3F550-91C4-4627-BCC4-521288C52979} - c:\program files (x86)\PPLive\PPVA\PPLiveVA.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: ecpa.cpa.gov.tw
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
FF - ProfilePath - c:\users\LIU\AppData\Roaming\Mozilla\Firefox\Profiles\cd323wjo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd5f95d&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=zh-TW&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-ClubBox - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*1*_*b*y*_*灼\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*5*
0\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
完成時間: 2011-05-20 22:24:00
ComboFix-quarantined-files.txt 2011-05-21 03:24
.
Pre-Run: 2,065,690,624 位元組可用
Post-Run: 4,525,789,184 位元組可用
.
- - End Of File - - 03D81EDE993423F83D7464DA08455744
 
C

CHLIU

New Member
The hijackthis logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 下午 10:28:38, on 2011/5/20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
E:\PPS.tv\PPStream\PPSAP.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\setup_9.0.0.722_20.05.2011_08-09.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O2 - BHO: Windows Live ID 登入協助程式 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TopmostClock] C:\Program Files (x86)\Topmost Clock\TopMostClock.exe
O4 - HKCU\..\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: PPS.lnk = C:\PPS.tv\PPStream\PPStream.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O8 - Extra context menu item: UseFlashGet - D:\Downloads\FlashGet\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - D:\Downloads\FlashGet\ComDlls\Bhoall.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: 使用迅雷下載全部連結 - C:\Program Files (x86)\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files (x86)\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra 'Tools' menuitem: 脤艘厙珜窒芞 - {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra 'Tools' menuitem: PP.tv Video-Search - {95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58 (file missing)
O9 - Extra button: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O9 - Extra 'Tools' menuitem: PPLive Video Accelerator - {95B3F550-91C4-4627-BCC4-521288C52979} - C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.lib-ezproxy.tamu.edu:2048/lib/tamu/support/plugins/ebraryRdr.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} (KrbClient Class) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.cn/download/SOPCORE.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} (AresPKIAtx.AtxClient) - http://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16244 bytes

Before using the steps of your suggestion, my computer sometimes works abnormally such that I need to enforce to shut down my computer.
Currently, the computer works normally.
Again, I would like to thank your helps.
 
Last edited:
C

CHLIU

New Member
I have tried to use Winrar, and the winrar.exe does not work well.
The computer will stop so that I need to enforce to shut down it.
I do not know why this may happen.
Also I tried to ctrl+alt+del, the taskmgr does not show up. Instead an error message has shown up.
John, do you have any idea about this?
 
Last edited:
johnb35

johnb35

Administrator
Staff member
You still have a mess going here.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Driver::
76733322
76733321
setup_9.0.0.722_20.05.2011_08-09drv

File::
c:\windows\system32\DRIVERS\76733322.sys 
c:\windows\system32\DRIVERS\76733321.sys 
c:\windows\system32\DRIVERS\7673332.sys 

Reglock::
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*1*1*_*b*y*_*灼\OpenWithList]
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*1*cT]
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*1*cT\OpenWithList]
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*7*5*0\OpenWithList]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\St artMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Also, I need you to post an uninstall list using hijackthis, as you have some software that needs to be uninstalled.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it. Then copy and paste the log back here.
 
C

CHLIU

New Member
Hi, John,

I followed your instruction.
Below are the logs.


1. ComboFix logs

ComboFix 11-05-19.02 - LIU /05/21 星期六 17:23:06.2.4 - x64
執行位置: c:\users\LIU\Desktop\ComboFix.exe
Command switches used :: c:\users\LIU\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
FILE ::
"c:\windows\system32\DRIVERS\7673332.sys"
"c:\windows\system32\DRIVERS\76733321.sys"
"c:\windows\system32\DRIVERS\76733322.sys"
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 (the files have been deleted))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\7673332.sys
c:\windows\system32\DRIVERS\76733321.sys
c:\windows\system32\DRIVERS\76733322.sys
c:\windows\SysWow64\admshare.dat
.
.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 (drives/services))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_76733321
-------\Legacy_76733322
-------\Legacy_setup_9.0.0.722_20.05.2011_08-09drv
-------\Service_76733321
-------\Service_76733322
-------\Service_setup_9.0.0.722_20.05.2011_08-09drv
.
.
((((((((((((((((((((((((( 2011-04-21 至 2011-05-21 的新的檔案 (new files))))))))))))))))))))))))))))))))
.
.
2011-05-21 22:37 . 2011-05-21 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-21 22:37 . 2011-05-21 22:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-21 19:42 . 2011-05-21 19:42 -------- d-----w- c:\users\LIU\AppData\Local\{9D2432CF-0859-4778-90D7-E6AA5A39A38D}
2011-05-21 08:10 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D904F49B-B2FA-4D99-A3FB-FDEC11B48E59}\mpengine.dll
2011-05-21 07:41 . 2011-05-21 07:41 -------- d-----w- c:\users\LIU\AppData\Local\{80BFF129-3416-4F1C-B99C-9DC499E03156}
2011-05-21 06:47 . 2011-05-21 06:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-21 06:35 . 2011-05-21 06:35 -------- d-----w- c:\users\LIU\AppData\Roaming\Uniblue
2011-05-21 03:58 . 2011-05-21 03:58 -------- d-----w- c:\programdata\WindowsSearch
2011-05-21 00:49 . 2011-05-21 00:49 -------- d-----w- c:\users\LIU\AppData\Roaming\Malwarebytes
2011-05-21 00:49 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-21 00:49 . 2011-05-21 00:49 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 00:49 . 2011-05-21 00:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-21 00:49 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 00:44 . 2011-05-21 01:10 -------- d-----w- c:\program files (x86)\Ask.com
2011-05-20 12:16 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-20 12:15 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-20 12:15 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-05-20 12:15 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-05-20 12:15 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-20 12:15 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-20 12:15 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-05-20 12:15 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-05-20 12:15 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-05-20 12:15 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-20 12:15 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-20 12:15 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-05-20 10:57 . 2011-05-20 10:57 388096 ----a-r- c:\users\LIU\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-20 10:57 . 2011-05-20 10:57 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-20 05:43 . 2011-05-20 05:43 -------- d-----w- c:\users\LIU\AppData\Roaming\f-secure
2011-05-20 05:42 . 2011-05-20 05:42 -------- d-----w- C:\$AVG
2011-05-20 05:25 . 2011-05-20 05:25 -------- d-----w- c:\users\LIU\AppData\Roaming\AVG10
2011-05-20 05:18 . 2011-05-20 05:18 -------- d-----w- c:\programdata\Common Files
2011-05-20 05:13 . 2011-05-21 02:53 -------- d-----w- c:\programdata\AVG10
2011-05-20 05:08 . 2011-05-21 08:41 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-20 05:06 . 2011-05-20 05:06 -------- d-----w- c:\program files (x86)\AVG
2011-05-20 04:52 . 2011-05-21 02:49 -------- d-----w- c:\programdata\MFAData
2011-05-20 04:26 . 2011-05-20 04:26 -------- d-----w- c:\users\LIU\AppData\Local\PackageAware
2011-05-17 01:38 . 2011-05-17 01:38 -------- d-----w- c:\program files (x86)\FoxTabFlvPlayer
2011-05-13 21:46 . 2011-05-21 00:56 -------- d-----w- c:\programdata\Skype Extras
2011-05-13 21:45 . 2011-05-13 21:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-11 22:50 . 2011-05-11 22:50 32 ----a-w- C:\temp.tmp
2011-05-01 17:59 . 2011-05-01 17:59 -------- d-----w- C:\avrescue
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 (modified files within three months)))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 10:07 . 2010-05-22 04:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-27 09:31 . 2011-03-27 09:31 42839 ----a-w- c:\windows\SysWow64\mp3.zip
2011-03-21 23:49 . 2011-03-21 23:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-21 23:49 . 2011-03-21 23:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-21 23:49 . 2011-03-21 23:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-21 23:49 . 2011-03-21 23:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-21 23:49 . 2011-03-21 23:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-21 23:49 . 2011-03-21 23:49 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-21 23:49 . 2011-03-21 23:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-21 23:49 . 2011-03-21 23:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-21 23:49 . 2011-03-21 23:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-21 23:49 . 2011-03-21 23:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-21 23:49 . 2011-03-21 23:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-21 23:49 . 2011-03-21 23:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-21 23:49 . 2011-03-21 23:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-21 23:49 . 2011-03-21 23:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-21 23:49 . 2011-03-21 23:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-21 23:49 . 2011-03-21 23:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-21 23:49 . 2011-03-21 23:49 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-21 23:49 . 2011-03-21 23:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-21 23:49 . 2011-03-21 23:49 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-21 23:49 . 2011-03-21 23:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-21 23:49 . 2011-03-21 23:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-21 23:49 . 2011-03-21 23:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-21 23:48 . 2011-03-21 23:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-21 23:48 . 2011-03-21 23:48 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-21 23:48 . 2011-03-21 23:48 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-21 23:48 . 2011-03-21 23:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-21 23:48 . 2011-03-21 23:48 448512 ----a-w- c:\windows\system32\html.iec
2011-03-21 23:48 . 2011-03-21 23:48 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-21 23:48 . 2011-03-21 23:48 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-21 23:48 . 2011-03-21 23:48 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-21 23:48 . 2011-03-21 23:48 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-21 23:48 . 2011-03-21 23:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-21 23:48 . 2011-03-21 23:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-21 23:48 . 2011-03-21 23:48 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-21 23:48 . 2011-03-21 23:48 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-09 11:06 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:59 . 2011-05-20 12:15 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-05-20 12:15 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-05-20 12:15 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40 . 2011-05-20 12:15 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-20 12:15 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-20 12:15 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-20 12:15 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-21_03.21.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-20 12:16 . 2011-02-24 16:37 20864 c:\windows\system32\kdusb.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37 17792 c:\windows\system32\kdcom.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37 18816 c:\windows\system32\kd1394.dll
+ 2011-05-20 12:16 . 2011-02-18 14:16 90624 c:\windows\system32\drivers\bowser.sys
- 2008-06-21 17:57 . 2008-01-18 13:54 90624 c:\windows\system32\drivers\bowser.sys
- 2008-06-20 14:00 . 2011-05-21 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 14:00 . 2011-05-21 20:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-20 14:00 . 2011-05-21 20:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-20 14:00 . 2011-05-21 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-20 14:00 . 2011-05-21 20:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-20 14:00 . 2011-05-21 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-10 02:58 . 2011-01-08 09:03 48128 c:\windows\system32\atmlib.dll
+ 2011-05-20 12:17 . 2011-02-16 16:37 48128 c:\windows\system32\atmlib.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 90624 c:\windows\assembly\NativeImages_v2.0.50727_64\stdole\c2e290ea5939ffa8c97df48143ce963f\stdole.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 72192 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\b5060cde905fc2985ea40240302ef790\PresentationFontCache.ni.exe
+ 2011-05-21 09:22 . 2011-05-21 09:22 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\2a8fab25b6260d8c5e473a90e7d27b10\PresentationCFFRasterizer.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 33792 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Run#\d4be04e6290beb4e9d92ada1e95efcd3\Microsoft.WSMan.Runtime.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\26da6ec39849c357d0b30c7acf596f75\Microsoft.VisualC.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 62464 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtCOM\d0c7254acc5449c40ebb845268abb32f\ehiExtCOM.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 62976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtCOM\f7b19312ce7a502f6e41b3f92b1108c0\ehExtCOM.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 28672 c:\windows\assembly\NativeImages_v2.0.50727_64\dfsvc\6493cd4844de8d93bcdc28dcb9c7675c\dfsvc.ni.exe
+ 2011-05-21 09:16 . 2011-05-21 09:16 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\e22a0825c6807a3387bbb9dcf9b751b4\Accessibility.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\19e65cc6f0b9e1351800b927c5fc84a1\UIAutomationProvider.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\bcef6f53118369be4ca1220016317094\System.Windows.Presentation.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\86a5c7b7ac7ba6b5af26281e8b23c61f\System.Web.DynamicData.Design.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89b58b78f98b2c73ed5467e545347212\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\60c1f7d6f44dbf1bdda4ff4fe625cf65\System.AddIn.Contract.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\0c7b2a0925eee0967c30fc4cdf49a837\PresentationFontCache.ni.exe
+ 2011-05-21 08:58 . 2011-05-21 08:58 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\3c1c77ff2b66cce626dd6746f81bcc80\PresentationCFFRasterizer.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 79872 c:\windows\assembly\NativeImages_v2.0.50727_32\napcrypt\d0abd01879b714a1b9348c754b91555c\napcrypt.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\a75c2084db4f608227eda8715f5601a4\Microsoft.WSMan.Runtime.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\669d9f05659d54eab4f5a3820916105b\Microsoft.Vsa.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\6c984804de9a0d7de8e7bd5f06ac5b1f\Microsoft.VisualC.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\910cc782cef5b01e5b1e54b7afc78c63\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\85830306e830dcac325690954298ab02\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 57856 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiUserXp\b9d02f5f6acc6c11170481d9928c48c4\ehiUserXp.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\bbd8ff7eb576e32b912bcbe73b093419\dfsvc.ni.exe
+ 2011-05-21 08:44 . 2011-05-21 08:44 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\565d193dfea32659de5c814de5207abc\Accessibility.ni.dll
- 2011-02-10 16:45 . 2011-01-20 14:57 479744 c:\windows\system32\XpsGdiConverter.dll
+ 2011-05-20 12:17 . 2011-02-22 14:47 479744 c:\windows\system32\XpsGdiConverter.dll
+ 2011-05-20 12:16 . 2011-02-24 16:38 979840 c:\windows\system32\winresume.exe
+ 2006-11-08 12:19 . 2011-05-21 05:22 337606 c:\windows\system32\prfh0404.dat
+ 2006-11-08 12:19 . 2011-05-21 05:22 104554 c:\windows\system32\prfc0404.dat
+ 2006-11-02 12:46 . 2011-05-21 05:22 598702 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-05-21 05:22 104716 c:\windows\system32\perfc009.dat
+ 2011-05-20 12:16 . 2011-03-03 16:02 975872 c:\windows\system32\inetcomm.dll
+ 2011-05-20 12:17 . 2011-02-12 05:38 269824 c:\windows\system32\FXSCOVER.exe
+ 2006-11-02 15:21 . 2011-05-21 05:53 391208 c:\windows\system32\FNTCACHE.DAT
- 2006-11-02 15:21 . 2011-02-10 03:24 391208 c:\windows\system32\FNTCACHE.DAT
- 2010-10-13 20:27 . 2010-09-06 15:33 145920 c:\windows\system32\drivers\srvnet.sys
+ 2011-05-20 12:17 . 2011-02-18 14:17 145920 c:\windows\system32\drivers\srvnet.sys
+ 2011-05-20 12:17 . 2011-02-18 14:17 176128 c:\windows\system32\drivers\srv2.sys
+ 2011-05-20 12:17 . 2011-02-18 14:18 450560 c:\windows\system32\drivers\srv.sys
- 2010-04-14 09:49 . 2010-02-23 11:32 106496 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-05-20 12:16 . 2011-02-18 14:16 106496 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-05-20 12:16 . 2011-02-18 14:16 274432 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-05-20 12:16 . 2011-02-18 14:16 135680 c:\windows\system32\drivers\mrxsmb.sys
- 2010-04-14 09:49 . 2010-02-23 11:32 135680 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-05-20 12:16 . 2011-02-24 16:38 979840 c:\windows\system32\Boot\winresume.exe
+ 2011-05-20 12:17 . 2011-02-16 14:15 367616 c:\windows\system32\atmfd.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 929280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Security\80ede06a6dad28ceb92e4badfbdae2c8\System.Security.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17 396288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\2cade508af9b8d3572d9694cf26e211c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 911872 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Net\e45ed0a118cb86edd189f932c390ac9b\System.Net.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 782848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\78968553edfea1de924cb22241c9a14e\System.Messaging.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 534016 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.I#\0bec578c80c5d5f941e47fec552cf72e\System.Management.Instrumentation.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 568832 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IO.Log\5fa6651d1f1d35457a81ebe1879c0469\System.IO.Log.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 294400 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityMode#\908ca4b6076b9fbd764f4e144dd6abd9\System.IdentityModel.Selectors.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 446464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4e9883ba777b8637d44e75ced9df52c8\System.EnterpriseServices.Wrapper.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42 289280 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\2b21e1449396b5bef01f7fbe2a075761\System.Drawing.Design.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17 650240 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\f6242f5fa2eb7c5fe03a903d10fe5fbd\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 489472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\a3e84409297322f787323f4ee21af822\System.Data.Services.Design.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 194560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.DataSet#\4f12ec2bdfe03a09e1ee836cda16b0d6\System.Data.DataSetExtensions.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17 191488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuratio#\fdadb0736d41edfa1566fbd59787c865\System.Configuration.Install.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 132096 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ComponentMod#\b2d736a1207b6d98728ea8bc1f4d0618\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 889856 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn\7f7aff55b617e3acc8b1c0b8b3eeeadc\System.AddIn.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 156672 c:\windows\assembly\NativeImages_v2.0.50727_64\System.AddIn.Contra#\6c6921a2853a8534d34a0943faf8c515\System.AddIn.Contract.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 297984 c:\windows\assembly\NativeImages_v2.0.50727_64\sysglobl\c4e8ea6f178a1bf7e1892220f3c6f66a\sysglobl.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 525824 c:\windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\6a20a552c6f1bd690ec6ba0f3c2aed11\SMSvcHost.ni.exe
+ 2011-05-21 09:18 . 2011-05-21 09:18 349184 c:\windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\db6d5845b196212f922184319fe2690f\SMDiagnostics.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\a7f57135dab4b027d08f967540a358bb\ServiceModelReg.ni.exe
+ 2011-05-21 07:41 . 2011-05-21 07:41 620544 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\d888d6b14f60299133567c29c31eb3cc\PresentationFramework.Luna.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41 279040 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\d1aaa68a1c87e9be6cd51041304ed4f7\PresentationFramework.Classic.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41 317440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\81a9420b00dac39197eee5922496597d\PresentationFramework.Royale.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41 463360 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\0f052e87b7ee16a6b2fbc0f49604f7bd\PresentationFramework.Aero.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 852992 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\1d3decedc93894161b950340745beb23\napsnap.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 154112 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\2109a805f6c59032f33d99264904ee09\napinit.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 177152 c:\windows\assembly\NativeImages_v2.0.50727_64\naphlpr\fdb67097ee60518a7a8d23911e1daf49\naphlpr.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 126464 c:\windows\assembly\NativeImages_v2.0.50727_64\napcrypt\08307be731b5f7391c572ac790feee2e\napcrypt.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 184320 c:\windows\assembly\NativeImages_v2.0.50727_64\MSBuild\a98eb080955fbfb2a788cdc32327aaf9\MSBuild.ni.exe
+ 2011-05-21 09:20 . 2011-05-21 09:20 414720 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\d82ec0dee31a07c6ac47f7fb8c5fa875\MMCFxCommon.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 657920 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.WSMan.Man#\f3a62412ef5f407ba1fe669c60e60c78\Microsoft.WSMan.Management.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 105984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Vsa\56b26f3cf4a90e19eed44441b1f49a5f\Microsoft.Vsa.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 584192 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\3cdda9c10cdc6db1e42fb085ce8d7de6\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 999936 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\cc6f792a9169021865a0a1ccebe7e959\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 416768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\bf5dd66f446ef9d19e88f576af2243f6\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22 713216 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a2637cdd28a97220b40adcbf640b3311\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 224768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\68d94344418f5e7a0990549903d7d0b7\Microsoft.PowerShell.Security.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 933376 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\704b2ceff574db095bb0f2f3361b53c6\Microsoft.MediaCenter.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 324608 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\4efeb3f7f163fcdec6af8198dcbf35a3\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 946688 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1deb09f66840b7610d40899c71b9c656\Microsoft.MediaCenter.Sports.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 794624 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\daabdf661cf443b268ead1f2fdb57c5b\Microsoft.ManagementConsole.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 373760 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\1f41ec3085193121ca5f0e5fd4a8674e\Microsoft.GroupPolicy.Interop.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 198656 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\a611e70fae7306fdd2a70f074bdeb7c8\Microsoft.Build.Utilities.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 228864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Uti#\7af2da0b9aee709a43281e8c659f5aa9\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 120832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\dc0577b1a1f37abcbf18ef67202c3d54\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 142336 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Fra#\8483fade8695fb4aade0e60f455131aa\Microsoft.Build.Framework.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 294912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Con#\85dae31cde0964355a405014981c635d\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\Mcx2Dvcs\61233315b557e62c754b0f3089829f37\Mcx2Dvcs.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 372224 c:\windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f52a18d4d8adda63247538c1ced4868a\mcupdate.ni.exe
+ 2011-05-21 09:20 . 2011-05-21 09:20 337920 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\db9e222fb09a787c0027c20f1b3ed733\mcstoredb.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 893952 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\129bfda294e27ea00209bc6f2a67603f\mcstore.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 108032 c:\windows\assembly\NativeImages_v2.0.50727_64\loadmxf\e1fa30a45b44ff3647d29e6f23c0553f\loadmxf.ni.exe
+ 2011-05-21 09:20 . 2011-05-21 09:20 645120 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\282b9198577d289bc38ed3755c042ccc\EventViewer.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 313856 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiWUapi\6755e4038419c116d30b4de5d2be8d75\ehiWUapi.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 927232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiwmp\ebe8720510b77a50cab9e7e51213ede0\ehiwmp.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 138752 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiUserXp\4036778f6edd9f160ac30fad35667e4a\ehiUserXp.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 151040 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiReplay\19e100517d541f33e761b39d6da3e591\ehiReplay.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 397824 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiExtens\2d55292c7d533b6e1dadbb36f51261e1\ehiExtens.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 368640 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\5561533e485e6c58612de7601f665233\ehExtHost.ni.exe
+ 2011-05-21 09:19 . 2011-05-21 09:19 409600 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepgdat\cdd0e815e96795eb377d588d6476a67f\ehepgdat.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_64\ehCIR\16b921e21b836561d80b27541a3c441e\ehCIR.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 348672 c:\windows\assembly\NativeImages_v2.0.50727_64\CustomMarshalers\1992a696357466a9a717d6467756cbb7\CustomMarshalers.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 640000 c:\windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\7a62a1dc741fd1630a2b55ecb0af591c\ComSvcConfig.ni.exe
+ 2011-05-21 09:16 . 2011-05-21 09:16 568320 c:\windows\assembly\NativeImages_v2.0.50727_64\BDATunePIA\a9ffb7a9120c4ec1657c432339f97b73\BDATunePIA.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d838a6606af8703d1828983e4eaead5\WsatConfig.ni.exe
+ 2011-05-21 09:03 . 2011-05-21 09:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a7053f38509cd157016b3bfccceb8f37\WindowsFormsIntegration.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\84d367fc31a2a78d9d9806c90336bd6f\UIAutomationTypes.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\2161cd27f6e97c0be6dd8e745603c835\UIAutomationClient.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03 235520 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\e671425660554ad34cec1b60aed7c008\TaskScheduler.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\a3bd0860a80dc61f232c4f3ca7d9f137\System.Xml.Linq.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\24e503132547ce6fe9bbf412e5447c69\System.Web.Routing.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\0caf396f060dbe01a2587834d6a4d823\System.Web.RegularExpressions.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\55bbb45ae998b33324105c61959a46cb\System.Web.Extensions.Design.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\c1a18b7306693a4e26e7768ad94d7cf7\System.Web.Entity.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\07c1f5cbf076797aeddb04890e737a35\System.Web.Entity.Design.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\cdd4a709bc48f962b98f421d51f013cf\System.Web.DynamicData.ni.dll
+ 2011-05-21 09:00 . 2011-05-21 09:00 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\ea67d43fa1402344ea60f72b1e48aa2d\System.Web.Abstractions.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\2e1f77805242e6ba616571580f9aad81\System.Transactions.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ce73262a893af528ab9fde7b033f6da2\System.ServiceProcess.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\1be007f7ea5af72f66440d21a786cf2f\System.Security.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4ebc669b482345b1efe452d4e2ee9705\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\45aadcfa5a64d65be508b335cd7a729e\System.Runtime.Remoting.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4e7fd11c9c5410e77f8855e0a8c8292d\System.Net.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\afeea6beb2d67a6e0c1aed0376e69777\System.Messaging.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6abb8798383d6fc844c467df6c6eeeeb\System.Management.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\c3dc94dfbced37c9b1ce840e8eac4a04\System.Management.Instrumentation.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\9d6f502b0c29e25d0986d1b2da79634f\System.IO.Log.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\15dae896a0a67f955349d09eb3812702\System.IdentityModel.Selectors.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34c839b0fd9f085105dc2c0a1219d02d\System.EnterpriseServices.Wrapper.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\34c839b0fd9f085105dc2c0a1219d02d\System.EnterpriseServices.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5dd2fa1f99b0570b7e8397adfa0e9e9a\System.Drawing.Design.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c37ae529e62c0374f8461754405c969e\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6beade2268ecf5e850c02502abe53cb8\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\db1e876ccd04cccd17dfcb22f8d0ebb2\System.Data.Services.Design.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\01cbc556eb008d89eed4a1b62a124184\System.Data.Services.Client.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\af472410b03f93c6606e92f862f39c8f\System.Data.Entity.Design.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\09a454a771ca774f81fbf31227e78c31\System.Data.DataSetExtensions.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\886c8bd1f835e78b659b71aeed3ed15a\System.Configuration.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\819da2483c5c1a292618a58247a5194a\System.Configuration.Install.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\12ba53baab1f1dfb681844e367a1a07f\System.AddIn.ni.dll
+ 2011-05-21 09:00 . 2011-05-21 09:00 232448 c:\windows\assembly\NativeImages_v2.0.50727_32\sysglobl\4e275b57357ccbae6a79720f0f8f0465\sysglobl.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\04a480b777f819e8ec461f6dc97f38c1\SMSvcHost.ni.exe
+ 2011-05-21 08:56 . 2011-05-21 08:56 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c0863c5df248b7e336227922615628a1\SMDiagnostics.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\cc40d1c026a087c5aa12b022bcdd3e60\ServiceModelReg.ni.exe
+ 2011-05-21 07:45 . 2011-05-21 07:45 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ae27ef98a34b890d92982d623fc38360\PresentationFramework.Royale.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8523057f6790305f4968da89e3f64be4\PresentationFramework.Classic.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0dac60e34d8e1b520fa8ebcb4acc85ae\PresentationFramework.Luna.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\075f1bb73b4bf872524a17609c081c5d\PresentationFramework.Aero.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 724992 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\5dfa0316e606b6e0ec0b59372da88665\napsnap.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\a902add323ae7c602e0391c1ef19b3a2\napinit.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 115712 c:\windows\assembly\NativeImages_v2.0.50727_32\naphlpr\da3a5511db63187e419a50fbba6eb754\naphlpr.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\76537ee945701f8089ceb4bbbf391502\MSBuild.ni.exe
+ 2011-05-21 08:56 . 2011-05-21 08:56 285184 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\e1c03e3d9ff974cbfe383801dc9522f2\MMCFxCommon.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\54d545a0eb41c5e042e4b2a1d8204735\Microsoft.WSMan.Management.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\c59ae82e5eff22ec8b9c4c0f5a8a4ddc\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\b2fb01f1c7aeff57e27b61ba33207bf2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\aa8c7e19dd9c6bcd4cf6b62feea91650\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a6a0e3c14be16f49cd4cd10056c1ec4b\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7984fe494d472b6a71796f9736ca9119\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\0960fac77346669592b7d0ef69bef180\Microsoft.PowerShell.Security.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4afd6f23c8a742baab1e635b4f1fe57a\Microsoft.MediaCenter.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 558592 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\96846be15be8de0531330213d3c3c806\Microsoft.ManagementConsole.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 264704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\5fef005cfc3954b33cff1894d0191b07\Microsoft.GroupPolicy.Interop.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\bd76a907390f1d9e74aff4fbf9dd4748\Microsoft.Build.Utilities.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7216a1dcf1f8a3e8779c2148ccad0b13\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 888320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\6a9a6c9107cd8773d0f38600b0a227b2\Microsoft.Build.Engine.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\062f44f096bc84f442e9a5317e3cd2e1\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 543744 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\3f823badb65f0aad02e9dc613a97f290\EventViewer.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 160768 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiExtens\59c9fe037c933de1fee660faf21f903b\ehiExtens.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 243200 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\8a51215b253c185a317c68c6c65205e8\ehExtHost32.ni.exe
+ 2011-05-21 08:56 . 2011-05-21 08:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5e4551c1842d1006848b51cf72272795\CustomMarshalers.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\93b8ffc620ba0822f1dcbc97cfd25111\ComSvcConfig.ni.exe
- 2011-02-10 16:45 . 2011-01-20 15:01 1653760 c:\windows\system32\XpsPrint.dll
+ 2011-05-20 12:16 . 2011-03-12 22:52 1653760 c:\windows\system32\XpsPrint.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37 1063296 c:\windows\system32\winload.exe
+ 2011-05-20 12:16 . 2011-03-03 13:46 2762240 c:\windows\system32\win32k.sys
+ 2011-05-20 12:17 . 2011-02-22 13:53 1149440 c:\windows\system32\FntCache.dll
- 2011-02-10 16:45 . 2011-01-20 14:02 1555968 c:\windows\system32\DWrite.dll
+ 2011-05-20 12:17 . 2011-02-22 13:53 1555968 c:\windows\system32\DWrite.dll
+ 2011-05-20 12:16 . 2011-02-24 16:37 1063296 c:\windows\system32\Boot\winload.exe
 
Last edited:
C

CHLIU

New Member
ComboFix log-continuing:

+ 2011-05-21 09:18 . 2011-05-21 09:18 3072512 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\243b56e7c39b5943590fe69710472404\System.Runtime.Serialization.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\1cca4208510b6fd2aa300a4755e68831\System.Runtime.Remoting.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 1453056 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\b5da1b5fd3d79bc14c215e8860aa9dfb\System.Printing.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 1408000 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management\2123039cd5539f5b2984bb4da33da9ab\System.Management.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\65bf783991dd45d82878673ab3d455e5\System.IdentityModel.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 1081344 c:\windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\4e9883ba777b8637d44e75ced9df52c8\System.EnterpriseServices.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42 2312704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\289446d900797ee0f4fe6eb2734ced7f\System.Drawing.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 1219584 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\f3ec314f8b284b153e81bd2719f0aebf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 1639936 c:\windows\assembly\NativeImages_v2.0.50727_64\System.DirectorySer#\7cffeefbc1e2205464ef060b88356de6\System.DirectoryServices.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\78f031e35cf064d50947eab21f6b9742\System.Deployment.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42 8617984 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data\13419672da708e1bcc25f3002d533704\System.Data.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 3461632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\3ac565b01079a593f00831c12b4e9c34\System.Data.SqlXml.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\b86b617d9f71ba88601d927904d0b14b\System.Data.Services.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 1277440 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Service#\7d507e27d86371d792d9f7a3dece8d46\System.Data.Services.Client.ni.dll
+ 2011-05-21 09:17 . 2011-05-21 09:17 1512448 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.OracleC#\943ec86d4573de347624f5d2cf60692f\System.Data.OracleClient.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42 3480576 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Linq\87ad08f598ab2b653e1be78bd64375ba\System.Data.Linq.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\359205ca87c95468c7211c8db1aa8fa0\System.Data.Entity.Design.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41 3312128 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Core\e98de035aeb2f5ca054d333ff466ef94\System.Core.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 1308160 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\861eb580850b91413580bfcd86f4f2ac\System.Configuration.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 3101184 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\d5a8a936cb28dc964cb5f2607a3e5872\ReachFramework.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22 2109440 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\aa2e7028a9e2f5c332625ed09e9843cd\PresentationUI.ni.dll
+ 2011-05-21 09:24 . 2011-05-21 09:24 1882112 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationBuildTa#\ad0c62f2a611a5987774258a2fa289a9\PresentationBuildTasks.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 3482112 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\e2d2332dcf597c2e0a5b078f60b8ac26\Narrator.ni.exe
+ 2011-05-21 09:23 . 2011-05-21 09:23 2314240 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\5c6cdfa9c9c9f8924692dfa14292060f\MMCEx.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\2df1dcaabbf8ba1220ab044f48ad5b46\MIGUIControls.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\b9646bb53c420d17b131729246054341\Microsoft.VisualBasic.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 1598976 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Transacti#\b835020d0724da54dbc6cfd50568fe20\Microsoft.Transactions.Bridge.ni.dll
+ 2011-05-21 09:23 . 2011-05-21 09:23 2104832 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\e9f582a0f0d6c7f2e3658fc894e58011\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a9639b5b560d6efbc8bcfbe3596bc918\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22 5346816 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\6c162c4a7ab1cf98be95d89ea188dc1e\Microsoft.PowerShell.Editor.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22 1081856 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\55897ef082a9339abb9c75d6783acefa\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\c00392f5ff3bba222562442153242b15\Microsoft.MediaCenter.UI.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 3208704 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.JScript\cc02d8ce8646e7e8177796ab78bb260e\Microsoft.JScript.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 2357248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\cd6a7a8a0f3ebeb2dd4d74114c45c12a\Microsoft.Ink.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 2592768 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.GroupPoli#\83c6649bbb61620f6cf1fd48933d0b1e\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 2217984 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\eb6f1771c3c84c26ab78a2c2e57f51cd\Microsoft.Build.Tasks.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 2575872 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\7f0aadc37b5d22ce313c744403ceb72a\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-05-21 09:16 . 2011-05-21 09:16 2433024 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\d1b67cf47083dd2ae5da934d8a70aeea\Microsoft.Build.Engine.ni.dll
+ 2011-05-21 09:21 . 2011-05-21 09:21 1188352 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Eng#\40af195f2850dbc88177f33595c62ec6\Microsoft.Build.Engine.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 2413056 c:\windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\e18fbea17fc779a808255ad4d57cfd48\ehRecObj.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 2002432 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiVidCtl\cb262a5805dbe95cd4e3903068f900b1\ehiVidCtl.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 2885120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\0286181616ffd631403fcc6d7ad196e6\ehiProxy.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 1039872 c:\windows\assembly\NativeImages_v2.0.50727_64\ehiPlay\9d1a59e841dae8e32520a50798d7e5ba\ehiPlay.ni.dll
+ 2011-05-21 09:19 . 2011-05-21 09:19 3039232 c:\windows\assembly\NativeImages_v2.0.50727_64\ehepg\915ab39cf92b4a66ebc7ac8cc200c0db\ehepg.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 3325952 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b713b41679bdcb5a6cc0487bb4ceb9f0\WindowsBase.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\f622c994edcea757d2a416e3cd2b1b13\UIAutomationClientsideProviders.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 7949824 c:\windows\assembly\NativeImages_v2.0.50727_32\System\45f10e36f25d92dd808caab75e45b8ae\System.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\653b1be0c33cfade02fb0a61f135e488\System.Xml.ni.dll
+ 2011-05-21 09:03 . 2011-05-21 09:03 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\87634062d0ca86ffdf63f450f2c7e8b4\System.WorkflowServices.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5ed98761e1ae9b1932db90949464d098\System.Workflow.Runtime.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\ce06af33a044d2d1681a34d5056ff763\System.Workflow.ComponentModel.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\e0e96f32122b8826da6ab1d99ab67d6f\System.Workflow.Activities.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1113c8ce01a5bc82bfde60e7bf4adcf1\System.Web.Services.ni.dll
+ 2011-05-21 09:02 . 2011-05-21 09:02 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d6a0cba36faf63040b55838c1c9287c0\System.Web.Mobile.ni.dll
+ 2011-05-21 09:01 . 2011-05-21 09:01 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c9ca6d6a1a01e1f71875003eac19cea5\System.Web.Extensions.ni.dll
+ 2011-05-21 09:00 . 2011-05-21 09:00 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\38c4b6858ec921d52207a2a822e79061\System.Speech.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5bace67488cbc31ef0a69e52fb719daa\System.ServiceModel.Web.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 2346496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ed2e2a6aefaad58224bcd97060507a3d\System.Runtime.Serialization.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0bce6b10c60fff3fea9ccc63f374da69\System.Printing.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\18d8770b19c50f3011b7eba109b4ab6c\System.Management.Automation.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1403b6ce8f9b41a446e2954dd64f1388\System.IdentityModel.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d5100c24f083084e1d2556839904e987\System.Drawing.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2e0959aca71bd161b5834cfbdbc8a3c7\System.DirectoryServices.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\af9926fcbda1e5916461b5198cf0d325\System.Deployment.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 6621696 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e1053db6ce65cc97268fc79cc380f0c1\System.Data.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:53 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\8c45d91a54a9f4185d485f2bea2cfd72\System.Data.SqlXml.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d1094d10091f97519fc1701b9a5213bb\System.Data.Services.ni.dll
+ 2011-05-21 08:54 . 2011-05-21 08:54 1119232 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\694dd53ab2f684d99bfce62e2f8f0e98\System.Data.OracleClient.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\694dce206b8abfa3dd1f87a840f85e29\System.Data.Linq.ni.dll
+ 2011-05-21 08:59 . 2011-05-21 08:59 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\5793f0c3b4bbabda54333af06d605100\System.Data.Entity.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\ef9ef14bd5c8ff03d334178113fa6234\System.Core.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 2146816 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\9045fdb5e131b1d7855d79c399e43ce2\ReachFramework.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\bf1cf263c7046fac6780d65b8f5f3068\PresentationUI.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\7a7fdac28dd989c0d75f9c5471fb9842\PresentationBuildTasks.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\c6cb0f0b8bc1db65ceb69a630fe1e40d\Narrator.ni.exe
+ 2011-05-21 08:58 . 2011-05-21 08:58 1536512 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b987222d6af55dab31ec15ec51c77241\MMCEx.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\995eb5db2b78e7a0652a892544cd3565\MIGUIControls.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9140c0829b03183f35f543966edc1841\Microsoft.VisualBasic.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\4b9dc838670ddf626e49c7b6d8a43ce5\Microsoft.Transactions.Bridge.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ec3785c2c0df50169845ea06c6d7925c\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\353f55b42ed20782a768f4029b65fb30\Microsoft.PowerShell.Editor.ni.dll
+ 2011-05-21 08:58 . 2011-05-21 08:58 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\14ae3de9995d5836a8487782215ad4d6\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\83cd6f48442d319627dfd2035ab73215\Microsoft.MediaCenter.UI.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7229b571999ffda51219230f12afcbbe\Microsoft.JScript.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\a753258f9e80a80a3556504a62deac23\Microsoft.Ink.ni.dll
+ 2011-05-21 08:57 . 2011-05-21 08:57 2088448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.GroupPoli#\6b35e3f4e68ab511d1b05c31f41c019d\Microsoft.GroupPolicy.Reporting.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 1873408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\dce42b99f5536090bfa08b9045ce7755\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-05-21 08:56 . 2011-05-21 08:56 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\5ac955488c1e60518303ce09df1ceff6\Microsoft.Build.Tasks.ni.dll
+ 2011-05-21 08:44 . 2011-05-21 08:44 1778176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\e6f39eaf4471a8d7a734c1ba0b4b8a88\Microsoft.Build.Engine.ni.dll
+ 2011-05-20 12:17 . 2010-10-29 10:52 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-12 21:41 . 2010-05-21 10:58 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-05-20 12:17 . 2010-10-29 10:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-08-12 21:41 . 2010-05-21 10:56 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2006-11-02 12:35 . 2011-04-29 16:54 44548040 c:\windows\system32\mrt.exe
+ 2011-05-21 07:40 . 2011-05-21 07:40 10596864 c:\windows\assembly\NativeImages_v2.0.50727_64\System\9508d69bb9b3139fa24a0738aa384a3b\System.ni.dll
+ 2011-05-21 09:18 . 2011-05-21 09:18 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\98fc0c0a263298100c930018723d58ae\System.ServiceModel.ni.dll
+ 2011-05-21 09:22 . 2011-05-21 09:22 11254784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Management.A#\97e84ca0e8c1a7eabe8802421bb7fdc9\System.Management.Automation.ni.dll
+ 2011-05-21 07:42 . 2011-05-21 07:42 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\fe9ff8d2ba50a4c199ef0d838db9dbef\System.Design.ni.dll
+ 2011-05-21 09:25 . 2011-05-21 09:25 13758976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity\5591fcd02c812cf204e8c37dccc9adb8\System.Data.Entity.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41 19176960 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c4b2384feac37251c3d3547e29bc41cd\PresentationFramework.ni.dll
+ 2011-05-21 07:41 . 2011-05-21 07:41 16513536 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\eecc6daa4530c8217c8286b4168bfe57\PresentationCore.ni.dll
+ 2011-05-21 07:39 . 2011-05-21 07:39 15564800 c:\windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88bac13525e6fbcbd5764b3706d64e82\mscorlib.ni.dll
+ 2011-05-21 09:20 . 2011-05-21 09:20 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\f515e3512aede720d1c9749eceb12382\ehshell.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2bc8bc432d91919ea0bbb2b803a4b6af\System.Windows.Forms.ni.dll
+ 2011-05-21 08:53 . 2011-05-21 08:54 11804672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b49ce1a910673d3e96965817e5c0535c\System.Web.ni.dll
+ 2011-05-21 08:55 . 2011-05-21 08:55 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\9fcd0c2cb56e8317633a8c11e2fbe2c8\System.ServiceModel.ni.dll
+ 2011-05-21 07:46 . 2011-05-21 07:46 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8269de7b5d0f6f37cb5349088db5fc2d\System.Design.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 14328832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6508f77b1fb9d5161f11a14d46a7957b\PresentationFramework.ni.dll
+ 2011-05-21 07:45 . 2011-05-21 07:45 12216832 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\267585069dce3fd61bd67943953a6d04\PresentationCore.ni.dll
+ 2011-05-21 07:44 . 2011-05-21 07:44 11490816 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b2a5854682691830b9f62ec351c8b54e\mscorlib.ni.dll
.
-- 快照技術重新設置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入點 (critical/important login points)))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TopmostClock"="c:\program files (x86)\Topmost Clock\TopMostClock.exe" [2002-09-07 540672]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
"PPS Accelerator"="c:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 49152]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-06-06 1261568]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-03-16 126976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\LIU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_20.05.2011_08-09.lnk - c:\users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe [2011-5-20 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google 更新服務 (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 GPU-Z;GPU-Z;c:\users\LIU\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google 更新 服務 (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
‘計劃任務’ 文件夾 裡的內容
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 03:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF8964.cfxxe" [X]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: UseFlashGet - d:\downloads\FlashGet\ComDlls\Bholink.htm
IE: UseFlashGetDownloadAllLink - d:\downloads\FlashGet\ComDlls\Bhoall.htm
IE: 使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bholink.htm
IE: 使用迅雷下載全部連結 - c:\program files (x86)\Thunder Network\Thunder\Program\getallurl.htm
IE: 全部使用 FlashGet 下載 - c:\flashget network\Flashget\ComDlls\Bhoall.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: 妏蚚WEB捃濘狟婥 - c:\program files (x86)\Thunder Network\WebThunder\GetUrl.htm
IE: 妏蚚WEB捃濘狟婥窒蟈諉 - c:\program files (x86)\Thunder Network\WebThunder\GetAllUrl.htm
IE: 轉換為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換連結目標到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換連結目標為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 轉換選定的連結到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: 轉換選定的連結為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: 轉換選擇內容到現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: 轉換選擇內容為 Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: 附加至現有 PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0062C9BD-B349-40DE-91A0-755F37ACD559}
IE: {{548BF84E-9665-47f9-B635-7380F8943E90} - c:\program files (x86)\Thunder Network\Thunder\Program\repairimage.htm
IE: {{95B3F550-91C4-4627-BCC4-521288C52978} - http://www.pp.tv/?st=desk&rcc_id=615547faf14ec1ca12e948a00e664f58
IE: {{95B3F550-91C4-4627-BCC4-521288C52979} - c:\program files (x86)\PPLive\PPVA\PPLiveVA.exe
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: ecpa.cpa.gov.tw
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: webscache.com
Trusted Zone: gogobox.com.tw
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
DPF: {2C2D4879-285C-4716-8B74-61EBD2418B0E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresEcpauIAMAtx.CAB
DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
DPF: {EA9EBB6D-6CBB-4BF8-9A12-E0664FFFF93E} - hxxp://ecpa.cpa.gov.tw/Content/ActiveX/AresPKIAtxClient.CAB
FF - ProfilePath - c:\users\LIU\AppData\Roaming\Mozilla\Firefox\Profiles\cd323wjo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dd5f95d&v=7.004.022.004&i=26&tp=ab&iy=&ychte=us&lng=zh-TW&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*1*_*b*y*_*灼\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*1*c
T\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1258652614-1315071427-1036748755-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*7*5*
0\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="「Google 瀏覽器」開啟網頁和執行應用程式的速度奇快無比!除了執行速度快、穩定且容易使用之外,它還內建防護機制,讓您安心瀏覽網頁,無需擔心受到網路釣魚與惡意軟體的威脅。"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ 其他運行進程 (other in process)------------------------
.
c:\program files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
c:\program files (x86)\ASUS\AASP\1.00.46\aaCenter.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
完成時間: 2011-05-21 17:53:47 - 電腦已重新啟動 (the computer has been restarted)
ComboFix-quarantined-files.txt 2011-05-21 22:53
ComboFix2.txt 2011-05-21 03:24
.
Pre-Run: 2,791,911,424 位元組可用
Post-Run: 2,399,875,072 位元組可用
.
- - End Of File - - 24A9A4B9F9323A0A0CDD23DDBA4CBC09


Uninstall List:

Update for Microsoft Office 2007 (KB2508958)
「Google 地球」
Acronis?Disk Director Suite
ActivePerl 5.8.8 Build 822
Adobe Acrobat 8.2.6 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3 - Chinese Traditional
Adobe Shockwave Player 11.5
AI Suite
Alipay security plugin 1.3.0.2
Apple Application Support
Apple Software Update
Ask Toolbar
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VideoSecurity Online
Avira AntiVir Personal - Free Antivirus
Catalyst Control Center - Branding
cwtex-basic
D3DX10
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DjVu Solo 3.1
EVEREST Ultimate Edition v4.20
FoxTab FLV Player (remove only)
GAMS Distribution 23.2
GOGOBOX
GOM Player
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Product Assistant
HP Update
HPSSupply
iPhone Configuration Utility
Java(TM) 6 Update 25
Junk Mail filter update
K-Lite Codec Pack 6.8.0 (Full)
MacX DVD Ripper Pro For Windows 6.0.2
Malwarebytes' Anti-Malware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help 更新程式 (KB963678)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Chinese (Traditional)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Powerpoint 2007 Help 更新程式 (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Word 2007 Help 更新程式 (KB963665)
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MiKTeX 2.5
MiKTeX 2.7
Mozilla Firefox 4.0.1 (x86 zh-TW)
MSI Afterburner 1.5.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NXPlayer 壹電視播放軟體(測試版)
Open PCMan Combo 2007
PPreview
PPStream V2.7.0.1246 Final
PPS蚔牁 V1.0.1.298
Pronunciation Power 2
QuickTime
QuickTime Alternative 1.47
REvolution 3.2 Win32
Safari
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype Toolbars
Skype? 5.3
Smart Defrag
SopCast 2.0.4
SoundMAX
Stata 10
The Weather Channel Desktop 6
The Weather Channel Screensaver
The Weather Channel Toolbar
Topmost Clock
Total Commander (Remove or Repair)
TVUPlayer 2.5.3.1
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Outlook 2007 Junk Email Filter (KB2536413)
USB PC Camera-168
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.17
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 程式集
Windows Media Player Firefox Plugin
WinEdt
WinRATS Pro 7.00
XviD MPEG-4 Video Codec
快車(FlashGet)2.0-繁體中文
嘸蝦米多國語言版 6.0版
 
johnb35

johnb35

Administrator
Staff member
I'm not familiar with a lot of the software you have installed. If you don't use it or its not genuine software(pirated) please uninstall it.

Adobe 8 is outdated software and if not used please uninstall it. I notice its the professional version so if you didn't get it illegally then you had to pay for it. It has security risks with it being outdated software.

However, please uninstall the following programs.

Ask Toolbar
Search Toolbar

GOGOBOX

If I'm not mistaken gogobox is p2p file sharing software and is used to download illegal software, music, movies. You may have been infected by using this software.

After uninstalling the software please rerun hijackthis and place checks next to the following entries.

O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466 .dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)

Then click on fix checked. You should never have anything in your trusted zone as its the quickest way to get infected these days.
 
C

CHLIU

New Member
johnb35 said:
I'm not familiar with a lot of the software you have installed. If you don't use it or its not genuine software(pirated) please uninstall it.

Adobe 8 is outdated software and if not used please uninstall it. I notice its the professional version so if you didn't get it illegally then you had to pay for it. It has security risks with it being outdated software.

However, please uninstall the following programs.

Ask Toolbar
Search Toolbar

GOGOBOX

If I'm not mistaken gogobox is p2p file sharing software and is used to download illegal software, music, movies. You may have been infected by using this software.

After uninstalling the software please rerun hijackthis and place checks next to the following entries.

O2 - BHO: SearchHook Class - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files (x86)\Baidu\AddressBar\AddressBar.dll (file missing)
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files (x86)\Thunder Network\Thunder\ComDlls\TDMediaDetector5.9.22.1466 .dll (file missing)
O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: funshion.lnk = C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
O4 - Startup: setup_9.0.0.722_20.05.2011_08-09.lnk = C:\Users\LIU\Desktop\Virus Removal Tool\setup_9.0.0.722_20.05.2011_08-09\startup.exe
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.ecpa.cpa.gov.tw
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://*.webscache.com
O15 - Trusted Zone: http://*.gogobox.com.tw (HKLM)
O15 - Trusted Zone: http://cache.tv.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivecaption.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivehabit.qq.com (HKLM)
O15 - Trusted Zone: http://qqlivesearch.qq.com (HKLM)
O15 - Trusted Zone: http://video_1.qq.com (HKLM)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O18 - Protocol: KuGoo - (no CLSID) - (no file)
O18 - Protocol: KuGoo3 - (no CLSID) - (no file)

Then click on fix checked. You should never have anything in your trusted zone as its the quickest way to get infected these days.
Click to expand...

Thank you, John. I have removed lots of programs that I seldom used them, and have checked what you have suggested.
I do not know how make sure my computer right now is in good condition, but it seems to work well now.
 
You must log in or register to reply here.
Top