O31 - Unknown - SEApproved: {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - C:\WINDOWS\system32\ - Microsoft Corporation - Compressed (zipped) Folders - 6.0.2900.2180 - 465408 - 08fa93556c2dcd998378f00b0ce39d2e
O31 - Unknown - SEApproved: {BD472F60-27FA-11cf-B8B4-444553540000} - C:\WINDOWS\system32\ - Microsoft Corporation - Compressed (zipped) Folders - 6.0.2900.2180 - 465408 - 08fa93556c2dcd998378f00b0ce39d2e
O31 - Unknown - SEApproved: {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - C:\WINDOWS\system32\ - Microsoft Corporation - Compressed (zipped) Folders - 6.0.2900.2180 - 465408 - 08fa93556c2dcd998378f00b0ce39d2e
O31 - Unknown - SEApproved: {ECF03A33-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\ - Microsoft Corporation - My Documents Folder UI - 6.0.2900.2180 - 91136 - df133fd2fe0e38a48b626c8863022933
O31 - Unknown - SEApproved: {ECF03A32-103D-11d2-854D-006008059367} - C:\WINDOWS\system32\ - Microsoft Corporation - My Documents Folder UI - 6.0.2900.2180 - 91136 - df133fd2fe0e38a48b626c8863022933
O31 - Unknown - SEApproved: {4a7ded0a-ad25-11d0-98a8-0800361b1103} - C:\WINDOWS\system32\ - Microsoft Corporation - My Documents Folder UI - 6.0.2900.2180 - 91136 - df133fd2fe0e38a48b626c8863022933
O31 - Unknown - SEApproved: {60fd46de-f830-4894-a628-6fa81bc0190d} - C:\WINDOWS\system32\ - Microsoft Corporation - Photo Printing Wizard - 5.1.2600.2180 - 166912 - 6842512cb971d848ea3aba5cca9a36ed
O31 - Unknown - SEApproved: {0CD7A5C0-9F37-11CE-AE65-08002B2E1262} - C:\WINDOWS\system32\ - Microsoft - Cabinet File Viewer Shell Extension - 6.0.2900.2180 - 90624 - ef283188c701c8bfcc5187f3b2c547b2
O31 - Unknown - SEApproved: {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - C:\Program Files\Real\RealPlayer\ - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.1946 - 49198 - 68718fbfe1513aaeed9bf319d912bb47
O31 - Unknown - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\ - - - - 128512 - 2b7421a2351fbfa6e29141c46aea6b57
O31 - Unknown - SEApproved: {63542C48-9552-494A-84F7-73AA6A7C99C1} - C:\Program Files\WPS Office StormBeta 1.0\program\ - - - 1.0.0.0 - 274507 - 85fed1579e83bea2169b7997a3a4a146
O31 - Unknown - SEApproved: {e82a2d71-5b2f-43a0-97b8-81be15854de8} - C:\WINDOWS\system32\ - Microsoft Corporation - Application Deployment Support Library - 2.0.50727.42 - 83456 - b3511383c8be3a8c5b88a78971fc1141
O31 - Unknown - SEApproved: {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - C:\WINDOWS\system32\ - Microsoft Corporation - Application Deployment Support Library - 2.0.50727.42 - 83456 - b3511383c8be3a8c5b88a78971fc1141
O31 - Unknown - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\ - - - - 128512 - 2b7421a2351fbfa6e29141c46aea6b57
O31 - Unknown - LSA: Security Packages - sv1_0.dll - - - - - 0- -
O31- Unknown - LSA: Security Packages - - - - - 0 -
=======================================
O40 - - Kaspersky Lab - C:\WINDOWS\system32\ - Logon Visualizer - 2fb94ab158eb54a2212c8087b7e72340
O40 - - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ - Script Checker - 632a777961e99cb61b28599555a2f7a7
O40 - - Grigri - C:\WINDOWS\system32\ - Apply a background to the shell context menu - edd37826a42283aa3f25a4c639d689fa
O40 - - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ - Windows Shell Extension - 0904502f01d0d2a42082f0f35b18071c
O40 - - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\ - Microsoft? C Runtime Library - 16d7ddf3b659f7cf1cb9f4dcff4219f0
O40 - - Microsoft Corporation - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\ - Microsoft? C++ Runtime Library - 2bc650257fb0867abd54fd460ec2bafc
O40 - - Microsoft Corporation - C:\WINDOWS\system32\ - Send Mail - 5d6e81555a9906ef7469d5d7a35e19ad
O40 - - Intel Corporation - C:\WINDOWS\system32\ - xxxxres Module - 81e6a8e02cc31e547e3eab082b1dd544
O40 - - Intel Corporation - C:\WINDOWS\system32\ - igfxdev Module - eccf988ebf3ade5792915e60c3d274dc
O40 - - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ - Script Checker AV Plugin - d7e7992479709ff02a33669e5dacf878
O40 - - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ - PR_REMOTE - 20be3997fe3f091a3b0d634fb9d62259
O40 - - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ - Prague Loader - 22217717571205531e517b62a54fd861
O40 - - Microsoft Corporation - C:\WINDOWS\system32\ - Application Deployment Support Library - b3511383c8be3a8c5b88a78971fc1141
O40 - - Microsoft Corporation - C:\WINDOWS\system32\ - Microsoft .NET Runtime Execution Engine - 34bc771730448718ab771255888c783d
O40 - - - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll - DsBho - e2611893ee8a1d5118149a15ee6c9669
O40 - - Thunder Networking Technologies,LTD - C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll - DataProcessor - 7bfb3e14c7b181b47528f57855eaedc5
O40 - - Microsoft Corporation - C:\WINDOWS\system32\ - Task Scheduler interface DLL - d919668e8d62485c9834d28691761505
O40 - - Microsoft Corporation - C:\WINDOWS\\Framework\v2.0.50727\ - Microsoft COM Runtime Fusion Assembly Viewer - 5b746df7ff55229630fe2815b348149c
O40 - - Microsoft Corporation - C:\WINDOWS\\Framework\v2.0.50727\ - Assembly manager - ad23bb6b329c7d5ee8a43b89e2fd4fd2
O40 - - Microsoft Corporation - C:\WINDOWS\\Framework\v2.0.50727\ - Microsoft Globalization Support - ad060608376e3195b4545928f43653d8
O40 - - Microsoft Corporation - C:\WINDOWS\\Framework\v2.0.50727\ - Microsoft COM Runtime Fusion Assembly Viewer Resources - bffb11607d65a61461ba73d9b85a62cd
=======================================
O41 - ALCXSENS - Sensaura WDM 3D Audio Driver - C:\WINDOWS\system32\drivers\ - (running) - Sensaura WDM 3D Audio Driver - Sensaura Ltd - a9355a51698f6901b362ef738b15631d
O41 - Apaidi - Apaidi - C:\WINDOWS\system32\drivers\ - (running) - - - f60f0a380c6cf97dc05c7d01adb2c217
O41 - Eudemon - Eudemon - C:\WINDOWS\system32\drivers\ - (running) - Eudemon - EUDEMON Computer Consultants Ltd - da9d1642dd9946736f11056632d71145
O41 - IdeBusDr - Intel Application Accelerator Driver - C:\WINDOWS\system32\drivers\ - (running) - Intel Application Accelerator Driver - Intel Corporation - 791f0829de88dd0ca77192f0dfad03b6
O41 - IdeChnDr - Intel Application Accelerator Driver - C:\WINDOWS\system32\drivers\ - (running) - Intel Application Accelerator Driver - Intel Corporation - 7d2b8be9e89628663c1fb571f7c34062
O41 - klif - spuper-ptor - C:\WINDOWS\system32\drivers\ - (running) - spuper-ptor - Kaspersky Lab - 1b28fa1580438192a14e88b5834397ca
O41 - QKeyService - KeyCrypt Device Driver - C:\WINDOWS\system32\ - (running) - KeyCrypt Device Driver - Tencent Technology (Shenzhen) Company Limited - 184c25ef0595c06c8a3f3c2fd584d891
O41 - Sentinel - Sentinel - C:\WINDOWS\system32\drivers\ - (running) - - - 99c81af18c0bf4d3b2ce0b36941e150f
O41 - sptd - sptd - C:\WINDOWS\system32\drivers\ - (running) - - -
O41 - ATSpy - ATSpy - C:\WINDOWS\system32\ - (not running) - - -
O41 - npkcrypt - npkcrypt - C:\WINDOWS\system32\ - (not running) - - -
O41 - npkycryp - npkycryp - C:\WINDOWS\system32\ - (not running) - - -
O41 - TSP - spuper-ptor - C:\WINDOWS\system32\drivers\ - (not running) - spuper-ptor - Kaspersky Lab - 1b28fa1580438192a14e88b5834397ca
=======================================
=3.5.2.1001
=3.5.1.1001
=3.5.1.1001
=2.0.0.3000
=3.0.2.1000
=1.0.1.1016
=======================================
Operation history report:
-----------------------------------
2007-06-21 11:01
Clean up the bad review software - WinDHCPsvc - C:\WINDOWS\system32\
Clean up the bad review software - msccrt - C:\WINDOWS\system32\
Clean up the bad review software - msdebug * - C:\WINDOWS\system32\
Clean up the bad review software - - C:\DOCUME~1\Zhang Jianguo\LOCALS~1\Temp\
Clean up the bad review software - winform - C:\WINDOWS\system32\
Clean up the bad review software - upxdnd * - C:\WINDOWS\system32\
Clean up the bad review software - Tianlong Bazi's account thief horse - C:\WINDOWS\system32\
Clean up the bad review software - Kvsc3 - C:\WINDOWS\
Clean up the bad review software - - C:\DOCUME~1\Zhang Jianguo\LOCALS~1\Temp\
Clean up the bad review software - The * Horse with the Westward Journey - C:\WINDOWS\system32\
Clean up the bad review software - Inquiry game account robbery horse - C:\DOCUME~1\Zhang Jianguo\LOCALS~1\Temp\IEXPLO~
Clean up the malrated review software - Unknown automatic running program (Autorun) - C:\
2007-06-21 11:03
Clean up the bad review software - WinDHCPsvc -
Clean up bad review software - msccrt -
Clean up the bad review software - upxdnd * -
Clean up bad review software - winform -
Clean up the malcomer software- - -
Clean up bad review software - Kvsc3 -
Clean up the bad review software - The * Horse of the Tianlong Bazi -
Clean up bad review software - Ask the game account thief horse-
Clean up the malicious review software - msdebug * -
2007-06-21 14:18
Clean up the malrated review software - Unknown automatic running program (Autorun) - C:\
2007-06-21 15:59
Clean up the malcomer software - Super Tornado Download Component -
Clean up bad review software - Chinese Soso -
2007-07-05 16:21
Clean up the malcomer software - etcetera toolbar - C:\Program Files\VVSN
2007-06-21 11:53
Plugin Management - Tomato Bar Toolbar - C:\WINDOWS\system32\
Plug-in Management - Express (FlashGet) -
2007-06-21 15:56
Plugin Management - Chinese Soso - C:\PROGRA~1\TENCENT\SSPlus\
Plug-in Management - Super Tornado Download Component - E:\ Jacky Cheung~1\other\Tencent QQ~1.6\QQDOWN~1\QQIEHE~
2007-06-21 15:56
Plug-in Management - Chinese Soso - C:\WINDOWS\system32\
2007-06-21 15:56
Plug-in Management - Super Tornado Download Component - E:\ Jacky Cheung~1\other\Tencent QQ~1.6\QQDOWN~1\QQIEHE~
2007-06-25 15:30
Plug-in Management - Super Tornado Download Component -
2007-07-05 16:25
Clean up the positive review plug-in - POCO Online Magazine Playing Plug-in - C:\Program Files\PocoZinePlayer
--------------------------------------------------------------------------------------------------------------------------------
2007-06-21 11:54
O9 - Unknown - Tomato Garden -
O9 - Unknown - Information Retrieval- - C:\PROGRA~1\MICROS~2\OFFICE11\
2007-06-25 15:31
100 - Unknown - - C:\Program Files\WinRAR\
2007-07-05 16:40
100 - Unknown - - C:\WINDOWS\system32\
O4 - Unknown - Microsoft Value Service -
O4 - Unknown - Microsoft Windows-
O4 - Unknown - Microsoft Value Service -
O4 - Unknown - Microsoft Value Service -
O30 - Unknown - - C:\WINDOWS\system32\
O23 - Unknown - EnGenius Network Analysis Tool - "C:\WINDOWS\system32\dllcache\"
2007-07-06 15:56
100 - Unknown - - C:\WINDOWS\system32\
100 - Unknown - - Destroy
100 - Unknown - - Destroy
2007-07-06 15:57
100 - Unknown - - Destroy
O4 - Unknown - Microsoft Value Service -
O4 - Unknown - Microsoft Value Service -
2007-07-08 09:39
100 - Unknown - - C:\WINDOWS\system32\
2007-07-08 09:40
O4 - Unknown - Microsoft Value Service -
2007-07-08 09:40
O4 - Unknown - Microsoft Value Service -
2007-07-08 09:40
O23 - Unknown - EnGenius Network Analysis Tool - "C:\WINDOWS\system32\dllcache\"
2007-07-08 12:46
O4 - Unknown - Microsoft Value Service -
2007-07-08 12:46
O23 - Unknown - EnGenius Network Analysis Tool - "C:\WINDOWS\system32\dllcache\"
O23 - Unknown - MSSQLSERVER - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-sMSSQLSERVER
O23 - Security - MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
O23 - Unknown - SQLSERVERAGENT - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-i MSSQLSERVER
O23 - Unknown - TongBackupSrv - C:\WINDOWS\system32\
O23 - UFNet - C:\WINDOWS\system32\
2007-07-08 12:46
100 - Unknown - - C:\WINDOWS\system32\
2007-07-08 12:46
100 - Safety - - C:\WINDOWS\system32\
2007-07-08 12:47
O23 - Unknown - EnGenius Network Analysis Tool - "C:\WINDOWS\system32\dllcache\"
O23 - Unknown - MSSQLSERVER - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-sMSSQLSERVER
O23 - Security - MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
O23 - Unknown - SQLSERVERAGENT - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-i MSSQLSERVER
O23 - Unknown - TongBackupSrv - C:\WINDOWS\system32\
O23 - UFNet - C:\WINDOWS\system32\
2007-07-09 09:06
100 - Unknown - - C:\WINDOWS\system32\
100 - Unknown - - C:\WINDOWS\system32\
O4 - Unknown - Microsoft Value Service -
O4 - Unknown - Microsoft Value Service -
O4 - Unknown - ApabiAgent - "C:\Program Files\Founder\Apabi Reader 3.0\"
O30 - Unknown - - C:\WINDOWS\system32\
O23 - Unknown - EnGenius Network Analysis Tool - "C:\WINDOWS\system32\dllcache\"
O23 - Unknown - MSSQLSERVER - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-sMSSQLSERVER
O23 - Unknown - SQLSERVERAGENT - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-i MSSQLSERVER
O23 - Unknown - TongBackupSrv - C:\WINDOWS\system32\
O23 - UFNet - C:\WINDOWS\system32\
2007-07-09 16:51
100 - Unknown - - C:\WINDOWS\system32\
100 - Unknown - - C:\WINDOWS\system32\
100 - Unknown - - C:\WINDOWS\system32\
O4 - Unknown - Microsoft Value Service -
O4 - Unknown - Microsoft -
O4 - Unknown - Microsoft Value Service -
O30 - Unknown - - C:\WINDOWS\system32\
O23 - Unknown - EnGenius Network Analysis Tool - "C:\WINDOWS\system32\dllcache\"
O23 - Unknown - MSSQLSERVER - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-sMSSQLSERVER
O23 - Unknown - SQLSERVERAGENT - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\-i MSSQLSERVER
O23 - Unknown - TongBackupSrv - C:\WINDOWS\system32\
O23 - UFNet - C:\WINDOWS\system32\
--------------------------------
2007-06-21 11:04
R0 - Danger - IE Home Page - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - Danger - IE left search page - HKLM\Software\Microsoft\Internet Explorer\Main
2007-07-05 16:44
R0 - Danger - IE Home Page - HKCU\Software\Microsoft\Internet Explorer\Main