Pls help to Remove backdoor.tidserv!inf spyware

Norton 360 alerted the above spyware, pls help to remove it.
OTL logfile created on: 4/26/2010 11:18:21 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 31.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 136.66 Gb Free Space | 58.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124.34 Gb Total Space | 33.66 Gb Free Space | 27.07% Space Free | Partition Type: NTFS
Drive H: | 124.34 Gb Total Space | 33.66 Gb Free Space | 27.07% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive Z: | 124.34 Gb Total Space | 33.66 Gb Free Space | 27.07% Space Free | Partition Type: NTFS

Computer Name: JOHN-XP
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/26 10:46:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL(2).exe
PRC - [2010/04/26 10:41:08 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\John\Local Settings\Temp\Adobelm_Cleanup.0001
PRC - [2010/04/02 11:25:11 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/21 16:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/06/22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/29 11:32:17 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/17 18:54:00 | 000,116,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/07/17 18:53:26 | 000,108,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2005/09/02 10:14:14 | 011,323,904 | ---- | M] (WiredRed Software) -- H:\John\WiredRed\EPop\EPop.exe
PRC - [2004/12/14 05:44:40 | 000,069,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2004/12/06 07:00:08 | 000,102,400 | ---- | M] (SuperSpeed Software, Inc.) -- C:\WINDOWS\system32\SSCMntr.exe
PRC - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe
PRC - [2002/04/17 11:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Modules (SafeList) ==========

MOD - [2010/04/26 10:46:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL(2).exe
MOD - [2009/04/29 11:32:30 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\rpchromebrowserrecordhelper.dll
MOD - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll
MOD - [2008/04/13 17:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 17:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 17:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 17:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 17:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 17:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2003/10/18 09:43:42 | 000,090,624 | ---- | M] (WiredRed Software) -- H:\John\WiredRed\EPop\EPopI.dll
MOD - [2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/21 16:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/07 06:31:18 | 000,035,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe -- (aspnet_state)
SRV - [2009/10/07 03:44:58 | 000,752,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009/10/07 03:44:58 | 000,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe -- (clr_optimization_v4.0.21006_32)
SRV - [2009/10/07 03:44:58 | 000,124,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/04 14:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 14:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 14:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/03/25 16:55:57 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/17 18:53:26 | 000,108,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/07/17 18:53:26 | 000,108,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/07/17 18:53:26 | 000,108,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/07/17 18:53:26 | 000,108,904 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/12 19:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2004/12/06 07:00:08 | 000,102,400 | ---- | M] (SuperSpeed Software, Inc.) [Auto | Running] -- C:\WINDOWS\system32\SSCMntr.exe -- (SSCMntr)
SRV - [2004/02/24 15:15:58 | 000,069,632 | ---- | M] (Panasonic) [Auto | Running] -- C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe -- (Panasonic Trap Monitor Service)
SRV - [2002/01/19 11:42:00 | 000,469,504 | ---- | M] (WiredRed Software) [Auto | Stopped] -- H:\John\WiredRed\EPop\LogonSvc.exe -- (LogonSvcID)


========== Driver Services (SafeList) ==========

DRV - [2010/02/04 02:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100425.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 02:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100425.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/19 20:02:58 | 000,268,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100421.001\SymIDSco.sys -- (SYMIDSCO)
DRV - [2009/11/09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/02 01:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/08/27 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/04/03 16:25:04 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2009/01/05 17:48:59 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/16 20:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/12/19 18:53:00 | 000,037,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/07/31 02:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/09 17:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 17:46:26 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 17:46:26 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 17:46:26 | 000,035,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/01/09 17:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 17:46:26 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/05 18:21:10 | 000,141,312 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/11 14:49:28 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/12/24 16:02:06 | 000,044,422 | ---- | M] (Beijing Chinese Star Cyber Technology Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CSDriver.sys -- (CSDriver)
DRV - [2004/10/27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/01/28 07:00:06 | 000,024,064 | ---- | M] (SuperSpeed Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SSCRDisk.sys -- (SSCRDisk)
DRV - [2004/01/28 07:00:06 | 000,022,016 | ---- | M] (SuperSpeed Software, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SSCBus.sys -- (SSCBus) Virtual bus device (SuperSpeed Software, Inc.)
DRV - [2002/08/29 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.9978.net/?ah930
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.9978.net/?Player
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.9978.net/?Player

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search
IE - HKCU\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - C:\Program Files\pipi\JfCheck.dll (PIPI Tech.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: smush@smush.it:0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=RGruvz5DIpaiNkGybB46tQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/29 11:32:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/06/10 09:47:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010/04/06 13:24:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010/04/26 10:43:59 | 000,000,000 | ---D | M]

[2008/08/27 09:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Extensions
[2010/04/26 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions
[2010/04/12 14:22:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/02 09:45:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 10:52:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/17 12:00:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/11/12 11:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\batchdownload@waxb.blog.com.cn
[2009/06/10 11:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\LogMeInClient@logmein.com
[2009/03/11 16:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\moveplayer@movenetworks.com
[2009/06/22 14:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\extensions\smush@smush.it
[2009/02/05 09:27:01 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\searchplugins\live-search.xml
[2009/06/04 08:58:28 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\xj32aa9a.default\searchplugins\mywebsearch.xml
[2010/04/26 10:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 10:44:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/07/03 19:33:04 | 000,024,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\CheckTudouVa.dll
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/20 16:55:30 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2002/08/29 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SearchHook Class) - {00000000-0593-4356-9CF7-1D8C2B3343C0} - C:\Program Files\Baidu\AddressBar\AddressBar.dll ()
O2 - BHO: (ThunderAtOnce Class) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBHO.dll (Symantec Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (QvodExtend) - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Baidu Toolbar BHO) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll ()
O2 - BHO: (Thunder Browser Helper) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Baidu Toolbar) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Baidu Toolbar) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\Program Files\Baidu\Toolbar\BaiduBarX.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [goyqbixo] C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa\bfpvbfutssd.exe File not found
O4 - HKLM..\Run: [jfproc] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [goyqbixo] C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa\bfpvbfutssd.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\ePop.lnk = H:\John\WiredRed\EPop\EPop.exe (WiredRed Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm ()
O8 - Extra context menu item: 使用迅雷离线下载 - C:\Program Files\Thunder Network\Thunder\Program\OfflineDownload.htm ()
O9 - Extra Button: 扑克 - {12341234-1234-5678-9012-123456789012} - Reg Error: Value error. File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: 快车 - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : 快车(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202852467312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202852521468 (MUWebControl Class)
O16 - DPF: {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} http://dl.uc.sina.com/cab/downloader.cab (DLoader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C728DAB8-FDF5-4CD7-89DD-879D25794C77} http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll (KooPlayer Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = viapacific.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.162,93.188.161.70
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/12 14:24:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{853acfde-fdd9-11dd-b911-001a92148e9c}\Shell - "" = AutoRun
O33 - MountPoints2\{853acfde-fdd9-11dd-b911-001a92148e9c}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/02/12 06:12:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Job Status Utility.lnk - C:\Program Files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe - (Panasonic Communications Co., Ltd.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpFolder: C:^Documents and Settings^John^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: bgswitch - hkey= - key= - File not found
MsConfig - StartUpReg: BIE - hkey= - key= - C:\WINDOWS\DOWNLO~1\BDPlugin.DLL File not found
MsConfig - StartUpReg: ccApp - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
MsConfig - StartUpReg: CNN_IDict - hkey= - key= - C:\Program Files\IDict\IDict.exe File not found
MsConfig - StartUpReg: CNN_Running - hkey= - key= - C:\Program Files\IDict\IDictRun.exe File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Flashget - hkey= - key= - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: ISTray - hkey= - key= - C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: jfproc - hkey= - key= - \:\Program Files\FlashGet\FlashGet.exe File not found
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: My Web Search Bar Search Scope Monitor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe File not found
MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: powerword 2007 - hkey= - key= - C:\Program Files\Kingsoft\Powerword 2007\xdict.exe (Kingsoft Co, Ltd.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RocketDock - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: RPT Msgsrv - hkey= - key= - C:\Program Files\Panasonic\Panasonic-DMS\RPT Network Printer Port\Msgsrv.exe ()
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: StormCodec_Helper - hkey= - key= - C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe ()
MsConfig - StartUpReg: Stormtray - hkey= - key= - C:\Program Files\StormII\Stormtray.exe (北京暴风网际科技有限公司)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - StartUpReg: 极速酷6 - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3910BD31-04CF-DB95-BDB6-BAAD2ACA837B} - DirectX
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {57EC5BFE-7CB7-3057-8385-C9D72918511C} - .NET Framework
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B4DDD6C2-638C-451E-A465-6922007E7B78} - Windows Media Player
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.avis - ff_acm.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308550258917376)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 10:46:58 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL(2).exe
[2010/04/26 10:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/26 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/26 10:43:59 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/26 10:43:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/26 10:43:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/26 10:43:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/26 09:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/26 09:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/26 08:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa
[2010/04/22 14:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\IGSViewer
[2010/04/16 14:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/01 08:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 11:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-515967899-839522115-1003UA.job
[2010/04/26 10:52:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 10:46:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL(2).exe
[2010/04/26 10:44:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/26 09:58:40 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\John\Desktop\HiJackThis.lnk
[2010/04/26 09:44:03 | 000,000,037 | ---- | M] () -- C:\WINDOWS\PVX.INI
[2010/04/26 09:17:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 09:16:14 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/26 09:16:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 09:16:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/04/26 09:15:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 09:15:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 09:14:14 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/04/26 09:14:14 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/04/26 09:00:07 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-515967899-839522115-1003Core.job
[2010/04/23 16:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2010/04/23 15:19:45 | 000,000,028 | ---- | M] () -- C:\WINDOWS\AdvConfig.ini
[2010/04/23 12:09:44 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\John\My Documents\DPE.DUS
[2010/04/23 12:09:42 | 000,000,666 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/22 15:57:08 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Microsoft Office Word 2003.lnk
[2010/04/22 14:52:03 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IGS Viewer.lnk
[2010/04/21 13:02:59 | 000,053,760 | ---- | M] () -- C:\what a friend we have in Jesus.ppt
[2010/04/19 12:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2010/04/16 08:40:11 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/14 16:17:52 | 000,001,247 | ---- | M] () -- C:\WINDOWS\PIPIPlayer.INI
[2010/04/13 08:58:31 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google 地球.lnk
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/01 09:01:41 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 09:57:10 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\John\Desktop\HiJackThis.lnk
[2010/04/22 14:52:03 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IGS Viewer.lnk
[2010/04/20 16:29:22 | 000,053,760 | ---- | C] () -- C:\what a friend we have in Jesus.ppt
[2010/04/14 11:50:26 | 000,001,247 | ---- | C] () -- C:\WINDOWS\PIPIPlayer.INI
[2010/04/13 08:58:31 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google 地球.lnk
[2010/02/11 10:07:16 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/11/13 11:52:31 | 000,000,238 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/03/31 14:26:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\Hood.dll
[2009/03/31 14:26:42 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\Olive.dll
[2009/03/31 12:13:15 | 000,171,008 | ---- | C] () -- C:\WINDOWS\System32\RPTlprUi.dll
[2009/03/31 12:13:15 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\RPTlpr.dll
[2009/02/04 02:50:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsis_loader.dll
[2008/08/29 12:19:10 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/08/29 12:19:10 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/08/13 16:38:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini
[2008/07/30 09:28:15 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/07/18 14:55:31 | 000,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini
[2008/03/31 14:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/24 13:55:57 | 000,049,358 | ---- | C] () -- C:\WINDOWS\avwin.ini
[2008/03/24 13:55:57 | 000,000,144 | ---- | C] () -- C:\WINDOWS\avx.ini
[2008/03/21 13:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 13:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 13:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 13:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/29 16:51:03 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008/02/28 16:14:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\AdvConfig.ini
[2008/02/22 16:24:21 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/13 15:58:24 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/02/13 12:43:21 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/02/13 11:24:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\PVX.INI
[2008/02/13 10:44:36 | 000,000,296 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2008/02/13 10:29:38 | 000,001,063 | ---- | C] () -- C:\WINDOWS\chinese.ini
[2008/02/13 10:09:17 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2008/02/12 18:11:46 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\PXOFFICE.DLL
[2008/02/12 18:11:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SOSELECT.INI
[2008/02/12 18:11:44 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\90WRES32.DLL
[2008/02/12 18:11:42 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/02/12 18:11:41 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\pg32conv.dll
[2008/02/12 14:52:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/13 04:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2004/05/13 18:52:28 | 000,000,540 | ---- | C] () -- C:\WINDOWS\iqjs2006.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 05:00:00 | 000,008,028 | ---- | C] () -- C:\WINDOWS\System32\whnt.dll
[2002/08/29 05:00:00 | 000,007,925 | ---- | C] () -- C:\WINDOWS\System32\waqjjnte.dll
[2000/10/20 13:25:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2000/01/06 17:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/06 17:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/02/12 06:14:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/02/12 06:14:25 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/02/12 06:14:25 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2002/08/29 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2002/08/29 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2002/08/29 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2002/08/29 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2002/08/29 05:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2002/08/29 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2002/08/29 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2002/08/29 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2002/08/29 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2002/08/29 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 23:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 23:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 23:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 23:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 23:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 06:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/04/28 09:17:50 | 004,097,024 | ---- | M] () -- C:\!shipment2005.xls
[2009/06/10 11:16:26 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/06/02 16:17:07 | 000,038,400 | ---- | M] () -- C:\06-07-09.doc
[2009/01/16 18:10:15 | 000,136,743 | ---- | M] () -- C:\1-09 PAY.pdf
[2009/04/14 13:17:01 | 000,342,671 | ---- | M] () -- C:\100q.pdf
[2008/10/09 12:28:56 | 000,153,293 | ---- | M] () -- C:\176_139949_d4e06e7c14a38e8.jpg
[2010/01/04 17:53:41 | 000,000,506 | ---- | M] () -- C:\2004-12-1yuan.wmv
[2009/03/31 16:39:43 | 000,044,544 | ---- | M] () -- C:\4-5-09.doc
[2009/03/02 17:53:29 | 000,013,824 | ---- | M] () -- C:\4-5-09.xls
[2009/04/27 15:54:17 | 000,060,928 | ---- | M] () -- C:\5-3-09.doc
[2009/06/30 11:36:40 | 000,031,744 | ---- | M] () -- C:\7-3-09.doc
[2009/09/03 10:35:53 | 002,462,208 | ---- | M] () -- C:\91127 sorted parts-3rd sep 2009.ppt
[2009/07/29 14:41:55 | 000,100,401 | ---- | M] () -- C:\acadminidump.dmp
[2008/02/12 14:24:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/16 14:39:16 | 000,352,768 | ---- | M] () -- C:\AW TOZAR writing.doc
[2008/11/04 17:59:19 | 000,015,360 | ---- | M] () -- C:\Book1.xls
[2010/02/17 17:17:14 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/04/25 10:45:20 | 000,032,256 | ---- | M] () -- C:\Budget.xls
[2008/07/03 14:07:19 | 000,034,497 | ---- | M] () -- C:\caavsetupLog.txt
[2008/07/03 14:23:02 | 000,016,689 | ---- | M] () -- C:\caisslog.txt
[2008/05/14 14:48:57 | 000,045,568 | ---- | M] () -- C:\case study.doc
[2009/11/23 17:35:50 | 002,198,016 | ---- | M] () -- C:\christ.ppt
[2008/02/12 14:24:13 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/10 09:35:39 | 000,918,016 | ---- | M] () -- C:\conv.ppt
[2009/10/09 11:46:19 | 000,011,264 | ---- | M] () -- C:\CREATE IN ME A CLEAN HEART.ppt
[2008/10/09 13:01:20 | 000,002,949 | ---- | M] () -- C:\cross13.jpg
[2009/12/16 09:55:26 | 004,594,688 | ---- | M] () -- C:\dinner.ppt
[2009/05/18 15:58:44 | 016,492,275 | ---- | M] () -- C:\doctrineBalaak.mp3
[2008/12/23 17:43:52 | 002,386,395 | ---- | M] () -- C:\e2bcd81397f548d9f97bc293dfde24fe.pdf
[2010/03/24 16:48:19 | 002,336,768 | ---- | M] () -- C:\EASTERN 2010.ppt
[2008/06/03 15:38:03 | 000,019,968 | ---- | M] () -- C:\EXCEL.xls
[2008/09/04 16:11:52 | 000,032,768 | ---- | M] () -- C:\food.xls
[2010/02/08 14:58:39 | 000,030,208 | ---- | M] () -- C:\GENERAL POWER OF ATTORNEY.doc
[2008/10/09 12:54:48 | 000,052,711 | ---- | M] () -- C:\GWxfqsvC.jpg
[2009/09/02 08:42:37 | 005,788,160 | ---- | M] () -- C:\h1n1.ppt
[2009/08/24 08:46:48 | 001,093,120 | ---- | M] () -- C:\HAPPY.ppt
[2009/10/09 11:47:23 | 000,011,776 | ---- | M] () -- C:\I LIFT MY EYES.ppt
[2009/10/09 12:37:11 | 000,112,128 | ---- | M] () -- C:\I SEE HEAVEN OPEN.ppt
[2008/05/05 14:25:57 | 000,453,446 | ---- | M] () -- C:\I-134.pdf
[2008/10/09 13:19:09 | 000,051,890 | ---- | M] () -- C:\img_4262redone.jpg
[2008/09/29 09:24:19 | 000,000,716 | ---- | M] () -- C:\inclick.txt
[2008/05/07 10:37:42 | 000,020,480 | ---- | M] () -- C:\Investment Options.xls
[2008/02/12 14:24:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/13 10:49:03 | 000,014,336 | ---- | M] () -- C:\KUN.ppt
[2008/10/10 13:14:58 | 000,094,720 | ---- | M] () -- C:\LANGZI.ppt
[2009/05/18 15:52:44 | 017,199,984 | ---- | M] () -- C:\levi01.mp3
[2009/05/18 15:56:23 | 016,155,191 | ---- | M] () -- C:\levi02.mp3
[2009/05/18 15:56:42 | 015,985,604 | ---- | M] () -- C:\levi03.mp3
[2009/05/18 15:56:19 | 016,841,375 | ---- | M] () -- C:\levi04.mp3
[2009/05/18 15:55:24 | 016,692,791 | ---- | M] () -- C:\levi05.mp3
[2009/05/18 15:57:40 | 017,545,637 | ---- | M] () -- C:\levi06.mp3
[2009/05/18 15:57:58 | 016,873,454 | ---- | M] () -- C:\levi07.mp3
[2009/05/18 15:58:12 | 016,858,930 | ---- | M] () -- C:\levi08.mp3
[2009/05/18 15:57:14 | 015,743,815 | ---- | M] () -- C:\levi09.mp3
[2009/05/18 15:56:44 | 016,169,192 | ---- | M] () -- C:\levi10.mp3
[2009/05/18 15:57:57 | 015,485,620 | ---- | M] () -- C:\levi11.mp3
[2009/05/18 15:58:11 | 016,396,876 | ---- | M] () -- C:\levi12.mp3
[2009/05/18 15:57:59 | 017,110,228 | ---- | M] () -- C:\levi13.mp3
[2009/05/18 15:58:06 | 016,411,295 | ---- | M] () -- C:\levi14.mp3
[2009/05/14 10:04:07 | 001,235,023 | ---- | M] () -- C:\M-476.pdf
[2008/08/29 11:54:25 | 001,073,152 | ---- | M] () -- C:\MEMORY.xls
[2008/02/12 14:24:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/19 13:24:04 | 015,003,090 | ---- | M] () -- C:\N-400.pdf
[2009/01/15 16:15:27 | 000,246,463 | ---- | M] () -- C:\NOV PAY.pdf
[2008/02/12 15:40:47 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/29 09:48:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/06 15:16:58 | 002,683,904 | ---- | M] () -- C:\O--SheraShen.ppt
[2010/04/26 09:15:22 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2009/10/09 11:45:13 | 000,013,824 | ---- | M] () -- C:\PASS IT ON.ppt
[2008/10/31 10:52:47 | 000,208,555 | ---- | M] () -- C:\PDFStatement.pdf
[2008/10/15 10:17:38 | 000,028,160 | ---- | M] () -- C:\Project 4.doc
[2009/05/27 15:30:52 | 000,301,886 | ---- | M] () -- C:\re400a.pdf
[2009/10/14 08:46:40 | 002,155,323 | ---- | M] () -- C:\relit_ebook_pac.pdf
[2009/01/12 15:56:19 | 000,323,899 | ---- | M] () -- C:\REQ FOR VERIFICATION.pdf
[2010/03/22 15:38:21 | 000,290,816 | ---- | M] () -- C:\SONG OF PETERT.ppt
[2008/10/09 12:51:04 | 000,000,043 | ---- | M] () -- C:\spacer.gif
[2008/06/05 17:01:43 | 1048,576,000 | -H-- | M] () -- C:\SSCRD001.img
[2008/10/09 12:09:22 | 000,129,482 | ---- | M] () -- C:\sunset-0g6x_sky.jpg
[2009/10/09 10:50:12 | 000,109,568 | ---- | M] () -- C:\THIRSTY FOR YOU.ppt
[2009/04/17 14:17:23 | 000,021,504 | -HS- | M] () -- C:\Thumbs.db
[2008/10/16 09:57:58 | 001,071,104 | ---- | M] () -- C:\UNKNOWN_PARAMETER_VALUE.ppt
[2008/06/02 16:44:54 | 000,013,312 | ---- | M] () -- C:\vacation 97.oft
[2009/01/26 09:44:15 | 004,197,888 | ---- | M] () -- C:\Walk.ppt
[2010/04/21 13:02:59 | 000,053,760 | ---- | M] () -- C:\what a friend we have in Jesus.ppt
[2008/10/09 12:09:48 | 000,095,362 | ---- | M] () -- C:\white-clouds-sky-k75.jpg
[2009/02/13 13:24:35 | 000,801,792 | ---- | M] () -- C:\Worship 02-13-09.ppt
[2009/10/09 13:03:12 | 000,296,960 | ---- | M] () -- C:\WORSHIP 10-9-09.ppt
[2009/12/09 11:36:47 | 001,121,792 | ---- | M] () -- C:\WORSHIP THANKSGIVING 2009.ppt
[2009/01/13 10:55:55 | 000,327,821 | ---- | M] () -- C:\YU QIANG.pdf
[2008/12/16 09:45:13 | 003,794,944 | ---- | M] () -- C:\yy.ppt
[2008/03/31 20:06:00 | 1708,268,663 | ---- | M] () -- C:\[命令与征服3：凯恩之怒].[PC-GAME][ENG].Command.And.Conquer.3.Kane's.Wrath.[Full-Rip].rar
[2008/10/08 15:01:25 | 000,024,064 | ---- | M] () -- C:\你坐著為王.doc
[2008/03/27 21:12:54 | 000,269,237 | ---- | M] () -- C:\凯恩独立运行补丁.exe
[2008/10/09 10:38:24 | 000,024,576 | ---- | M] () -- C:\我的心哪 你為何憂悶.doc
[2009/01/12 14:12:53 | 000,033,280 | ---- | M] () -- C:\歌詞1.doc
[2009/03/25 12:16:08 | 000,024,064 | ---- | M] () -- C:\馬太福音28章討論.doc

< %PROGRAMFILES%\*. >
[2008/04/28 11:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2008/08/27 09:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/02/25 10:08:56 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/07/14 08:28:14 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/07 17:00:11 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2004
[2008/03/24 13:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\av
[2010/02/12 11:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\Baidu
[2009/01/12 11:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\BatchPhoto
[2008/07/30 09:28:15 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2009/07/13 10:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/03/04 12:18:24 | 000,000,000 | ---D | M] -- C:\Program Files\Chinese Star XP
[2009/04/17 14:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/04/26 10:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/02/12 14:22:13 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/05/06 15:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/11/21 16:03:24 | 000,000,000 | ---D | M] -- C:\Program Files\creative
[2008/02/13 10:09:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dell_HostCD
[2009/09/29 12:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/04/17 14:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/05/13 14:08:23 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2009/12/14 10:29:04 | 000,000,000 | ---D | M] -- C:\Program Files\DVD2one V2
[2010/03/17 10:27:51 | 000,000,000 | ---D | M] -- C:\Program Files\e-Sword
[2010/01/04 17:53:41 | 000,000,000 | ---D | M] -- C:\Program Files\Extra Video Converter
[2010/01/21 19:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\FlashGet
[2009/09/29 12:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/04/13 08:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/08/06 09:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2008/10/15 10:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2008/02/13 16:34:28 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/02/13 15:58:25 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/04/13 11:12:15 | 000,000,000 | ---D | M] -- C:\Program Files\HT Burn DVD 3.2 Shareware
[2009/07/10 09:23:01 | 000,000,000 | ---D | M] -- C:\Program Files\IGC
[2010/04/22 14:52:03 | 000,000,000 | ---D | M] -- C:\Program Files\IGSViewer
[2009/09/29 12:45:19 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/02/10 12:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/04/14 11:07:42 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/11/13 12:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/04/26 10:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/31 14:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\joygames
[2009/08/25 09:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\Jpeg Scrubber 2.0
[2008/11/21 13:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\Kingsoft
[2008/07/02 15:43:46 | 000,000,000 | ---D | M] -- C:\Program Files\KLyrics
[2010/02/10 11:55:18 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/10 08:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Meitu
[2009/04/17 14:17:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/10 09:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/02/12 14:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/02/12 17:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/04/28 14:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/01/06 12:29:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/07/29 08:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/10 09:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/01/06 12:14:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/01/21 09:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/06 11:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/01/06 11:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/11/10 09:42:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/01/06 12:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2008/02/12 14:51:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/01/06 12:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/01/06 12:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2008/02/12 16:48:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/01/06 12:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft XNA
[2010/01/06 10:46:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/04/17 14:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/09 09:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/02/12 16:52:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/03/26 10:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/02/12 14:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/02/12 14:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/02/13 09:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/02/12 17:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2009/04/17 14:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\MyiQ
[2008/02/20 12:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Nero 8
[2008/09/29 09:51:29 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/02/04 14:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\nLite
[2010/02/10 09:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Norton 360
[2008/02/12 14:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/08/12 17:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/03/31 12:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\Panasonic
[2010/04/23 13:59:42 | 000,000,000 | ---D | M] -- C:\Program Files\pipi
[2008/08/13 16:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\PPLive
[2010/02/10 17:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\qqqtv网络电视
[2009/11/13 12:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/16 08:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\QvodPlayer
[2009/04/29 11:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008/02/12 16:50:25 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/02/13 12:33:52 | 000,000,000 | ---D | M] -- C:\Program Files\Ringz Studio
[2009/11/13 12:13:13 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2008/02/12 18:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate Software
[2008/08/13 16:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\sina
[2010/01/28 09:32:11 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/07/29 08:54:21 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2009/06/02 09:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\SogouInput
[2009/02/04 17:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\SopCast
[2009/06/25 16:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\Souptoys
[2010/03/26 18:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/12/29 10:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\StormII
[2009/08/11 08:28:21 | 000,000,000 | ---D | M] -- C:\Program Files\Super Rabbit
[2008/05/30 15:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\SuperSpeed Software
[2009/01/05 17:49:01 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/01/21 16:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\Thunder Network
[2010/04/26 09:57:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/10/22 15:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Tudou
[2009/03/24 16:59:36 | 000,000,000 | ---D | M] -- C:\Program Files\TVAnts
[2008/02/13 13:40:42 | 000,000,000 | ---D | M] -- C:\Program Files\UltraISO
[2008/02/12 14:27:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/17 08:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Tutor System 3.0
[2008/04/10 09:13:53 | 000,000,000 | ---D | M] -- C:\Program Files\Volo View Express
[2009/11/10 09:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/02/04 17:46:03 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/02/12 16:40:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/01/21 15:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/29 09:51:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/02/12 14:22:11 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/10/30 10:46:05 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/30 10:48:43 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/02/12 14:24:19 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/08/17 08:43:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2009/12/29 10:07:17 | 000,000,000 | ---D | M] -- C:\Program Files\Zune
[2009/02/18 16:12:27 | 000,000,000 | ---D | M] -- C:\Program Files\中国象棋大师
[2009/03/31 14:21:23 | 000,000,000 | ---D | M] -- C:\Program Files\网三信息科技

< %appdata%\*.* >
[2007/12/26 22:45:40 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\John\Application Data\coreavc.ini
[2008/02/12 06:15:45 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\John\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\0374831e4304212579217dbb\i386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\0374831e4304212579217dbb\i386\sp2.cab:atapi.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\0374831e4304212579217dbb\i386\sp2.cab:disk.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 23:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\0374831e4304212579217dbb\i386\sp2.cab:usbstor.sys
[2002/08/29 05:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbstor.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/09/29 09:43:28 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-12 16:47:02

========== Alternate Data Streams ==========

@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC5DB2B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 4/26/2010 11:18:21 AM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 31.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 136.66 Gb Free Space | 58.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124.34 Gb Total Space | 33.66 Gb Free Space | 27.07% Space Free | Partition Type: NTFS
Drive H: | 124.34 Gb Total Space | 33.66 Gb Free Space | 27.07% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive Z: | 124.34 Gb Total Space | 33.66 Gb Free Space | 27.07% Space Free | Partition Type: NTFS

Computer Name: JOHN-XP
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [kwopen] -- "C:\Program Files\KWMUSIC\KwMusic.exe" \dir "%1"
Directory [kwplaylist] -- "C:\Program Files\KWMUSIC\KwMusic.exe" \dirlist "%1"
Directory [开心斗地主] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56413:TCP" = 56413:TCP:*:Enabled:Pando P2P TCP Listening Port
"56413:UDP" = 56413:UDP:*:Enabled:Pando P2P UDP Listening Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"\\Via-sbs\Epop\John\WiredRed\EPop\EPop.exe" = \\Via-sbs\Epop\John\WiredRed\EPop\EPop.exe:*:Enabled:e/pop Professional
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Kingsoft\Powerword 2007\xdict.exe" = C:\Program Files\Kingsoft\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord -- (Kingsoft Co, Ltd.)
"C:\Program Files\Kingsoft\Powerword 2007\update.exe" = C:\Program Files\Kingsoft\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update -- (Kingsoft)
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application -- File not found
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Program Files\sina\SAP\SAPlatform.exe" = C:\Program Files\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe -- (北京新浪网络技术服务有限公司)
"C:\Zcom\E-Space.exe" = C:\Zcom\E-Space.exe:*:Enabled:zcom互动娱乐平台 -- File not found
"C:\Zcom\skin.dll" = C:\Zcom\skin.dll:*:Enabled:zcom互动娱乐平台 -- File not found
"C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe" = C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe:*:Enabled:Panasonic Trap Monitor Service -- (Panasonic)
"C:\Program Files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe" = C:\Program Files\Panasonic\Panasonic-DMS\LRecvTrap\LRecvTrap.exe:*:Enabled:Panasonic Trap Receiving Services -- (Panasonic Communications Co., Ltd.)
"C:\Program Files\KWMUSIC\KwMV.exe" = C:\Program Files\KWMUSIC\KwMV.exe:*:Enabled:酷我MV传输引擎 -- File not found
"C:\Program Files\KWMUSIC\KwMusic.exe" = C:\Program Files\KWMUSIC\KwMusic.exe:*:Enabled:酷我音乐盒 -- File not found
"C:\Program Files\pipi\jfCacheMgr.exe" = C:\Program Files\pipi\jfCacheMgr.exe:*:Enabled:jfCacheMgr(http://www.pipi.cn) -- (皮皮科技)
"C:\Program Files\pipi\KmLiveUpdate.exe" = C:\Program Files\pipi\KmLiveUpdate.exe:*:Enabled:KmLiveUpdate(http://www.pipi.cn) -- (皮皮科技)
"C:\Program Files\pipi\PIPIPlayer.exe" = C:\Program Files\pipi\PIPIPlayer.exe:*:Enabled:PIPIPlayer -- (皮皮科技)
"C:\Program Files\MyiQ\MyiQ.exe" = C:\Program Files\MyiQ\MyiQ.exe:*:Enabled:MyiQ -- (iQ)
"C:\Program Files\酷6网\极速酷6\Ku6SpeedUpper.exe" = C:\Program Files\酷6网\极速酷6\Ku6SpeedUpper.exe:*:Enabled:极速酷6 -- File not found
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\StormII\Storm.exe" = C:\Program Files\StormII\Storm.exe:*:Enabled:暴风影音 -- (北京暴风网际科技有限公司)
"C:\Program Files\StormII\StormUpdate.dll" = C:\Program Files\StormII\StormUpdate.dll:*:Enabled:暴风影音媒体控制中心 -- ()
"C:\Program Files\StormII\Stormtray.exe" = C:\Program Files\StormII\Stormtray.exe:*:Enabled:暴风网络中心 -- (北京暴风网际科技有限公司)
"C:\Documents and Settings\John\My Documents\Downloads\QvodSetupPlus3.exe" = C:\Documents and Settings\John\My Documents\Downloads\QvodSetupPlus3.exe:*:Enabled:QVOD -- File not found
"C:\Program Files\QvodPlayer\QvodTerminal.exe" = C:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QVOD -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe" = C:\Program Files\Thunder Network\Thunder\Program\Thunder.exe:*:Enabled:Thunder5.9.15.1274 -- (深圳市迅雷网络技术有限公司)
"C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe" = C:\Program Files\Thunder Network\Thunder\Program\XMPBoot.exe:*:Enabled:XMP5.9.15.1274 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe" = C:\Program Files\Thunder Network\Thunder\Program\ThunderLiveUD.exe:*:Enabled:Thunder LiveUpdate5.9.15.1274 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe" = C:\Program Files\Thunder Network\Thunder\Program\FileLink\XLFileLink.exe:*:Enabled:FileLink5.9.15.1274 -- (Thunder Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.64\ThunderService.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.64\ThunderService.exe:*:Enabled:ThunderService1.0.2.64 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.64\ThunderLiveUD.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.64\ThunderLiveUD.exe:*:Enabled:ThunderLiveUD1.0.2.64 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.64\XLBugReport.exe" = C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.64\XLBugReport.exe:*:Enabled:XLBugReport1.0.2.64 -- (ShenZhen Xunlei Networking Technologies,LTD)
"C:\Program Files\Thunder Network\XLGame\Games\XLMiniGame.exe" = C:\Program Files\Thunder Network\XLGame\Games\XLMiniGame.exe:*:Enabled:迅雷游戏 -- (Thunder Networking Technologies,LTD)
"C:\Program Files\Thunder Network\XLGame\XLGame.exe" = C:\Program Files\Thunder Network\XLGame\XLGame.exe:*:Enabled:迅雷游戏大厅 -- (Thunder Networking Technologies,LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google 地球
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{347A7BC0-5074-41EB-A567-B2996537CF4C}" = MAS 90 Workstation ()
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37614826-F9EE-4674-A060-3F447C4788E6}_is1" = IGS Viewer 2.2
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E270C95-8327-4C2F-A8E1-902CC2604A20}" = HP Photo and Imaging 2.3 - Scanjet 4600 Series
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44CDB8EC-569D-4C61-B18C-8768A1FC7E15}" = Panasonic RPT Network Printer Port
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53FA14B9-A754-4568-819E-BE4270FDEE13}" = SQL Server 2008 R2 Management Objects
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57EC5BFE-7CB7-3057-8385-C9D72918511C}" = Microsoft .NET Framework 4 Client Profile Beta 2
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B14E062-97A1-11D3-B2C8-00C0F014C0F2}" = RamDisk Plus 7.0
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5E550CD5-051A-421B-9E43-BD6FD9BFED6F}" = Chinese Star XP
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{695603EE-5D13-4406-A034-B1346652CC4D}" = Windows Firewall Setting Tool
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2
"{6E51D9B6-2366-40FD-9E96-3D34A2C3F34A}" = MYRIAD 8.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75F19BFB-78EC-4E3B-911B-CE211B85FBF8}" = Symantec Real Time Storage Protection Component
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78F2FF7C-AC3C-430C-83A7-E2859FBA630A}" = Panasonic Printing System
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{88CF28D0-9327-11D4-B090-00E029216401}" = AutoVue, Desktop Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F9426B6-8A8C-412C-BB4D-4CBA78E985EB}" = wawayaya software The Little Mermaid
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{987BFB2B-2671-49B3-98BE-1B684B9CAFD0}" = e-Sword
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA74ED37-681C-4AE8-8D1D-5485EBB3ED3D}" = SQL Server System CLR Types
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP 记忆光盘
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1695AEB-CC55-4818-9DE7-6F1835D986E5}" = MYRIAD 3D Reader 5.0
"{C21C537D-6438-4574-825C-FBB1CB7BB54C}" = 紫光拼音输入法3.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0520D42-802C-4C30-B8CF-8DCA7DD84B41}" = Panasonic Job Status Utility
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"AC3Filter" = AC3Filter (remove only)
"AddressBar" = 百度地址栏
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Auto CAD" = Auto CAD 2004
"BaiduBarX" = 百度工具栏
"BatchPhoto_is1" = BatchPhoto v2.3.3
"Belarc Advisor" = Belarc Advisor 7.2
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell_HostCD" = Dell Printer Software Uninstall
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD2one V2" = DVD2one V2.0.5
"e/pop_is1" = e/pop 3.1
"Extra Video Converter_is1" = Extra Video Converter 4.6
"Fairy Lake Screensaver_is1" = Fairy Lake Screensaver 1.1
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{695603EE-5D13-4406-A034-B1346652CC4D}" = Panasonic Windows Firewall Setting Tool
"InstallShield_{78F2FF7C-AC3C-430C-83A7-E2859FBA630A}" = Panasonic Printer Drivers
"InstallShield_{F0520D42-802C-4C30-B8CF-8DCA7DD84B41}" = Panasonic Job Status Utility
"Jpeg Scrubber 2.0_is1" = Jpeg Scrubber 2.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero Lite" = Nero Lite 8.0.3.0
"nLite_is1" = nLite 1.4.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PIPI_is1" = PIPI 2.4.0.1
"Powerword 2007_is1" = Powerword 2007
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 6.0" = RealPlayer
"Sina Web TV" = Sina Web TV
"Snapshot Viewer" = Snapshot Viewer
"Sogou Input" = 搜狗拼音输入法 4.1正式版
"SopCast" = SopCast 3.0.3
"Souptoys" = Souptoys
"Spyware Doctor" = Spyware Doctor 7.0
"Storm Codec 5" = Storm Codec
"storm2" = 暴风影音
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"thunder_is1" = 迅雷5
"TVAnts 1.0" = TVAnts 1.0
"UltraISO_is1" = UltraISO 8.0 Premium Edition
"Virtual Tutor System 3.0" = Virtual Tutor System 3.0
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WinZip_is1" = WinZip v12.1 (8519)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zune" = Zune
"快播(QvodPlayer) 3.5 v3.5.0 build 0060" = 快播(QvodPlayer) 3.5 v3.5.0 build 0060
"快车(FlashGet)" = 快车(FlashGet) 1.9.6.1073
"研经工具 2.2 版" = 研经工具 2.2 版
"迅雷游戏大厅" = 迅雷游戏大厅

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"iQ Browser" = iQ Browser 0.9.4

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=RGruvz5DIpaiNkGybB46tQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
  O4 - HKLM..\Run: [goyqbixo] C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa\bfpvbfutssd.exe File not found
  O4 - HKLM..\Run: [jfproc] Reg Error: Invalid data type. File not found
  O4 - HKCU..\Run: [goyqbixo] C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa\bfpvbfutssd.exe File not found
  [2010/04/26 08:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa
  
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

========== OTL ==========
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=RGruvz5DIpaiNkGybB46tQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\goyqbixo not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jfproc not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\goyqbixo not found.
Folder C:\Documents and Settings\John\Local Settings\Application Data\adeqwjufa\ not found.

OTL by OldTimer - Version 3.2.3.0 log created on 04262010_154847

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

After restart, I lost internet connection and incoming email, but Skype is OK, pls adv....urgent!!

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
   

In Firefox

1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
   
2. Click the apply button and restart that computer in normal mode.
   

Please post the MBAM log.