TechSpot

"generic32.CEMU" "win64/patched.A" "generic31.ZCS" "generic29.ANPX" "generic15.CGSY" the lists go on

Solved
By sblua
Jun 25, 2013
  1. Virus Attacked:

    "generic32.CEMU"
    "win64/patched.A"
    "generic31.ZCS"
    "generic29.ANPX"
    "generic15.CGSY"
    "Luhe.Sirefef.A"

    "";"Virus identified Win64/Patched.A, c:\Windows\System32\services.exe";"Cannot be cleaned Remove manually"
    "";"Trojan horse Generic32.CEMU, c:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\U\80000064.@";"Secured"
    "";"Trojan horse Generic29.ANPX, c:\Windows\assembly\GAC_64\Desktop.ini";"Cannot be removed
    Access is denied."
    "";"Trojan horse BackDoor.Generic15.CGSY, c:\Windows\assembly\GAC_32\Desktop.ini";"Cannot be removed
    Access is denied."
    "";"Found Luhe.Sirefef.A, c:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\U\80000032.@";"Secured"

    Help Please...

    Will post the log file for
    "4-Step Viruses/Spyware/Malware Removal Preliminary Instructions"
     
  2. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.25.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Song :: SONG-PC [administrator]

    Protection: Enabled

    25/6/2013 12:23:44 PM
    mbam-log-2013-06-25 (12-23-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227650
    Time elapsed: 17 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\$Recycle.Bin\S-1-5-21-3090707503-2689606237-485621480-1000\$R8FWU86.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-3090707503-2689606237-485621480-1000\$R2BC7FH\Activator.rar (Trojan.MSIL) -> Quarantined and deleted successfully.
    C:\$Recycle.Bin\S-1-5-21-3090707503-2689606237-485621480-1000\$RIDWOI0\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
     
  4. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.20.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Song :: SONG-PC [administrator]

    25/6/2013 12:01:41 AM
    mbam-log-2013-06-25 (00-01-41).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 409575
    Time elapsed: 2 hour(s), 18 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 22
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\331D51F6-4375-C0EB-FC13-2CC4758E4C62.Addr.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\331D51F6-4375-C0EB-FC13-2CC4758E4C62.Addr (PUP.Funshion) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Program Files (x86)\BaiduAddr\{331D51F6-4375-C0EB-FC13-2CC4758E4C62}\AddressBar.dll (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\BaiduAddr\{331D51F6-4375-C0EB-FC13-2CC4758E4C62}\ASBarBroker.exe (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\cola\Music\9AC0596D90804BA4.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
    C:\KwDownload\Temp\3900E478314AF606.exe (Adware.Ebiz.K) -> Quarantined and deleted successfully.
    C:\KwDownload\Temp\9AC0596D90804BA4.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

    (end)
     
  5. sblua

    sblua TS Rookie Topic Starter Posts: 35

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611
    Run by Song at 13:11:11 on 2013-06-25
    Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.6045.3398 [GMT 8:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Fingerprint Sensor\ATService.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
    C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    c:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\system32\Dwm.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
    C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
    C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Program Files (x86)\LAN Messenger\lmc.exe
    C:\Program Files (x86)\PPStream\PPSKernel.exe
    C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
    C:\windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    c:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://toshiba.msn.com
    uDefault_Page_URL = hxxp://toshiba.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    uRun: [LAN Messenger] C:\Program Files (x86)\LAN Messenger\lmc.exe
    uRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe
    uRun: [Facebook Update] "C:\Users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
    mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [TSUScheduler] C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [APSDaemon] "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
    dRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe
    StartupFolder: C:\Users\Song\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    StartupFolder: C:\Users\Song\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: NameServer = 192.168.1.99
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D} : DHCPNameServer = 192.168.1.99
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\24142564C49502B4C4 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\341647861697 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36865716E277C6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36F666665656E26616D696C6C656 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36F666665656E26616D696C6C656 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\C4964747C656F4E656 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\D42405A40284F6473707F647 : DHCPNameServer = 10.0.0.1 8.8.8.8 8.8.4.4
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - <orphaned>
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
    x64-Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
    x64-Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    x64-Run: [Windows Mobile-based device management] C:\windows\WindowsMobile\wmdcBase.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - <orphaned>
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 kavbootc;kavbootc;C:\windows\System32\drivers\kavbootc64.sys [2013-6-24 31848]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 KDHacker;KDHacker;C:\Program Files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [2013-6-24 166776]
    R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [2012-1-5 1408904]
    R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-6-18 2734912]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-8 47032]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-7-22 212944]
    R2 kisknl;kisknl;C:\windows\System32\drivers\kisknl.sys [2013-6-24 223032]
    R2 KNBCenter;KNBCenter;C:\Users\Song\AppData\Local\liebao\LBBrowser\knbcenter.exe [2013-6-24 456544]
    R2 kxescore;Kingsoft Core Service;C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [2013-6-24 168784]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-20 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-20 701512]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
    R2 risdxc;risdxc;C:\windows\System32\drivers\risdxc64.sys [2013-3-20 101888]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-9-23 294848]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-20 2656536]
    R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\windows\System32\drivers\ATSwpWDF.sys [2010-6-18 770152]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
    R3 KNBDrv;KNBDrv;C:\windows\System32\drivers\knbdrv.sys [2013-6-24 90936]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-20 25928]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-7-29 92672]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-7-29 209408]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-3-20 38096]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-3-20 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-8-11 833464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
    S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-11-28 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
    S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2011-11-28 27648]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-21 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2013-06-24 13:56:3390936----a-w-C:\windows\System32\drivers\KNBDrv64.sys
    2013-06-24 13:56:3390936----a-w-C:\windows\System32\drivers\knbdrv.sys
    2013-06-24 13:55:03--------d-----w-C:\Users\Song\AppData\Local\liebao
    2013-06-24 11:33:161202688----a-w-C:\windows\System32\ac3filter64.acm
    2013-06-24 11:33:13965120----a-w-C:\windows\SysWow64\ac3filter.acm
    2013-06-24 11:33:00--------d-----w-C:\Program Files (x86)\AC3Filter
    2013-06-24 11:31:25--------d-----w-C:\ProgramData\KRSHistory
    2013-06-24 11:29:51--------d-----w-C:\Program Files (x86)\kingsoft
    2013-06-24 11:26:45206336----a-w-C:\windows\System32\unrar64.dll
    2013-06-24 11:26:45148992----a-w-C:\windows\System32\lagarith.dll
    2013-06-24 11:26:24127488----a-w-C:\windows\System32\ff_vfw.dll
    2013-06-24 11:26:23--------d-----w-C:\Program Files\K-Lite Codec Pack x64
    2013-06-24 10:52:34--------d-----w-C:\Program Files (x86)\MPC-HC
    2013-06-24 10:46:05225280----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2013-06-24 10:45:26--------d-----w-C:\Program Files (x86)\x264 Video Codec
    2013-06-24 09:29:31--------d-----w-C:\Program Files (x86)\eymd
    2013-06-24 09:20:14--------d-----w-C:\Program Files (x86)\TornTV.com
    2013-06-18 08:46:51--------d-----w-C:\Users\Song\AppData\Roaming\RealNetworks
    2013-06-18 08:45:46--------d-----w-C:\Program Files (x86)\RealNetworks
    2013-06-18 08:45:44--------d-----w-C:\ProgramData\RealNetworks
    2013-06-18 08:44:46--------d-----w-C:\Program Files (x86)\Common Files\xing shared
    2013-06-18 08:44:26153736----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2013-06-18 08:44:07124504----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    2013-06-17 14:00:53--------d-----w-C:\Program Files (x86)\GRETECH
    2013-06-14 07:27:10--------d-----w-C:\windows\WindowsMobile
    2013-06-13 03:36:581767936----a-w-C:\windows\SysWow64\wininet.dll
    2013-06-13 03:36:542241024----a-w-C:\windows\System32\wininet.dll
    2013-06-12 15:43:211910632----a-w-C:\windows\System32\drivers\tcpip.sys
    2013-06-12 15:28:02751104----a-w-C:\windows\System32\win32spl.dll
    2013-06-12 15:28:02492544----a-w-C:\windows\SysWow64\win32spl.dll
    2013-06-12 15:27:5830720----a-w-C:\windows\System32\cryptdlg.dll
    2013-06-12 15:27:5824576----a-w-C:\windows\SysWow64\cryptdlg.dll
    2013-06-12 15:27:491424384----a-w-C:\windows\System32\WindowsCodecs.dll
    2013-06-12 15:27:481230336----a-w-C:\windows\SysWow64\WindowsCodecs.dll
    2013-06-12 15:26:25903168----a-w-C:\windows\SysWow64\certutil.exe
    2013-06-12 15:26:2552224----a-w-C:\windows\System32\certenc.dll
    2013-06-12 15:26:2543008----a-w-C:\windows\SysWow64\certenc.dll
    2013-06-12 15:26:25184320----a-w-C:\windows\System32\cryptsvc.dll
    2013-06-12 15:26:251464320----a-w-C:\windows\System32\crypt32.dll
    2013-06-12 15:26:25140288----a-w-C:\windows\SysWow64\cryptsvc.dll
    2013-06-12 15:26:25139776----a-w-C:\windows\System32\cryptnet.dll
    2013-06-12 15:26:251192448----a-w-C:\windows\System32\certutil.exe
    2013-06-12 15:26:251160192----a-w-C:\windows\SysWow64\crypt32.dll
    2013-06-12 15:26:25103936----a-w-C:\windows\SysWow64\cryptnet.dll
    2013-06-12 15:19:361887232----a-w-C:\windows\System32\d3d11.dll
    2013-06-12 15:19:361505280----a-w-C:\windows\SysWow64\d3d11.dll
    2013-06-10 06:46:03--------d-----w-C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
    2013-06-10 06:43:49--------d-----w-C:\Program Files (x86)\Benjamin Moore
    2013-06-07 04:21:07--------d-----w-C:\Users\Song\AppData\Roaming\webex
    2013-06-07 04:19:21--------d-----w-C:\ProgramData\WebEx
    2013-05-27 04:43:324096---ha-w-C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    .
    ==================== Find3M ====================
    .
    2013-06-24 11:30:2219352----a-w-C:\windows\System32\drivers\ksskrpr.sys
    2013-06-24 11:30:2124472----a-w-C:\windows\System32\drivers\bc.sys
    2013-06-24 11:30:21166776----a-w-C:\windows\System32\drivers\kdhacker64.sys
    2013-06-24 11:30:21127992----a-w-C:\windows\System32\drivers\kdhacker.sys
    2013-06-24 11:30:16223032----a-w-C:\windows\System32\drivers\kisknl64.sys
    2013-06-24 11:30:16223032----a-w-C:\windows\System32\drivers\kisknl.sys
    2013-06-24 11:30:1531848----a-w-C:\windows\System32\drivers\kavbootc64.sys
    2013-06-24 11:30:1427240----a-w-C:\windows\System32\drivers\kavbootc.sys
    2013-06-24 11:30:1118296----a-w-C:\windows\System32\drivers\kusbquery64.sys
    2013-06-24 11:30:1114200----a-w-C:\windows\System32\drivers\kusbquery.sys
    2013-06-24 11:30:1084328----a-w-C:\windows\System32\drivers\ksapi.sys
    2013-06-19 05:13:22137840----a-w-C:\Program Files (x86)\Uninstall.exe
    2013-06-18 08:43:44499712----a-w-C:\windows\SysWow64\msvcp71.dll
    2013-06-18 08:43:44348160----a-w-C:\windows\SysWow64\msvcr71.dll
    2013-06-12 09:35:5471048----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 09:35:54692104----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-08 12:28:462706432----a-w-C:\windows\System32\mshtml.tlb
    2013-06-08 11:13:192706432----a-w-C:\windows\SysWow64\mshtml.tlb
    2013-05-27 04:43:324096---ha-w-C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-05-17 01:25:272877440----a-w-C:\windows\SysWow64\jscript9.dll
    2013-05-17 01:25:2661440----a-w-C:\windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26109056----a-w-C:\windows\SysWow64\iesysprep.dll
    2013-05-17 00:58:103958784----a-w-C:\windows\System32\jscript9.dll
    2013-05-17 00:58:0867072----a-w-C:\windows\System32\iesetup.dll
    2013-05-17 00:58:08136704----a-w-C:\windows\System32\iesysprep.dll
    2013-05-14 12:23:2589600----a-w-C:\windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:1371680----a-w-C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-04-27 18:09:2218760----a-w-C:\windows\SysWow64\QQVistaHelper.dll
    2013-04-13 05:49:23135168----a-w-C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19350208----a-w-C:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19308736----a-w-C:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19111104----a-w-C:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16474624----a-w-C:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:152176512----a-w-C:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45:081656680----a-w-C:\windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54265064----a-w-C:\windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53983400----a-w-C:\windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:503153920----a-w-C:\windows\System32\win32k.sys
    2013-04-04 06:50:3225928----a-w-C:\windows\System32\drivers\mbam.sys
    2013-03-28 18:53:48246072----a-w-C:\windows\System32\drivers\avgidsdrivera.sys
    .
    ============= FINISH: 13:13:16.27 ===============
     

    Attached Files:

  6. sblua

    sblua TS Rookie Topic Starter Posts: 35

    I couldnt wait any longer and found similar problems on: http://www.techspot.com/community/t...vices-exe-cannot-be-cleaned-remove-ma.193218/

    I tried the Roguekiller for 64bit and here's the report:
    Report 1
    RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Song [Admin rights]
    Mode : Scan -- Date : 06/25/2013 13:33:25
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] knbcenter.exe -- C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [7] -> KILLED [TermThr]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][File] @ : C:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\@ [-] --> FOUND
    [ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
    [ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
    [ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
    [ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
    [Aslr|ZeroAccess][File] services.exe : C:\Windows\System32\services.exe [-] --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA THNSNB128GMCJ +++++
    --- User ---
    [MBR] 5d602c4232bff7fab3bb919b984d4b52
    [BSP] 6368ab6eb2d09f29dcee8be95b7cf837 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 108391 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 225058816 | Size: 12212 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_06252013_133325.txt >>

     
  7. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Report 2
    RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Song [Admin rights]
    Mode : Remove -- Date : 06/25/2013 14:03:27
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] knbcenter.exe -- C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [7] -> KILLED [TermThr]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][File] @ : C:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\@ [-] --> DELETED
    [ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> REMOVED AT REBOOT
    [ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> REMOVED AT REBOOT
    [ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
    [Aslr|ZeroAccess][File] services.exe : C:\Windows\System32\services.exe [-] --> REPLACED AT REBOOT -> (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA THNSNB128GMCJ +++++
    --- User ---
    [MBR] 5d602c4232bff7fab3bb919b984d4b52
    [BSP] 6368ab6eb2d09f29dcee8be95b7cf837 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 108391 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 225058816 | Size: 12212 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_06252013_140327.txt >>
    RKreport[0]_S_06252013_133325.txt

     
  8. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Log after run through: Malwarebytes Anti-Rootkit (MBAR)
    Mbarlog.txt
    Malwarebytes Anti-Rootkit BETA 1.06.0.1004
    www.malwarebytes.org

    Database version: v2013.06.25.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Song :: SONG-PC [administrator]

    25/6/2013 2:50:05 PM
    mbar-log-2013-06-25 (14-50-05).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 254971
    Time elapsed: 42 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
    c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)


    (end)
     
  9. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Systemlog.txt
    test
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16618

    Java version: 1.6.0_20

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.795000 GHz
    Memory total: 6338166784, free: 3435237376

    Downloaded database version: v2013.06.25.02
    Initializing...
    ------------ Kernel report ------------
    06/25/2013 14:49:20
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\kavbootc64.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\DRIVERS\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\risdxc64.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\System32\Drivers\ATSwpWDF.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\windows\system32\drivers\kisknl.sys
    \??\C:\windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\windows\system32\drivers\KNBDrv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8005c4c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xfffffa8005a0a050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005c4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005a09b20, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8005a0a050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6ECF545C

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 221984768

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 225058816 Numsec = 25010176
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
    Done!
    Read File: File "c:\programdata\avg2013\chjw\3a623b24623ae473.dat:d98f843e-3bce-446c-889a-99299f5e842b" is sparse (flags = 32768)
    Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
    Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_225058816_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

    Removal finished
     
  10. sblua

    sblua TS Rookie Topic Starter Posts: 35

    fixdamage tool that was included with Malwarebytes Anti-Rootkit located in the mbar\plugins was run.

    The good things are: AVG doesnt prompt anymore to tell me there are still viruses..

    But what's happening to my computer now is..
    After I log in.. I can run everything smoothly for less than 1 min.. After 1 min, it just doesnt listen to me no matter what button I hit including Ctrl + Alt + Del, it only know power off button.

    Did I do too far than I should do?
     
  11. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    First of all if you want me to continue helping you observe rules I posted in my very first reply especially:
    ...and this is exactly what happened.

    If you don't adhere to my rules I'll close this topic.

    =============================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
     
  12. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Sorry.. Didnt see that rules.


    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 02
    Ran by SYSTEM on 26-06-2013 11:29:57
    Running from E:\
    Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery

    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12681320 2011-08-25] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
    HKLM\...\Run: [BatteryManager] %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start [925104 2010-03-02] (TOSHIBA)
    HKLM\...\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start [789368 2010-11-04] (TOSHIBA)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-09-22] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
    HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
    HKLM-x32\...\Run: [TSUScheduler] %ProgramFiles(x86)%\TOSHIBA\Sync Utility\TosSyncScheduler.exe [x]
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-27] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "c:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-19] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-18] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1306272 2013-06-24] (Kingsoft Corporation)
    HKU\Song\...\Run: [LAN Messenger] C:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
    HKU\Song\...\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe [3682168 2013-01-22] (PPStream Inc.)
    HKU\Song\...\Run: [Facebook Update] "C:\Users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-04-17] (Facebook Inc.)
    HKU\Song\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-18] (Skype Technologies S.A.)
    HKU\Song\...\Run: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background [129048 2013-04-27] (Tencent)
    HKU\Song\...\Run: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
    ShortcutTarget: Facebook Messenger.lnk -> (No File)
    Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) =================

    S2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-01-05] (Flexera Software, Inc.)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
    S2 KNBCenter; C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [456544 2013-06-24] (Kingsoft Corporation)
    S2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [168784 2013-06-24] (Kingsoft Corporation)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-03] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-03] (Malwarebytes Corporation)
    S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-15] ()

    ==================== Drivers (Whitelisted) ====================

    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
    S0 kavbootc; C:\Windows\System32\drivers\kavbootc64.sys [31848 2013-06-24] (Kingsoft Corporation)
    S1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [166776 2013-06-24] (Kingsoft Corporation)
    S1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [166776 2013-06-24] (Kingsoft Corporation)
    S2 kisknl; C:\windows\system32\drivers\kisknl.sys [223032 2013-06-24] (Kingsoft Corporation)
    S2 kisknl; C:\windows\system32\drivers\kisknl.sys [223032 2013-06-24] (Kingsoft Corporation)
    S3 KNBDrv; C:\windows\system32\drivers\KNBDrv.sys [90936 2013-06-24] (Kingsoft Corporation)
    S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-06-24] ()
    S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-06-24] ()
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
    S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-26 11:29 - 2013-06-26 11:29 - 00000000 ____D C:\FRST
    2013-06-24 23:04 - 2013-06-24 23:04 - 00000000 ____D C:\ProgramData\KSafeCommon
    2013-06-24 22:36 - 2013-06-24 22:36 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
    2013-06-24 22:26 - 2013-06-24 22:26 - 00000000 ____D C:\Users\Song\Downloads\mbar-1.06.0.1004
    2013-06-24 22:03 - 2013-06-24 22:03 - 00004258 ____A C:\Users\Song\Desktop\RKreport[0]_D_06252013_140327.txt
    2013-06-24 22:03 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2013-06-24 21:33 - 2013-06-24 21:33 - 00003863 ____A C:\Users\Song\Desktop\RKreport[0]_S_06252013_133325.txt
    2013-06-24 21:23 - 2013-06-24 22:03 - 00000000 ____D C:\Users\Song\Desktop\RK_Quarantine
    2013-06-24 21:23 - 2013-06-24 21:23 - 13399154 ____A C:\Users\Song\Downloads\mbar-1.06.0.1004.zip
    2013-06-24 21:22 - 2013-06-24 21:23 - 03759104 ____A C:\Users\Song\Downloads\RogueKillerX64.exe
    2013-06-24 21:13 - 2013-06-24 21:18 - 00017215 ____A C:\Users\Song\Desktop\attach.txt
    2013-06-24 21:13 - 2013-06-24 21:13 - 00029761 ____A C:\Users\Song\Desktop\dds.txt
    2013-06-24 18:55 - 2013-06-24 18:55 - 00001021 ____A C:\Users\Song\Desktop\avg.txt
    2013-06-24 06:24 - 2013-06-24 06:42 - 00002088 ____A C:\Users\Song\Desktop\32.CEMU.txt
    2013-06-24 05:56 - 2013-06-24 06:02 - 00001216 ____A C:\Users\Song\Desktop\???????.lnk
    2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\KNBDrv64.sys
    2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\knbdrv.sys
    2013-06-24 05:55 - 2013-06-24 05:55 - 00000000 ____D C:\Users\Song\AppData\Local\liebao
    2013-06-24 03:48 - 2013-06-24 03:48 - 00002126 ____A C:\Users\Public\Desktop\??????.lnk
    2013-06-24 03:36 - 2013-06-24 03:36 - 01225254 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604 (1).exe
    2013-06-24 03:33 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\AC3Filter
    2013-06-24 03:33 - 2012-06-17 06:18 - 01202688 ____A C:\Windows\System32\ac3filter64.acm
    2013-06-24 03:33 - 2012-06-17 06:10 - 00965120 ____A C:\Windows\SysWOW64\ac3filter.acm
    2013-06-24 03:32 - 2013-06-24 03:32 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2013-06-24 03:30 - 2013-06-24 23:24 - 00000000 __SHD C:\KRECYCLE
    2013-06-24 03:30 - 2013-06-24 03:49 - 00000000 ____D C:\ProgramData\Kingsoft
    2013-06-24 03:30 - 2013-06-24 03:33 - 00000000 ____D C:\Users\Song\AppData\Roaming\kingsoft
    2013-06-24 03:30 - 2013-06-24 03:30 - 04563950 ____A (Alexander Vigovsky ) C:\Users\Song\Downloads\ac3filter_2_5b.exe
    2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00166776 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00127992 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00084328 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksapi.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00031848 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00027240 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00024472 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\bc.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00019352 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksskrpr.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00001070 ____A C:\Users\Public\Desktop\???.lnk
    2013-06-24 03:30 - 2013-06-24 03:30 - 00000000 ____D C:\Users\Song\AppData\Local\Kingsoft
    2013-06-24 03:29 - 2013-06-24 03:30 - 00000000 ____D C:\Program Files (x86)\kingsoft
    2013-06-24 03:26 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
    2013-06-24 03:26 - 2013-06-21 10:00 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
    2013-06-24 03:26 - 2012-06-09 09:21 - 00206336 ____A C:\Windows\System32\unrar64.dll
    2013-06-24 03:26 - 2011-12-07 09:37 - 00148992 ____A ( ) C:\Windows\System32\lagarith.dll
    2013-06-24 03:24 - 2013-06-24 03:25 - 12414036 ____A ( ) C:\Users\Song\Downloads\K-Lite_Codec_Pack_999_x64.exe
    2013-06-24 03:18 - 2013-06-24 03:18 - 10577882 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604.exe
    2013-06-24 03:15 - 2013-06-24 03:15 - 12231680 ____A (x264 project) C:\Users\Song\Downloads\x264.exe
    2013-06-24 03:10 - 2013-06-24 03:27 - 19212288 ____A (Kingsoft Corporation) C:\Users\Song\Downloads\kavsetup130624_99_50.exe
    2013-06-24 02:53 - 2013-06-24 02:53 - 00000000 ____D C:\Users\Song\AppData\Roaming\Media Player Classic
    2013-06-24 02:52 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\MPC-HC
    2013-06-24 02:45 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-24 01:29 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\eymd
    2013-06-24 01:20 - 2013-06-24 01:23 - 00000000 ____D C:\Program Files (x86)\TornTV.com
    2013-06-24 01:18 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2013-06-21 03:54 - 2013-06-21 03:54 - 00000000 ____D C:\Users\Song\Documents\OneNote Notebooks
    2013-06-20 21:00 - 2013-06-20 21:00 - 00087239 ____A C:\Users\Song\Downloads\KTMB_KL Sentral.kml
    2013-06-20 18:15 - 2013-06-20 18:15 - 00003252 ____A C:\Users\Song\Downloads\KMLEditor.jnlp
    2013-06-20 18:02 - 2013-06-20 18:03 - 04815135 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.1_win32-setup.exe
    2013-06-20 03:31 - 2013-06-20 03:32 - 01266667 ____A C:\Users\Song\Downloads\project_ukm.zip
    2013-06-19 16:14 - 2013-06-19 16:14 - 01814245 ____A C:\Users\Song\Downloads\AS14988.zip
    2013-06-19 03:32 - 2013-06-19 03:46 - 00000000 ____D C:\Users\Song\Downloads\km_final
    2013-06-19 02:08 - 2013-06-19 02:29 - 00103424 ____A C:\Users\Song\Desktop\km_final1.xls
    2013-06-18 21:10 - 2013-06-18 21:13 - 00034113 ____A C:\Program Files (x86)\Uninstall.ini
    2013-06-18 21:10 - 2013-06-18 21:13 - 00001253 ____A C:\Users\Song\Desktop\Google Earth Pro v7.1.1.1580 Final.lnk
    2013-06-18 00:46 - 2013-06-18 00:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\RealNetworks
    2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\ProgramData\RealNetworks
    2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2013-06-17 06:01 - 2013-06-24 19:23 - 00000000 ____D C:\Users\Song\AppData\Roaming\GRETECH
    2013-06-17 06:00 - 2013-06-17 06:00 - 00000000 ____D C:\Program Files (x86)\GRETECH
    2013-06-17 05:56 - 2013-06-17 05:58 - 11158200 ____A (Gretech Corporation) C:\Users\Song\Downloads\GOMPLAYERENSETUP.EXE
    2013-06-16 17:03 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-16 17:03 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-16 17:03 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-16 17:03 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-16 17:03 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-16 17:03 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-16 17:03 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-16 17:03 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-16 17:03 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-16 17:03 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-16 17:03 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-16 17:03 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-06-14 02:09 - 2013-06-14 02:10 - 57051280 ____A (Igor Pavlov) C:\Users\Song\Downloads\MapSource_6163.exe
    2013-06-13 23:54 - 2013-06-13 23:54 - 00140274 ____A C:\Users\Song\Downloads\AS10806.zip
    2013-06-13 23:36 - 2013-06-13 23:36 - 00035890 ____A C:\Users\Song\Downloads\shape_viewer.zip
    2013-06-13 23:27 - 2013-06-13 23:27 - 00000000 ____D C:\Windows\WindowsMobile
    2013-06-12 19:37 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-06-12 19:37 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-06-12 19:37 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-06-12 19:37 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-06-12 19:37 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-06-12 19:37 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-06-12 19:37 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-06-12 19:37 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-06-12 19:37 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-06-12 19:37 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-06-12 19:37 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-06-12 19:37 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-06-12 19:37 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-06-12 19:37 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-06-12 19:37 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-06-12 19:37 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-06-12 19:37 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-06-12 19:36 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-06-12 19:36 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-06-12 07:43 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-06-12 07:28 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-06-12 07:28 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2013-06-12 07:27 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
    2013-06-12 07:27 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2013-06-12 07:27 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2013-06-12 07:27 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
    2013-06-12 07:26 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-06-12 07:26 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-06-12 07:26 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-06-12 07:26 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
    2013-06-12 07:26 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-06-12 07:26 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-06-12 07:26 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-06-12 07:26 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
    2013-06-12 07:26 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
    2013-06-12 07:26 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
    2013-06-12 07:19 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2013-06-12 07:19 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
    2013-06-12 02:39 - 2013-06-12 02:39 - 00021684 ____A C:\Users\Song\Desktop\ampang_hub1&2.zip
    2013-06-09 22:46 - 2013-06-09 22:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
    2013-06-09 22:43 - 2013-06-09 22:44 - 00000000 ____D C:\Program Files (x86)\Benjamin Moore
    2013-06-09 06:08 - 2013-06-11 21:54 - 00000132 ____A C:\Users\Song\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2013-06-09 05:55 - 2013-06-09 05:55 - 00025544 ____A C:\Users\Song\Desktop\HMT_Template_PAYMENT VOUCHER.xlsx
    2013-06-09 02:52 - 2013-06-09 02:52 - 00150928 ____A C:\Users\Song\Downloads\songsclaimssince2007.zip
    2013-06-07 00:51 - 2013-06-07 00:51 - 04808816 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.0.2_win32-setup.exe
    2013-06-06 23:24 - 2013-06-06 23:24 - 00227747 ____A C:\Users\Song\Downloads\Trading Zone Listing format.pptx
    2013-06-06 23:23 - 2013-06-06 23:23 - 01145961 ____A C:\Users\Song\Downloads\ABM005 & DP020 TRADE AREA.XLSX
    2013-06-06 20:21 - 2013-06-06 20:21 - 00000000 ____D C:\Users\Song\AppData\Roaming\webex
    2013-06-06 20:19 - 2013-06-06 20:20 - 00000000 ____D C:\ProgramData\WebEx
    2013-06-05 20:21 - 2013-06-05 20:21 - 00112858 ____A C:\Users\Song\Downloads\1001-PaySlip.xlsx
    2013-06-05 20:15 - 2013-06-05 20:15 - 00047239 ____A C:\Users\Song\Downloads\2011 06 -Update & Amend. Mei Ling.xlsx
    2013-06-05 03:03 - 2013-06-05 03:04 - 00000000 ____D C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways
    2013-06-05 02:53 - 2013-06-05 02:53 - 00502423 ____A C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways.zip
    2013-06-04 23:57 - 2013-06-05 00:00 - 04718283 ____A C:\Users\Song\Downloads\retouristmapofputrajaya.zip

    ==================== One Month Modified Files and Folders =======

    2013-06-26 11:29 - 2013-06-26 11:29 - 00000000 ____D C:\FRST
    2013-06-25 19:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-25 19:09 - 2009-07-13 20:51 - 00059344 ____A C:\Windows\setupact.log
    2013-06-25 03:00 - 2013-03-19 17:51 - 00000000 ____D C:\Users\Song\AppData\Roaming\Skype
    2013-06-25 02:48 - 2013-03-19 17:51 - 00000000 ____D C:\ProgramData\MFAData
    2013-06-25 02:47 - 2013-04-27 10:09 - 00000000 ____D C:\Users\Song\Documents\Tencent Files
    2013-06-25 02:47 - 2013-03-22 23:02 - 00000000 ____D C:\ppsfile
    2013-06-25 02:47 - 2013-03-19 17:44 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-25 02:46 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2013-06-25 00:13 - 2013-03-19 20:17 - 01675939 ____A C:\Windows\WindowsUpdate.log
    2013-06-25 00:12 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-25 00:01 - 2013-03-22 23:01 - 00000000 ____D C:\Users\Song\AppData\Roaming\PPStream
    2013-06-24 23:37 - 2010-11-20 19:47 - 00734816 ____A C:\Windows\PFRO.log
    2013-06-24 23:37 - 2009-07-13 20:45 - 00027856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-24 23:37 - 2009-07-13 20:45 - 00027856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-24 23:35 - 2013-04-23 22:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-06-24 23:24 - 2013-06-24 03:30 - 00000000 __SHD C:\KRECYCLE
    2013-06-24 23:04 - 2013-06-24 23:04 - 00000000 ____D C:\ProgramData\KSafeCommon
    2013-06-24 22:54 - 2013-03-19 17:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-24 22:36 - 2013-06-24 22:36 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
    2013-06-24 22:26 - 2013-06-24 22:26 - 00000000 ____D C:\Users\Song\Downloads\mbar-1.06.0.1004
    2013-06-24 22:03 - 2013-06-24 22:03 - 00004258 ____A C:\Users\Song\Desktop\RKreport[0]_D_06252013_140327.txt
    2013-06-24 22:03 - 2013-06-24 21:23 - 00000000 ____D C:\Users\Song\Desktop\RK_Quarantine
    2013-06-24 21:33 - 2013-06-24 21:33 - 00003863 ____A C:\Users\Song\Desktop\RKreport[0]_S_06252013_133325.txt
    2013-06-24 21:23 - 2013-06-24 21:23 - 13399154 ____A C:\Users\Song\Downloads\mbar-1.06.0.1004.zip
    2013-06-24 21:23 - 2013-06-24 21:22 - 03759104 ____A C:\Users\Song\Downloads\RogueKillerX64.exe
    2013-06-24 21:18 - 2013-06-24 21:13 - 00017215 ____A C:\Users\Song\Desktop\attach.txt
    2013-06-24 21:13 - 2013-06-24 21:13 - 00029761 ____A C:\Users\Song\Desktop\dds.txt
    2013-06-24 20:18 - 2013-03-19 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-24 19:23 - 2013-06-24 03:33 - 00000000 ____D C:\Program Files (x86)\AC3Filter
    2013-06-24 19:23 - 2013-06-24 03:26 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
    2013-06-24 19:23 - 2013-06-24 02:52 - 00000000 ____D C:\Program Files (x86)\MPC-HC
    2013-06-24 19:23 - 2013-06-24 02:45 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
    2013-06-24 19:23 - 2013-06-24 01:29 - 00000000 ____D C:\Program Files (x86)\eymd
    2013-06-24 19:23 - 2013-06-24 01:18 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2013-06-24 19:23 - 2013-06-17 06:01 - 00000000 ____D C:\Users\Song\AppData\Roaming\GRETECH
    2013-06-24 19:23 - 2013-04-18 07:09 - 00000000 ____D C:\Users\Public\Documents\ppstream
    2013-06-24 19:23 - 2013-04-16 04:29 - 00000000 ____D C:\Users\Song\AppData\Roaming\uTorrent
    2013-06-24 19:23 - 2013-03-19 23:01 - 00000000 ____D C:\Users\Song\AppData\Roaming\LAN Messenger
    2013-06-24 19:23 - 2013-03-19 21:40 - 00000000 ____D C:\ProgramData\FLEXnet
    2013-06-24 19:23 - 2013-03-19 07:25 - 00000000 ____D C:\users\Song
    2013-06-24 19:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
    2013-06-24 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-06-24 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
    2013-06-24 18:55 - 2013-06-24 18:55 - 00001021 ____A C:\Users\Song\Desktop\avg.txt
    2013-06-24 18:05 - 2013-03-19 18:12 - 00000000 ____D C:\ProgramData\AVG2013
    2013-06-24 18:01 - 2013-04-17 02:55 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000UA.job
    2013-06-24 06:42 - 2013-06-24 06:24 - 00002088 ____A C:\Users\Song\Desktop\32.CEMU.txt
    2013-06-24 06:02 - 2013-06-24 05:56 - 00001216 ____A C:\Users\Song\Desktop\???????.lnk
    2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\KNBDrv64.sys
    2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\knbdrv.sys
    2013-06-24 05:55 - 2013-06-24 05:55 - 00000000 ____D C:\Users\Song\AppData\Local\liebao
    2013-06-24 03:49 - 2013-06-24 03:30 - 00000000 ____D C:\ProgramData\Kingsoft
    2013-06-24 03:48 - 2013-06-24 03:48 - 00002126 ____A C:\Users\Public\Desktop\??????.lnk
    2013-06-24 03:41 - 2013-03-19 07:27 - 00000000 ____D C:\Users\Song\AppData\Local\VirtualStore
    2013-06-24 03:36 - 2013-06-24 03:36 - 01225254 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604 (1).exe
    2013-06-24 03:33 - 2013-06-24 03:30 - 00000000 ____D C:\Users\Song\AppData\Roaming\kingsoft
    2013-06-24 03:32 - 2013-06-24 03:32 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2013-06-24 03:30 - 2013-06-24 03:30 - 04563950 ____A (Alexander Vigovsky ) C:\Users\Song\Downloads\ac3filter_2_5b.exe
    2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00166776 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00127992 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00084328 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksapi.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00031848 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00027240 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00024472 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\bc.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00019352 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksskrpr.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
    2013-06-24 03:30 - 2013-06-24 03:30 - 00001070 ____A C:\Users\Public\Desktop\???.lnk
    2013-06-24 03:30 - 2013-06-24 03:30 - 00000000 ____D C:\Users\Song\AppData\Local\Kingsoft
    2013-06-24 03:30 - 2013-06-24 03:29 - 00000000 ____D C:\Program Files (x86)\kingsoft
    2013-06-24 03:27 - 2013-06-24 03:10 - 19212288 ____A (Kingsoft Corporation) C:\Users\Song\Downloads\kavsetup130624_99_50.exe
    2013-06-24 03:25 - 2013-06-24 03:24 - 12414036 ____A ( ) C:\Users\Song\Downloads\K-Lite_Codec_Pack_999_x64.exe
    2013-06-24 03:18 - 2013-06-24 03:18 - 10577882 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604.exe
    2013-06-24 03:15 - 2013-06-24 03:15 - 12231680 ____A (x264 project) C:\Users\Song\Downloads\x264.exe
    2013-06-24 03:03 - 2013-03-19 18:13 - 00000000 ____D C:\Users\Song\AppData\Local\CrashDumps
    2013-06-24 03:00 - 2013-04-17 02:55 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000Core.job
    2013-06-24 02:53 - 2013-06-24 02:53 - 00000000 ____D C:\Users\Song\AppData\Roaming\Media Player Classic
    2013-06-24 02:46 - 2013-04-16 19:49 - 00000000 ____D C:\Users\Song\AppData\Local\Windows Live
    2013-06-24 02:35 - 2013-03-23 01:43 - 00000000 ____D C:\cola
    2013-06-24 02:25 - 2013-03-19 21:00 - 00000000 ____D C:\Song
    2013-06-24 01:51 - 2013-04-16 04:16 - 00802136 ____A (BitTorrent Inc.) C:\Users\Song\Downloads\utorrent.exe
    2013-06-24 01:23 - 2013-06-24 01:20 - 00000000 ____D C:\Program Files (x86)\TornTV.com
    2013-06-24 01:20 - 2013-03-20 07:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-06-22 02:20 - 2013-03-19 17:44 - 00000000 ____D C:\Program Files (x86)\Google
    2013-06-22 02:20 - 2013-03-19 17:43 - 00000000 ____D C:\Users\Song\AppData\Local\Google
    2013-06-21 10:00 - 2013-06-24 03:26 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
    2013-06-21 04:15 - 2013-03-19 22:44 - 00000000 ____D C:\Users\Song\Documents\Received Files
    2013-06-21 03:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-06-21 03:54 - 2013-06-21 03:54 - 00000000 ____D C:\Users\Song\Documents\OneNote Notebooks
    2013-06-21 03:45 - 2013-03-25 00:24 - 00002004 ___AH C:\Users\Song\Documents\Default.rdp
    2013-06-20 23:01 - 2013-03-19 22:57 - 00000000 ____D C:\Users\Song\AppData\Roaming\FileZilla
    2013-06-20 21:00 - 2013-06-20 21:00 - 00087239 ____A C:\Users\Song\Downloads\KTMB_KL Sentral.kml
    2013-06-20 18:15 - 2013-06-20 18:15 - 00003252 ____A C:\Users\Song\Downloads\KMLEditor.jnlp
    2013-06-20 18:04 - 2013-03-19 22:56 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
    2013-06-20 18:03 - 2013-06-20 18:02 - 04815135 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.1_win32-setup.exe
    2013-06-20 03:32 - 2013-06-20 03:31 - 01266667 ____A C:\Users\Song\Downloads\project_ukm.zip
    2013-06-19 22:25 - 2013-03-19 17:51 - 00002154 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-06-19 16:14 - 2013-06-19 16:14 - 01814245 ____A C:\Users\Song\Downloads\AS14988.zip
    2013-06-19 03:46 - 2013-06-19 03:32 - 00000000 ____D C:\Users\Song\Downloads\km_final
    2013-06-19 02:29 - 2013-06-19 02:08 - 00103424 ____A C:\Users\Song\Desktop\km_final1.xls
    2013-06-18 21:13 - 2013-06-18 21:10 - 00034113 ____A C:\Program Files (x86)\Uninstall.ini
    2013-06-18 21:13 - 2013-06-18 21:10 - 00001253 ____A C:\Users\Song\Desktop\Google Earth Pro v7.1.1.1580 Final.lnk
    2013-06-18 21:13 - 2013-05-13 04:03 - 00137840 ____A C:\Program Files (x86)\Uninstall.exe
    2013-06-18 00:46 - 2013-06-18 00:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\RealNetworks
    2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\ProgramData\RealNetworks
    2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2013-06-18 00:44 - 2013-04-16 04:59 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2013-06-18 00:44 - 2013-04-16 04:59 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2013-06-18 00:44 - 2013-04-16 04:59 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2013-06-18 00:44 - 2013-04-16 04:58 - 00000000 ____D C:\Program Files (x86)\Real
    2013-06-18 00:44 - 2013-04-16 04:54 - 00000000 ____D C:\ProgramData\Real
    2013-06-18 00:43 - 2013-04-16 04:58 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2013-06-18 00:43 - 2013-04-16 04:58 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2013-06-18 00:43 - 2011-04-07 03:20 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2013-06-17 06:00 - 2013-06-17 06:00 - 00000000 ____D C:\Program Files (x86)\GRETECH
    2013-06-17 05:58 - 2013-06-17 05:56 - 11158200 ____A (Gretech Corporation) C:\Users\Song\Downloads\GOMPLAYERENSETUP.EXE
    2013-06-16 20:48 - 2013-03-25 00:29 - 00075147 ____A C:\Users\Song\tilemill.log
    2013-06-14 02:10 - 2013-06-14 02:09 - 57051280 ____A (Igor Pavlov) C:\Users\Song\Downloads\MapSource_6163.exe
    2013-06-13 23:54 - 2013-06-13 23:54 - 00140274 ____A C:\Users\Song\Downloads\AS10806.zip
    2013-06-13 23:39 - 2013-03-21 18:00 - 00000000 ____D C:\Users\Song\.qgis
    2013-06-13 23:36 - 2013-06-13 23:36 - 00035890 ____A C:\Users\Song\Downloads\shape_viewer.zip
    2013-06-13 23:27 - 2013-06-13 23:27 - 00000000 ____D C:\Windows\WindowsMobile
    2013-06-12 22:42 - 2013-03-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft Help
    2013-06-12 02:39 - 2013-06-12 02:39 - 00021684 ____A C:\Users\Song\Desktop\ampang_hub1&2.zip
    2013-06-12 01:35 - 2013-04-23 22:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-06-12 01:35 - 2013-04-23 22:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-06-11 21:54 - 2013-06-09 06:08 - 00000132 ____A C:\Users\Song\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2013-06-11 21:37 - 2013-04-16 04:56 - 00000000 ____D C:\Users\Song\AppData\Roaming\Real
    2013-06-09 22:46 - 2013-06-09 22:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
    2013-06-09 22:44 - 2013-06-09 22:43 - 00000000 ____D C:\Program Files (x86)\Benjamin Moore
    2013-06-09 22:43 - 2013-04-16 20:05 - 00000000 ____D C:\Program Files (x86)\Adobe
    2013-06-09 20:57 - 2011-11-27 22:42 - 00000000 ____D C:\ProgramData\Adobe
    2013-06-09 06:54 - 2013-03-19 22:32 - 00000000 ____D C:\Users\Song\AppData\Local\Adobe
    2013-06-09 05:55 - 2013-06-09 05:55 - 00025544 ____A C:\Users\Song\Desktop\HMT_Template_PAYMENT VOUCHER.xlsx
    2013-06-09 02:55 - 2013-03-19 10:36 - 00000000 ____D C:\Users\Song\AppData\Roaming\Adobe
    2013-06-09 02:52 - 2013-06-09 02:52 - 00150928 ____A C:\Users\Song\Downloads\songsclaimssince2007.zip
    2013-06-08 06:08 - 2013-06-16 17:03 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-06-08 06:07 - 2013-06-16 17:03 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-06-08 06:06 - 2013-06-16 17:03 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-06-08 06:06 - 2013-06-16 17:03 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-06-08 06:06 - 2013-06-16 17:03 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-06-08 04:28 - 2013-06-16 17:03 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-06-08 03:42 - 2013-06-16 17:03 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-06-08 03:40 - 2013-06-16 17:03 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-06-08 03:40 - 2013-06-16 17:03 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-06-08 03:40 - 2013-06-16 17:03 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-06-08 03:40 - 2013-06-16 17:03 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-06-08 03:13 - 2013-06-16 17:03 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-06-07 00:51 - 2013-06-07 00:51 - 04808816 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.0.2_win32-setup.exe
    2013-06-06 23:24 - 2013-06-06 23:24 - 00227747 ____A C:\Users\Song\Downloads\Trading Zone Listing format.pptx
    2013-06-06 23:23 - 2013-06-06 23:23 - 01145961 ____A C:\Users\Song\Downloads\ABM005 & DP020 TRADE AREA.XLSX
    2013-06-06 20:21 - 2013-06-06 20:21 - 00000000 ____D C:\Users\Song\AppData\Roaming\webex
    2013-06-06 20:20 - 2013-06-06 20:19 - 00000000 ____D C:\ProgramData\WebEx
    2013-06-06 20:19 - 2013-04-22 03:49 - 00000000 ____D C:\Users\Song\AppData\Roaming\Mozilla
    2013-06-05 20:21 - 2013-06-05 20:21 - 00112858 ____A C:\Users\Song\Downloads\1001-PaySlip.xlsx
    2013-06-05 20:15 - 2013-06-05 20:15 - 00047239 ____A C:\Users\Song\Downloads\2011 06 -Update & Amend. Mei Ling.xlsx
    2013-06-05 03:04 - 2013-06-05 03:03 - 00000000 ____D C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways
    2013-06-05 02:53 - 2013-06-05 02:53 - 00502423 ____A C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways.zip
    2013-06-05 00:00 - 2013-06-04 23:57 - 04718283 ____A C:\Users\Song\Downloads\retouristmapofputrajaya.zip
    2013-05-27 06:33 - 2013-03-20 16:03 - 00000000 ____D C:\Users\Song\AppData\Roaming\Apple Computer
    2013-05-27 06:20 - 2013-04-18 07:11 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-05-27 06:20 - 2011-11-27 22:54 - 00000000 ____D C:\ProgramData\Skype
    2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
    2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
    2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
    2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
    2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

    ==================== Known DLLs (Whitelisted) ================
     
  13. sblua

    sblua TS Rookie Topic Starter Posts: 35

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-06-16 17:03:06
    Restore point made on: 2013-06-19 02:51:00
    Restore point made on: 2013-06-22 02:03:04
    Restore point made on: 2013-06-24 19:21:07
    Restore point made on: 2013-06-24 22:35:42
    Restore point made on: 2013-06-24 23:35:08

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 6044.55 MB
    Available physical RAM: 5234.69 MB
    Total Pagefile: 6042.75 MB
    Available Pagefile: 5230.37 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: (S3A4916D001) (Fixed) (Total:105.85 GB) (Free:18.39 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
    Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.18 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
    Drive e: (TOSHIBA) (Removable) (Total:7.26 GB) (Free:3.99 GB) FAT32 (Disk=1 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 6ECF545C)
    Partition 1: (Active) - (Size=1 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=106 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=7 GB) - (Type=0C)


    LastRegBack: 2013-06-12 08:18

    ==================== End Of Log ============================
     
  14. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    There is nothing malicious there anymore but let's see if we can bring your computer back to normal.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
    See if you can start normally.
     

    Attached Files:

  15. sblua

    sblua TS Rookie Topic Starter Posts: 35

    So basically I just repeated these steps? with only added in the fixlist.txt in my same pendrive?

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Yes.
    Run FRST/FRST64 and press the Fix button just once and wait.
     
  17. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2013 02
    Ran by SYSTEM at 2013-06-26 12:02:48 Run:1
    Running from E:\
    Boot Mode: Recovery
    ==============================================

    DEFAULT hive was successfully copied to System32\config\HiveBackup
    DEFAULT hive was successfully restored from registry back up.
    SAM hive was successfully copied to System32\config\HiveBackup
    SAM hive was successfully restored from registry back up.
    SECURITY hive was successfully copied to System32\config\HiveBackup
    SECURITY hive was successfully restored from registry back up.
    SOFTWARE hive was successfully copied to System32\config\HiveBackup
    SOFTWARE hive was successfully restored from registry back up.
    SYSTEM hive was successfully copied to System32\config\HiveBackup
    SYSTEM hive was successfully restored from registry back up.

    ==== End of Fixlog ====
     
  18. sblua

    sblua TS Rookie Topic Starter Posts: 35

    I restart my laptop after above fixed..

    And I think it looks fantastic now!

    Thank you so much Broni~

    (y):D (y):D (y):D (y):D
     
  19. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Good news but we're not done yet.

    Re-run MBAM (update it first), RogueKiller and MBAR (in that order).
    Post all logs.
     
  20. sblua

    sblua TS Rookie Topic Starter Posts: 35

    Wow.. we are really not done yet..
    MBAMlog.txt

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.25.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16576
    Song :: SONG-PC [administrator]

    Protection: Disabled

    26/6/2013 12:42:56 PM
    mbam-log-2013-06-26 (12-42-56).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227392
    Time elapsed: 14 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 16
    HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  21. sblua

    sblua TS Rookie Topic Starter Posts: 35

    RogueKillerlog.txt

    RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Song [Admin rights]
    Mode : Remove -- Date : 06/26/2013 13:21:56
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA THNSNB128GMCJ +++++
    --- User ---
    [MBR] 5d602c4232bff7fab3bb919b984d4b52
    [BSP] 6368ab6eb2d09f29dcee8be95b7cf837 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 108391 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 225058816 | Size: 12212 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_06262013_132156.txt >>
    RKreport[0]_D_06252013_140327.txt;RKreport[0]_S_06252013_133325.txt;RKreport[0]_S_06262013_131843.txt
     
  22. sblua

    sblua TS Rookie Topic Starter Posts: 35

    mbarlog

    Malwarebytes Anti-Rootkit BETA 1.06.0.1004
    www.malwarebytes.org

    Database version: v2013.06.25.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16576
    Song :: SONG-PC [administrator]

    26/6/2013 1:27:25 PM
    mbar-log-2013-06-26 (13-27-25).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 253934
    Time elapsed: 29 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    systemlog

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16618

    Java version: 1.6.0_20

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.795000 GHz
    Memory total: 6338166784, free: 3435237376

    Downloaded database version: v2013.06.25.02
    Initializing...
    ------------ Kernel report ------------
    06/25/2013 14:49:20
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\kavbootc64.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\DRIVERS\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\risdxc64.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\System32\Drivers\ATSwpWDF.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\windows\system32\drivers\kisknl.sys
    \??\C:\windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\windows\system32\drivers\KNBDrv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8005c4c060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xfffffa8005a0a050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005c4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005a09b20, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8005a0a050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6ECF545C

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 221984768

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 225058816 Numsec = 25010176
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
    Done!
    Read File: File "c:\programdata\avg2013\chjw\3a623b24623ae473.dat:d98f843e-3bce-446c-889a-99299f5e842b" is sparse (flags = 32768)
    Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
    Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_225058816_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16576

    Java version: 1.6.0_20

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.796000 GHz
    Memory total: 6338166784, free: 4090392576

    Downloaded database version: v2013.06.25.03
    Downloaded database version: v2013.06.25.04
    Downloaded database version: v2013.06.25.05
    Downloaded database version: v2013.06.25.06
    Downloaded database version: v2013.06.25.07
    Downloaded database version: v2013.06.25.08
    Downloaded database version: v2013.06.25.09
    Downloaded database version: v2013.06.25.10
    Initializing...
    ------------ Kernel report ------------
    06/26/2013 13:26:56
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\DRIVERS\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\risdxc64.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\System32\Drivers\ATSwpWDF.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8005c71060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xfffffa8005a1e050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8005c71060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005c71b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005c71060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8005a1d7c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8005a1e050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6ECF545C

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 221984768

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 225058816 Numsec = 25010176
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 128035676160 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
    Done!
    Read File: File "c:\programdata\avg2013\chjw\3a623b24623ae473.dat:d98f843e-3bce-446c-889a-99299f5e842b" is sparse (flags = 32768)
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_225058816_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
     
  23. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Good :)

    Do you change default posting font to this faded one?
    If so please don't.

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  24. sblua

    sblua TS Rookie Topic Starter Posts: 35

    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{410D31DC-FD0B-435E-8F9D-A7E888A23216}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4177F95A-D5F8-404A-9BA1-B238911B0882}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41A42B1D-D60E-4736-B15C-52E907140DB0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41BF2722-8626-4CF7-B06A-DE881CF46D76}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41C40723-F9E4-4F93-9EBF-CFA160BFCA50}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41D64682-4924-44C9-B055-EF4BA4E9B07E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41FE7CDE-0783-4705-9315-5CDF23C998AD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{422FE836-3190-48D5-8107-AEACF6E3810F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{424FE6DF-B685-4D3E-A16B-2F9232BF8809}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{429DA147-FC8E-4776-AEC3-966CF7C31251}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43A4C08B-BC97-4091-9D4B-BF2173856DC9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43BFB330-624A-41C3-A91A-0E1865091EA2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43C3B96E-A04A-4749-9D97-3EFD75D64A00}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43CCAD4D-CB63-4505-864C-AC57F532E425}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43E5C3A3-A968-4456-B42B-138AC86906A6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4413388A-9D84-4BF4-B695-B2BC406EDC5F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4414B4DE-7F07-44AB-8822-443F49D82B46}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44A69A7F-4050-469A-B0CC-4EFBEE1174C4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44B4AD2F-9111-4086-A652-1B66F7A1CD57}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44F81865-86E7-4E34-9811-F3E8314A15BB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44FAF223-F1B5-4F61-92FE-3149683A1D15}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{452E5241-95A7-4A38-87B1-68D5CD34E695}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4531167D-3D44-4161-8C2B-CE4A037A1106}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{458C3819-5A42-4B7A-862E-F73DBFF3BB67}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{459745AF-9E22-4F93-B458-FC1D4D597589}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{45DC840B-4D21-448B-BD0A-1E0C6933569D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{45F53BF9-AFCB-4C34-8613-D561C20C5DE5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46781535-0E3E-47C1-AF19-3073381C4A42}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{468A5327-623C-4930-A85D-393BB4A452FD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{470C8A99-34AB-4A2C-AB82-2347A08A4BE9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{471A9B59-777D-47D0-9F23-D63B6308CFD6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4769E53F-2D60-48FA-847C-EE51CE93BADE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4784D346-8CFE-43EF-BB0C-024431044832}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47B226B1-4C3D-4F67-BA19-445659F30168}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47B7A7D0-FCE8-4828-8CF7-BE7E5ADEA211}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48425FA3-EB9C-4E0D-8DC5-2FFF76013B71}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{484C009A-91FD-4CF6-9FFC-7011A5AF35FB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4851F76E-6912-4ABC-9655-21573DBF42F7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{485620F2-9BD4-4458-84E5-A8EBF6876FEA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{485AA030-4C86-45A8-B0E3-5FA862E41C8F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{487D970C-BF06-4CCF-8E98-98B23C903E48}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48CC7A2E-0623-4271-8149-83A6A9FC234F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4962A09D-AAC9-4C2D-B4AA-8469C1DEB611}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4982AFE2-BFDC-481E-B545-38DD40203984}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4995EF3C-D072-44B5-AEB2-94F25A9160D2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A1EFBDB-38C1-43D1-9EC2-98E512F3CE34}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A60ADD5-6FF5-44C3-A9B8-C303A65B0071}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A7E06FB-9215-4DB1-846E-7DFB7A20206C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A9F100F-4656-45B7-8334-C7DB944FB446}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4ACF09CD-66D1-4298-8FBC-CA9C881C5B72}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4AE39064-3253-4C73-8942-7813519F53F1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B0042A8-80FB-4E93-8E8F-410408B90D38}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B16E870-D8D1-458F-9C9E-E8EDE76DA4DB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B46D863-938B-4E07-AF47-241F8324C30E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BD3EFCF-34F5-4C63-841F-B1223E8DB0B3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4CBE7908-29B0-448E-83F8-F657490BC222}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4D67CEC3-FD0D-4A99-B0BC-8746419365D0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4DFF5878-974A-43A6-8725-3A52DC251994}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E0D5DBB-A932-4201-AC67-D698962E7F5D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E11663F-21BF-4363-A3E5-DAB9D42CE321}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E856A9C-A30E-48E3-9896-31ECD5A96984}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E894C4A-72B0-48F9-A4B6-EF3096E1A267}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E97E23C-CB67-4E2B-B710-CB466C132B8E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4EDE3964-79A8-4631-B719-4B1C8FC99C1A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4EE97D64-4B8E-4AB4-A5BB-88D97AD440FA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{500277E5-91FE-4E93-9BA4-962187E4BD2F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50BAC160-4C7E-4D1A-8F33-35A63902522E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50F31438-DD00-408C-AE43-923D388726D6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51318640-FDA3-4E38-B1F3-8C1D326A8239}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51558B5C-0D8C-400C-A68A-FF7EB0BDA2CB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5164C60A-1173-4932-9228-D21E62BBD9EC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5194D25E-F03D-47BA-BDEA-E992A83A39A7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{520FF38D-0BCB-4F8F-9766-E534BAB61E2B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{522A788C-9741-4D51-A0AE-14E6075A8F44}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{523C9F22-2B8A-438B-82A7-297E066986D7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52B5875F-A614-452B-BB55-B36BA767F315}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52BAC010-8ED4-44D2-BAE8-A127151C02DC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52BEE238-3509-4F73-BFF2-F7496508FA40}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52CF70FC-ACD2-4CF3-8D47-E001FE3F855D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{537996BE-4175-4F7E-B920-46FCDCAA1F02}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{539EFE93-0D6D-47A6-9A7A-9FF0F0436D2E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{542D6DCC-BF67-4621-AE1C-145306C09204}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5491CFE3-FF5B-429E-93A7-9161C7C27143}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{54CFBD02-883C-4907-887F-F0A75EF9BF3C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55629002-6954-4638-AAC1-3B726E219A51}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5587E7C7-B675-435B-9BF1-1DBF22929CAA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55A86B31-BD33-4CB5-8614-F99525F2433C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56167494-8EB6-46AD-B253-BABC0B69C78B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{563FD886-066F-4F4E-BD97-B85158154D20}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5660DE0B-E402-4B1D-914E-7F5AC07D579B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56A2B8C9-E8D0-4BE1-96AE-BB30DECB6D9F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{571482DA-950A-4EB4-9AF5-06607912F698}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5723C8CA-9C7E-4D53-8CED-8730B82860EE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{57557EBE-FC21-47F0-8CEC-B94B107F61E0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5779D145-8B68-4832-A9BE-1481E9E44262}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{57F97BC4-CE7B-4992-9B1B-5CBD6CE875D0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{582B9FD4-BA61-4029-9DB0-1A79003EE036}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{58A7D465-32D9-4EFB-BA66-FA36B037A2B9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{593F483B-5AA8-4A33-8841-CF07E64763C3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{596081E4-1973-45D1-8761-9806F9D23DDE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{59D89A23-46D0-4FC4-8C31-18DA1BF4447A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5A9045E4-111E-46BB-A6B8-5EF05A794BB6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5B4FF344-9CD7-42FA-BBE9-1E7BDAA8E9F7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BC6BC02-FA04-4DD4-B782-8B9DEE3D3E20}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BCD287B-3034-4E7D-970F-1E1878E24025}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BDFE739-EF22-4169-BF72-6FFAA46E2309}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C3C23C9-D984-43C2-9D78-DCA877BB9F2F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C5D3604-1016-4789-8806-ED5FBB081DC2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C67C30D-FEE5-4815-9888-41639918C780}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5CFCCB3E-0990-4756-98D3-50C9F12E21BC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D225562-68AA-4CAD-A58A-52AA94F16DCB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D3CD2DD-322D-4852-AD34-A94C81CAEDB7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DDB10AA-9D4E-420B-8AE9-F46D572B0C3F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F052628-E0F9-49FB-950D-A1D7104FF0E3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F092C3A-079E-44B0-9B5C-6057D88B4A1C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{602DACFF-C178-4826-836D-5145CF3E4335}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{604E50B2-65B9-4DF8-802B-91FB16BA5C68}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60588BF5-98C8-431B-80EC-760E5A5BAA14}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60BBEE7B-6BB0-4F4E-8C44-25C58250269D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60CB0D91-BE00-4451-989E-42268806E519}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60D9BCC1-5F85-4013-8D01-81D5A9864832}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60DE04B8-AFAB-442B-B02E-4F3DB7A0A5FD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{61D41AA4-71AC-4B99-92B4-4BCDF9E57E01}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{626FEE26-B10C-44FD-88C0-7EA884BB4554}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{627614F5-025D-40F6-8A70-A52FEC4F278F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{628E2954-F7FF-420F-B138-0C105BCEA9F0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63B31264-606B-4EF6-9C3A-75713F00B8BE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63B971A1-6439-47F4-8E92-3D838DA2CE8F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63BBC00E-652E-4278-AE5E-EF0F6A1CBB30}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63CB3837-9421-4A66-9779-B3342233DEB5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63CCC85D-2906-4FC6-9A11-EEB6A555850F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{647BA8CA-F081-465B-96EA-8C46502B109D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{64EACBD3-E2F2-40B8-8BD1-C12EB3D44239}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{64F69C20-433B-4D92-B5F3-6950B6273498}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{64FA6288-5E77-4B95-B02B-ADDD4DD60306}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6514A3E7-F389-412C-BC5E-84D891C4E7EF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{65651871-3323-4C4E-A23D-CF75A47AA74D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{65B21248-2073-4D9B-882D-D27EF812DEC7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{664A2672-3886-45ED-AFFB-B4F1E1D8E028}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66A14E11-D9EA-466B-A1E4-17682927ABB9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66A580B6-F3EE-4F3D-9FA4-3713FACBA46E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66DB6DEC-5622-42E7-83F0-9901CCD26E40}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6722FE77-71E3-4410-A7EE-7CA927379294}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{672B1EB6-1413-4DD0-B9AD-C8A55973F223}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{675DB893-3C61-468A-9DD5-B165760CD130}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{675F2970-31ED-4C9B-A131-16FB9E48EA55}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67874088-C5EC-48ED-BE56-25715A18C994}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{678FBDEC-73D7-448E-AAA5-25FA53BC9418}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67B93E69-3B4D-4FD8-A077-A4EA86EAEF5B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67D511B7-A189-4CC6-91F5-638EEC27B8FE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6817B6D4-05D2-48B9-813D-2B2613B2EC1C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68AD9AC4-A269-4F8A-A5D2-23337588DF10}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68F6082B-9D8C-461C-BA89-0455D7A995F6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6902A75E-3439-4721-B4F0-2AFBC479F58F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{691E8D71-6FFB-4BC6-85DF-482339AF8717}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{692C6F98-2740-464D-ADBB-F39E3B9D233F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69404CD1-24D2-4543-8715-DC7F4E5F713E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69807BD4-FC9E-4425-ADEF-3A030F217038}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{699F0B8A-4260-49FB-B892-A64974D3073E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69F14505-9F70-4B77-9116-2BAD3DE62412}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A202C2D-F907-455A-93F3-88722562F6B2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A37CE51-5AAA-4BB5-983C-B3D1D0280ABE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A6C386C-F549-4F9D-B2DC-435B77B44342}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6AE6671B-FF63-4558-A2F5-D834AFF512AC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6B7B2347-3D69-4634-A756-34CEB04BA245}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6B83E357-01F2-4ECA-9A0C-54627AEEE2A4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BADF2FD-53EF-45AA-83C9-F974D6457A6F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BB49880-1E65-4BAE-92B8-733785811404}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C748C13-30E9-46DC-AD6A-902EBA069BE4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C84D98A-9378-4A06-A169-762B30DE5A6C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C86FA01-E84E-4E1B-B289-69C4A244809B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D3C497A-0BA2-4FFB-856D-F23AC3D7096A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D7030D9-3A41-42D9-809D-E33DC7318695}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D884C8E-EBDD-4D29-A2D1-F15623603002}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E0B2A95-5FFC-422A-8F74-A0F15E28A717}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E3DB601-D5C5-4702-A110-DAB63744B508}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E6A9FCF-9945-4E26-8EB2-D1C11213AB04}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E8FFC87-D588-4622-9C06-EB2AD1044D8D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6EA51895-A41A-4839-9CB8-78D33314B020}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F752C0C-EF3A-4057-80FA-C6522A080F07}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F778F01-072D-44AF-8199-0F946295DC56}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6FB4FBF7-89FD-4BAB-A206-CC3817129802}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70135F3B-AB86-497D-8B0F-4203404E4BB7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70399A11-8AD9-4BA2-92F6-B94D7EA4D5B9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{706C337F-6B21-4B61-B4EC-A66476B04533}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{711D55E7-404D-4F66-86EA-2AA43AE17AC3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71452213-D3DA-481D-A64F-8A6E7A2689CF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71836A3D-BA1D-4F92-88FE-2E7EC3B14E8E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72977CD5-7DF4-400B-B83D-50301FB63CBB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72B460ED-F533-4921-999B-8716F580E3DE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72B99288-6320-484D-A956-B8176405C951}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72E2D536-DFA0-41E6-8F7D-3386670E99B9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{736E8E7B-337E-4F81-AF26-9C0159599745}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{73F9EE57-9C33-4D8A-B15F-DFF53683D69A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7430D84E-F8EC-4680-BAD5-D43158E80A3A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7451EE23-4060-4876-9406-5CEFDCB64E65}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74B274BF-9392-416D-96B5-4C7F3EC121B1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74B476B9-1C9E-447F-9590-69EB85DBEC7B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{752023C5-DD15-4D24-B29C-F820FABF2BB4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7531DB3C-217D-4FE6-874D-F8435AA716B3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76E6B684-60D6-4BAD-B47C-D6E458E62CC6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7729545D-0C42-42AA-BD74-40A52FB66005}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{772DD293-4D0C-4BBD-BF8E-1EE168ED3678}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7753BD56-F120-45CC-A8DB-DD75759854A5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{779E5C76-FC9E-47C4-B17E-78D4C627A838}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7820B8DF-763D-4426-B712-9E4F32A0F33E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78DDD43E-794E-4DCB-88EF-557C115ECB99}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7905A075-0FF9-44DD-B0C2-7CBFFDAB4527}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79973FB1-D3E1-444B-B766-471C26B94174}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7999A102-15C0-4BF4-B0A9-59AD8F709E30}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7A9817BF-3A20-4E17-9610-F1431CE4D38A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AD91815-E15B-455F-A39B-BB85F14CC367}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AE3C271-1786-4CE2-BC16-A00541047AC7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7B134887-842E-46A9-BA85-81417A41D001}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7B41031E-5550-4077-9722-1EB0F2276FE6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BA383C6-3300-4336-A431-600840CC75A0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BDC107A-E42E-4C9B-999D-76CC6210E42F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BE0E0C9-ED72-42BF-83E8-12122261FDEB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BECF518-6779-4EF1-A5DA-6B9DA41A5A38}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C970441-426A-4398-81D1-1E32D12A3BF8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CB46ED1-131D-47B9-A74A-156604D4F2F7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CDF7731-98DC-448D-BB11-9E811A2055C7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CE55F7B-D301-482C-B0FA-053696ED9ED3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CED98CA-619C-4992-A82C-5408C7EC0C5C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CF973FE-99A9-462F-900E-4BD1B7E21432}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D0E4845-CE83-491F-B768-5A546B61A524}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D237A5F-C317-4AC8-B5EF-27EA18ED2AB0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D24B744-02B8-4AA9-924D-92DDFFC034AB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7DBFBA73-04B7-4191-91B5-E7211BE686D6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7E7C2C3C-CC89-4316-85CC-AF42E6E3290E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7F132697-27A8-41B7-B629-5EFF34430A13}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7F1607C3-F7C4-4F44-8235-7B823A4F0E1F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FAFCC78-CDD5-48DD-8395-B1DAD21E3FD4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FF1D60A-CD47-4F60-8572-86ABAD1CAA6C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80943ADF-07A0-4AE7-AB03-711AEF7B6245}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{809CF861-2F4D-4BD8-B3FE-75F05547A19B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80DA0E24-59CE-4425-A6AD-3A5D1D1C7DC4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{811960E8-BB41-48C8-9CE9-B123ABAA1B1A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{812EB94C-4E60-4894-8530-A02DD5B9190D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81D9CCB4-2FDE-41E5-B91E-68982B44B179}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81DBAB0E-BFAC-48B4-8AEC-80806A8A16F8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82A73838-C536-4878-861E-635C3E042300}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82AAF453-0024-43F7-977A-0958AC873062}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82D1EE69-DDEE-487E-B48B-D3E6201E64B2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8316668F-1413-4F1B-B91A-858FAAEA2D5E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{838722F0-DFAC-49B4-81FC-ED0C1CE19A97}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83881203-8079-4373-9B80-CE43D09DE414}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83B1FA54-5410-479F-BB8D-F1FEB4E4539A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83C9B9FC-77C5-4A17-BD1E-A97D5E5FAB66}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{853DADC6-9D62-4F38-82C7-60B2CD6C1428}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85483BB2-4EAA-4F64-ABAE-087C8C159DA3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8565CC04-A98A-4C22-A3BF-AC2D104F512F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85830C3E-70D8-4AFE-86C6-44390C53BC31}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{858658E8-5DA0-438D-A91E-53117D57639F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86006347-A86E-4546-A3C8-BCFD6EED68FA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{865B7B95-7726-4EF7-9150-AC3F47EA7A9B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8692FBB6-5A13-4C61-80BB-C33B286451A4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{869AE12F-6170-4F50-B691-CD48F711FABE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86BF29C4-4DC9-4D07-8D4B-FDFAE9E07F29}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8734D3EA-2D62-421F-B2FE-304FDFD5189B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8773B927-6EDB-490F-AD7E-BED93AD49A4B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{879965B9-7059-4C38-82A1-5FA0E19C8767}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{87E7C42F-97F0-4F94-9C0E-85A3D91CF4D8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8855F96F-A2C8-42B6-B4AA-1711E61CE794}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89013830-F6B3-4547-BF2C-79D858C08700}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8905E126-E08E-4199-B035-C946A38D31A3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{896CA3AC-4179-4BB0-90BE-C4A4450E0F0D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{899B7CF4-AEF1-45DA-A71B-CE03891CB501}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89D8C3A9-B921-42AB-88F1-839C0F77951F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A2B8E91-DBA8-4843-957A-35CA76118206}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A3B1B4A-51C1-4A72-97C3-6B9EFC226013}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C04DA58-029E-4FB1-8C6C-B364BFF4A02F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C1EA12B-DA2C-438C-8317-73D60E74A787}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C65B8B1-756B-476F-AFEB-AA8F20233982}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C9CE94D-F094-465F-AEAC-467E4EA6AA5B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C9DD30D-5C24-40D2-B03F-1BB59FB19648}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C9FE872-A792-447A-AC23-58EAAFD938E2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8CBB25FD-701A-4FAB-A509-49C81D1453C4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D0E7DC7-B625-442C-B06C-43F81453A7BD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D42FF0D-6511-46BD-9589-3DE977DBC293}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D64890D-7842-4533-BBE7-F2383D7128D5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D6C9AA5-DB5F-49D5-8E93-DF715B71B40B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8DE058E0-9422-42D8-92D4-2F3ED7C18544}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E15CD51-AB32-4271-B382-E8ED7E6027F0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E297869-C15E-4766-8B1E-E36A0CE647C3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E508521-631E-4D62-B2D5-2A57D80CF3BE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E939C2B-2720-4635-9B05-8D347D466221}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8EF0AD4C-35BF-4763-9444-C565D3269D32}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F38D577-BF21-4B11-BC57-956F14A98F16}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F4EC1E8-F747-444C-BEC8-2A7115C8AC29}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F5AADA7-9D5C-41BE-ADB4-4531BC8FBE0B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F5B1FC6-7BC0-45ED-91AD-C3939232240B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F69B186-D912-4C87-BC0A-8CE35A3E7C7F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F91E048-AAC7-46D0-89B3-D64003FF6ACF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8FEC581D-098F-438E-8829-7026B1EA3273}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8FEE2EA5-5569-4C1F-BC60-B357F61F8294}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{902EB305-792F-4F11-A229-2F61A9511379}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{905592E8-3C73-447B-B664-61B5955225BB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9065BBFA-D5C9-4D69-8CFF-651856EFE278}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9071E361-0191-4152-93A9-9CE8BF062B19}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90993F59-A76C-45D5-8617-3708DAE6A9C6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90D2A56A-FF38-40C2-8596-478B6EA11440}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90E29ACC-0CBF-450B-90DD-5A70DFC163E2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90EA6AD5-091A-4986-9115-171D05CCAF16}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{914881F1-83B9-4732-8648-C9B7C8113C1A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9156643A-E84A-4AC7-9671-72D5F1B1DC12}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9169B3B7-4819-4109-9CE2-79681B44BE92}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{91E6413C-5612-4391-B28E-CD4B1DA9001B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{924E3036-B3FD-4C03-A0DD-B82253952A1F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{929F69E3-B770-4704-8758-B5E72176B285}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{92C12F13-12E5-431F-AE5B-83D866D4478B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{936F5369-954A-4208-B3D7-D368F4D08C03}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93B99B5E-FF9A-4684-88BA-9C326BBB8B0B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93BC9202-2E7B-479F-B769-3D9BFE881EE7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93E151D1-0F42-423C-8A70-A33D6BB1950A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93F752DD-2749-4743-B986-CECBE97E479A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{944EB286-222D-40DC-83AF-D8592CD74974}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9483365B-B144-4AF6-BED9-F2817E9DAA20}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94F1E2DE-D47D-4B45-A0BC-F38D1DA3330D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9500B74A-7628-434E-9CF6-345F43C75D5A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9529C0BF-EE28-4338-AFFA-BE5B476EBC9B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{95365CA4-7F6F-4441-8D8A-7557C42D38A9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{953F2D2D-95C4-4273-B0D6-EB3293397AF1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{95CC88F7-C6BD-43FF-B891-E1DFA5F0EA4E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{962C4B12-8CB7-493C-A532-30D693431D34}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{963F1F75-A1E4-4CEB-93DB-B8F5B0D24935}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96ABB3D4-F461-48FF-9C71-87AD02F45656}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96C4EE73-237F-4E83-BE42-B4419587E609}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96CF0334-8D60-4F02-8D8E-D26AA8EE2FF3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9745177B-D924-4E40-95C3-27D51D878567}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{977EB46E-5445-49D4-A5EC-7EDBC15FD558}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{978B5E0C-C583-48E9-8A0E-FFAB56952202}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97E31A96-BA4F-4C91-9201-FC7814A0EA7F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97ECA453-ED1F-4538-8E9F-7682DA61A42D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9870F827-BC22-4148-BF7F-47E98FE77F7A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98874B6E-051B-4C7D-AA9A-FE9FB978B7D5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98A58561-77FA-4C3E-878E-23456BD95F16}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98B04AA7-C13E-4146-B357-810FBF7E8EB4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98EAC7F5-357F-42E8-A6A2-384A0644DC5B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98EDBE03-EA84-43B7-B1BD-D7FACC77CAE9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{990BCB48-2052-47C6-A7FF-7090972F343D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{991024FF-915C-4153-8D11-104D0F19CBF3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9930888B-0887-406E-A596-F2B23916E99D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99944F2E-09FF-4959-B04F-2CDA17F9E47B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99A46875-59D9-4036-8F5C-BFA65193268E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99C83BD5-DBC5-4BEE-9956-8C0749F44A62}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A1EB5F0-2DA5-46C8-AA6D-D76470208952}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A30FFF6-C859-42D0-94D4-2B343032673E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A6A2B82-DC63-4EDF-8573-5F7790E81DD3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A808596-E007-4965-94DB-69F17BB590BA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B05B809-FC07-40A2-9DA5-98FA94FCBABD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B36DF3E-EC03-43E1-9688-4C307A652471}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B3E51AF-ABD7-47DC-AD40-E25945642BCA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B570D62-CB3D-4F75-BC01-E98607FECC25}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9BB528CA-6F3F-4BC0-892D-A7CDDC94AA68}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C169212-CCF5-4387-AA3B-149CF29F8CA6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C3C9D94-4BC4-4DD7-B160-82FB7039F355}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C56BA0E-2DC0-40BB-8035-99D99CE5685A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C9D995D-B78D-497D-824A-818A823B4012}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D568633-D351-42C5-A241-1B24A2A00100}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9DD7A7C0-BEE0-4E7B-8B86-AF2D99E9F273}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9EA0B1ED-3D0B-4AD6-8D8D-EA7FBA8B9DEE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9EF7C879-4D42-42F5-A546-F36190889F49}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F0158DB-AF3A-4A3A-AE82-FCBC1B8908F1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F1DED36-557D-4A87-864F-F5FF9330238D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F7190A2-91E3-42C8-9F35-D25E2BD0D02C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F8199F7-8604-4406-9B29-898A67F74093}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A04518E4-F199-48C2-9C5F-917EF0EAC7BB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0972F20-5DEA-4CC2-A52D-EFB046CC6A0E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0B273C7-0EAE-4677-86FF-C1F38A17ACC8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A113AD91-361F-45F0-84D6-4CE403CEC5DF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1542865-F7E0-4980-890D-6AC9BA1B5950}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1DC6F8D-0F52-4694-9DCB-9117F09B41DF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1E95945-E229-4357-B2C8-EF90A35993EB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A22157B7-6D6F-49D8-B98D-373DC21FC653}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A221A583-3C3C-4810-A435-A51CC9B92F11}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A2D50D6F-F05A-442A-BAA7-04E01023BFB6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A2EED023-0F30-4B40-BA33-ADF55FB7FA43}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A317B3B6-90F6-4FA7-9263-EE4087C77C88}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3B037E2-934D-469D-95B6-4DD2ED362E8A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3F5369F-C3AE-42C5-971B-3181CB6F43D0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A41BE52A-DF6E-443D-9EED-62883D5A4FF7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A433278C-16AD-4CEE-9EF7-B676E5B3B198}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A4F5B0A0-1FB0-438A-B8A2-E726424606C8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A543BD04-D4A7-4DCD-8B06-973E1A3157D5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A56E2240-C4BF-4585-8F01-C3F4FAE29293}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5D21ABD-1F09-49DF-8A62-8B069A4B395A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5EBB1E4-6DDD-4126-8466-6EE4ED1F2C56}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A692AD0C-8E74-4C6C-BB52-9609507EE93E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6D5734F-F05E-489B-8C58-7C6C8A77BD49}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A71F02D9-5DA9-4CB3-8F8E-ABDD2F579F69}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A730BE44-86E5-43A5-8168-55D04155B638}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A739BE6A-695C-44D2-B7CD-913A21F64A38}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A767B3E2-1D8C-4B15-BACB-20FFCB26A49A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A7BED193-5ED7-49EC-9DFD-86CD7DD0D281}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A82F7841-721E-4D12-BBAA-2F711696577F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8467E42-935B-4626-9C22-8AED0E54EAFD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A85F47D7-FD22-4C3B-93C7-1C7BABD63BAA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8A40E76-6FC3-4C02-BA65-66D7C768D3BB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8AA4BC0-A355-4AD0-9AAD-91D990965A64}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8CA5E23-180F-4B82-9548-0AB322341843}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A92C59CB-13E3-4550-A665-F55468EBA6F2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A96B237A-F37C-4CF6-9D84-2E9A20B3944F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A997C89F-50D2-4174-8614-AEAB229EDC35}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9AA76A0-50B8-40DA-B3F7-3B1C2249D6EE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9D7681C-B394-41FF-96D4-D1B92326BB1A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AB4EDBCA-4F82-470F-8335-0FD5086926C9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABA3104C-C273-4FD0-A2CE-2FB845950664}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCEBD75-F97D-4EA4-903B-44A45C843E9F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCF52C2-82FF-454A-A374-A01B01395DE0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABF3F579-6343-4A87-B90A-40A30E922D4F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AC5AEF36-D02F-4AFA-860A-BC7BCB6284D6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ACF1A9F2-25B5-42A1-8C62-E993DEDEDC2E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD2CB856-ED0C-431A-980B-778651DF0423}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD368C69-645C-421E-B790-F007467F0582}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ADC1404D-AFAE-44CB-94EF-94FF31CEDE72}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AE3DDA7D-15E5-4982-8062-5766D256D5CF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AEC8B7B3-8966-44AC-A5DF-AB8D74BBFF74}.xps
     
  25. sblua

    sblua TS Rookie Topic Starter Posts: 35

    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B085BE65-D11A-4B30-826A-1F1A36991D0E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B08D115F-0293-4866-8E53-2C68655085BC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B09662D9-48FD-4BC4-83CB-178807AF9BC4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0D2BD78-35FA-473E-9DFD-A27CE66F91F8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0D466E5-5F54-4F9A-85C9-8E52B916571A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B16CDA4B-5E7A-49A1-8F97-383AB8412EFA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B176930E-3DDC-4180-9BB2-0F548D1BC562}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B18A0ABD-30E6-4CBC-AF95-8A732DBDE07E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1E12554-BF9F-4907-925F-17505271081B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1F66F37-E224-4D15-8FE5-1C56F9FE6F07}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1FEB6B2-2297-4394-889F-C241A63B772F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B23CCD4F-729E-4E60-B2A3-FA4D14BCDF00}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2477759-7A50-4980-B318-2740E8F60FD9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2B5B95A-26CE-4D8C-9B0A-B0902A2B1A06}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2EE6EF1-60B6-4CA1-8BA6-BF2BA5835B1B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B3431E48-CB4E-46B1-A070-6575EA0FCB03}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4131E5A-B2BF-4D32-9F3B-AF22526A0F35}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B44A1DE8-10DF-4728-88FC-E1E1A4F008E4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4A9A400-F31F-4E1A-AC84-0FCCA6DB41EB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4B8DCEB-00B0-4556-972E-71F726B55F4D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4EB5259-2D56-4D60-A82E-1F66F6CBD1BE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B52D5D3F-2896-4C83-907C-3A1F0207BF64}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B59480F4-D459-467A-AC9B-5F014E15BCDD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5ABF7AB-B80E-4257-99E3-7B8CEF9A21FB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5ADAF9B-CDB3-4676-A546-3CE861DDBCC2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5B1197F-425E-4BFB-A65D-43A7E883B1BC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B6308CC6-78C7-4FFE-B1DE-AA664652C503}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B63E3319-441E-4AD1-9CEF-9282B9BF600E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B6DA38D3-94B1-43E3-BFC4-B126180652BE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B70F193A-AD0F-4B2E-8276-23F4BCA1BF95}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7468A67-CB2F-4145-B5D6-9088F04A3ED1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B75FFD87-0252-4262-87E4-79F0BD810525}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B765B643-1419-4991-A3E9-E6BB2DF09376}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7696E27-814D-4213-AD8D-15BCC3D547B3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B76FD741-28B6-413A-A96A-E6A7E4DDBF72}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B772D4B5-86FF-41F9-9C1C-84C80A8AD073}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7E74E79-D5D6-4809-9E62-95048D05F2C4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B85E7842-1673-4472-AD98-F9C74472383F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B8660436-6E42-4081-B335-70C691AC3AD8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B897186B-43BB-490B-8CD5-7620BF368655}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B922E5BF-9C84-43E7-A748-32DC5E435639}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9A46A11-BF33-43DD-91BF-930F7CD2C31D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9C24401-1CA8-4D83-AA51-78845B75ABCA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BA78F986-1A0A-4706-A4E9-2E9EF0D9FD80}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BADA152B-8DD7-4144-B5BE-8E2431FFEBC4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BB1ECA6D-07BD-496C-BAD4-B42E378EAA5E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BBE14BF0-23DB-47B4-83FD-69B6724CD55D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BBE9C382-B34F-4746-8097-B8437CDFB05D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BCBD10D9-4DC9-4729-8CE3-BC5BFC31A189}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE2A0E63-6F78-4EF8-B2AA-CF809E17A159}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE59AD1F-C46A-4DC7-B75F-2AB8EACB0892}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE65B74E-9DC8-4191-8756-97934FFA5604}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE881ECC-CED5-478C-A7F7-D81260DB937C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE8FFFB6-491C-4D5A-BFF6-F2B696B15568}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF25FC99-69F9-4C7B-9559-9AB96C9E65B7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF585512-5031-4D26-90CD-F67B38589B9E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF6B0FA9-ADDE-4978-8855-A5F8F508E9F5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BFEEF437-788D-4B58-893E-684B85206FE5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0184633-DB4F-45B2-9829-C0BE32F0679F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C03C6F0C-6F7A-4567-9AE4-12B00746110B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1416027-72B8-421D-9299-98F2A6C3C2CD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1740B57-4490-4582-80E3-4A78F9F77141}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1E0588E-8067-4184-9DE5-8A1C2CA84785}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C27B083E-0252-482B-B9C5-34CE5EFD8136}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3003568-C28E-4877-8D8B-39A8FCEE8241}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C31AE69F-57A0-48EF-BBD8-05773F46C7F1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C33FDA39-A38A-40A1-87EF-83976D497DF8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C365B709-2B2F-4FEB-97F3-E4A8CC4A92F2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C38ADAAE-D540-4B94-A86C-234EE8F19929}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C40255DC-FA8A-46C4-B87C-43828FB99F86}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4393CFC-D1D0-4ABA-B417-FA0B10E7668E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C461E84A-F06C-4E44-AFD8-3C2D54940E1A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4B54E2B-1372-48A3-8BF6-016A417F2522}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C51971F3-6076-4A2C-8494-83DD3066AAB0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C53A591A-B451-4B49-9909-7F133368AAD8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C59E6ED1-8781-4ADC-91D9-DC18CBACF3CA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5EB173F-88E8-4834-9F3D-6318B75D6DD1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5F69F71-F218-4AC6-BCF2-8F7054543FC8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C6FFC68E-1AFC-4045-BCE8-7D05FDC6C01B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7CE24AD-500D-4D36-84DD-7AE3D6323A39}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8179034-6D36-4C20-A51B-B54CCC84A732}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8304169-B41C-41ED-B4F0-5A41E3181D47}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C890CBD7-0618-4132-94E7-92AF3DED4D91}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C93B2435-8AF4-44D2-8A47-5E79B98C96DC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C9531CCC-5D3D-4293-9AA4-130F33610A36}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA1BF045-383F-41C6-9323-A3B424B4B34D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA3CE990-BF31-4543-B19E-A7ED601945B2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA5B2A17-E97B-4C2D-BCDB-0FC97DF2CA41}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA7D697F-D1FD-4E23-94F0-A5A1EA201DE2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA95CC27-6D63-4FDC-91AD-3B5B86A7721C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA9A0D7C-2886-4178-8D70-C0935B23497F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CADBD649-0623-4A32-ACA6-660A1B7FA736}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB03EF15-F66A-432C-9175-AFDCCC36159A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB272DD3-EFE5-4D32-A74D-FE20019BAC16}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB3CCC66-603B-4961-B159-224FAAE83F5F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB3F75A5-4842-4983-875D-AE1BEEF17B84}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB54CF8A-7CDC-405C-95E9-99739265D8DB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CBE05DBF-86E7-4186-9B75-C5286710A7C2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC40770C-0BDA-45A9-B7EF-B13130A81035}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC4B8278-DBF0-4648-93CD-6CA166082AEF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC9AEE96-10C5-40C4-BFD2-142B324DDDF7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CCD18860-6295-46BA-9B32-F4E652DFDCBD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD66E4B8-FA45-4584-82FC-7837A5C8E3E8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD80943B-3018-47B7-8936-ED6EF43CB27F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD9C89E0-B982-411C-8F4B-822A2537B2FA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CDBFA341-AF80-4987-B984-91261E3F0C0C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CEAA851C-2EBF-4E33-AC1A-C55D4ADADA86}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CF4F2E42-486D-4B6F-AF3D-A4C1B1CFF4EE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CF63D0A0-C71E-4EFD-9DB2-0D473C180947}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D008073E-70AE-4BC5-BF13-DBB930936FB8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D00DBCE8-E708-472C-A98B-38A0AF1EE6EC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D05D8557-BE8D-4EA1-B0B9-2D72F7451ECC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D08B38B4-113C-46A6-81F4-3198E87E9578}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D0E8099A-644D-47B7-A461-4BF65BD56278}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1127ADE-6F21-4DEB-8016-1029F5CDBC74}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1143CD8-2D1F-440A-9921-1591CFC7F772}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D14EA381-D303-4682-A934-764533046F1D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D169172E-9FC8-4B36-AB94-AF438E6C15A8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1A71509-D892-49F9-83EF-07ED17F03A25}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1BB8299-2E99-46B3-84B5-69BBA06011D5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1EB3F41-8E83-4639-A7B1-63DDCCA89C35}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D20E8738-7956-473C-8F53-1059B9F1632C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D21BF755-09EC-4F76-B597-B52F44B5E196}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D234AC21-37C4-46A5-B3ED-A35772E3556C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D244A402-7082-4E07-A2DE-2D03A6BB18DD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D255AF9A-DD8B-4BA9-BBD2-E4D76A77C636}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D280C04E-6452-4BA7-AF16-60F8BE6E4CCE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D29F6E87-19D5-4FE8-A784-2A9C9565CA29}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D2DCFD0B-A8B5-4145-82A1-1777E0AB1419}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D31914BC-399A-4AEF-9114-4F9A0BDAF6E2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D35F3606-58F9-4EA4-834A-7339061C784F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3800DB2-1A7D-46D4-AEB7-DE9993FE5EAB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3A61967-D46D-45A8-A89C-116DD0B0E0D2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3DF8ED1-B2CE-46B2-82C8-4577436FC543}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4149EFB-F91D-4454-93E6-B72FF628A98A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4389300-DB13-4768-810D-ACE2830ECCB4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D45AC82C-4510-43CC-A343-68E3708175C8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D49A03DD-0349-4194-8EF9-6941E3324B3E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D49F673D-0942-4DDB-B9FD-2618ECB066F0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4CDEA09-9DAF-4AA5-9A8D-354A6013D5BE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4D64CDA-80AC-4D0D-B9A9-0F93FD259410}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4E5AA72-E67A-4200-ADB1-1F663B564302}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D531537C-EEF8-4EC9-AE31-A234A83E4666}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D58659E7-760F-49F6-B07A-372B3096A37E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5A7EC4B-ECC1-4F2A-A1A2-6D824140A14A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5B244A4-4438-4FFF-B1C1-381AD7CAE554}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5F156A9-A81D-427B-9C9B-C89ECC7F4338}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D6539C4D-36B9-4204-95F3-C6DF53CAAF50}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D676D5B1-F81B-4ADA-B524-7FC48335DFF9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D68C3DA5-2C54-49A4-B875-ACB85B1A43E3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D77CF1F2-E603-45B2-ABF5-794568C5E1C4}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D79D126A-5F50-420A-BC28-D5937081E17B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7A1C1A1-C8F0-4A61-88EB-ABCF36365D39}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA073A60-0984-4B09-9E1C-09A903B91CE1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA73B9EA-7A7E-49CE-8150-327C2373B22F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA80204B-5D91-4B6D-9951-A9D8DBE2F2C3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DAF5BDEB-8C24-4BA0-B44E-C4CA50A603C1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB1253A2-8424-4849-B6D6-7364E2070A87}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB1F419B-D3E6-4D4E-9348-7D25A33E64AD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB2ACB45-2BD0-42B6-9F7B-983D3DBCA838}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB52DA9B-2D58-4211-8F67-1779D615E132}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB827295-C3DA-4A39-927E-54A23772500E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC0178D4-F29E-4A4A-BC7B-9FEF9CBCD4C3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC1C91C1-2FCA-4A6B-996A-C4BEC61238A2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DCF8FF7C-04BF-48A3-B797-917D75A364AD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DD696B67-EAB4-4509-84B0-AA2197C62A3A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DD85E1DE-C500-454B-BBFE-5D4DB606D4B2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DDCC1858-EEAF-4532-BB8D-0321B608CC2D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE47F65F-47E6-4B66-A029-4F484B864709}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE5BFAB4-CA53-49FF-A32E-1B41599C8F02}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE8A88BC-9CC4-4CCA-A76C-398F3DAF7D64}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DEB111F9-CBC0-4AB4-A851-16FD9B3B9BE0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF0CEFC2-C27C-4D53-88BC-3A5FC535F351}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF16ECA5-E01E-44EA-AC86-10D07DE26D5B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF7508FA-5946-41C3-B034-5C3B2BF6BDA6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF8FD561-5D59-42EA-AB2E-58490EA496C3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFA4DD51-6393-4187-94D6-DE68F1ED1E53}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFD50454-6AE3-4BC6-A659-04B885115059}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFFA48AC-10BE-4DE9-B0FC-CC834C4FF927}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E00A6D70-3488-4D78-8CF2-CB4182CA06BA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E06064DC-3DFD-4FF6-B960-FF892703C332}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E06DC2BF-3AB9-4454-8876-470446AF09FD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E08880D3-F9FB-4786-9A13-98F24D743434}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E09020C3-30DF-4519-8550-486322C1F121}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E090230B-1C73-445E-992A-53D26B917051}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E0B44FBD-7E53-41DB-9095-AD266197E1E1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E12A590C-C402-4A93-8A4A-25B7BECB2BA9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E1615499-2198-47EA-803B-7937260E3EFB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E166592B-CA05-4A57-834F-F01FD25E2DC8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E1FBAFA5-B2A4-444C-95DF-C9BAA8587134}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E229F694-8726-4707-A28B-D5A8E6B56BAA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E24E7C2C-605B-4382-B1A7-42F207C93BCF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2722994-1672-436E-AAD7-D36596277022}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2805B74-C4E0-40A9-BF87-B60DE0AE935A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E323E0E0-8A69-492D-A998-7C1A538FF7E6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E37530FC-FCA3-48DE-8B4B-71A6849514D9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4980509-627E-43B6-B810-641BBC40D11D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4C7A1F3-3A95-465A-AF5A-E28F826D97FD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4F42AA4-DC6A-4D03-83EC-B9BDDB26C3DF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E52C48FE-6C92-493E-BA9F-50F2CBB2CB3F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E5B50EA5-02ED-4230-ADC9-486692798CE1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E5CECF0C-0C99-4250-9AE6-1B1389B7E914}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6D04D9E-AFF3-413D-8CBD-ABE205F474F1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6DB2352-C293-4D65-AF4C-68046C59FA38}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E700FC4F-A4EF-4B62-A7DF-55F98BB889AC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E78B44EA-960C-4A16-B19D-36AA68F26AC9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8269E43-ED1B-4A88-8DD8-DF0D65E2393E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9280179-D603-4E61-9AA2-EAF0793077A7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9A909DA-C827-4D68-9C5B-AEC53F8732F2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9CF9696-296D-4B02-972B-D7EEE85085C5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9EFF83C-E3F6-4EEC-92B9-43B69F02245B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA74A261-D892-443D-B353-EF0C3897E922}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA8F71A2-0B0D-4160-9B57-A894836112C2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB9B71E1-F5AC-4D46-879C-C10E0F342739}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBD391B6-63B3-4F62-BB38-617C9AA9E319}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC170E64-682B-414B-9DFD-F72E182E717E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC1F16EF-0189-4405-808D-0AFB12DEAEEF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC2A9E8F-1C8C-40E2-A96F-4F6577D17BF1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC2DF43F-750D-495A-9540-C3A4836A0276}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC38D255-76E6-47C8-BD68-EF1CD7579A40}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EDC8338D-508E-423D-B42F-6EAA4F9C779C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EDCFDA27-CC8E-4F7F-AA67-9F2EEAAA3996}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EDE92AE5-9962-457E-82F2-30B19CB69C56}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEA730C7-4741-4FF9-A946-D056F3556BF0}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEAFB2C3-BA31-480C-BEE8-5D49473BA8DF}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEC854C5-97BC-461E-B638-D28B7076BA75}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF0B8609-2D43-472F-8A84-182596DB5381}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF4906E5-4DB8-4C25-95AC-00CAD746354F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF4FD342-E616-4789-9536-80E06D59D3BC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF78D5F5-BB01-45ED-851D-AF587F0DB641}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF86EEBB-7C36-4AB5-A4D0-85CDC54531EE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F018BAFF-48F6-46CE-87A8-D7BB978B3754}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F02594C1-8BE2-4AEF-B7C1-D7A62E10BC7E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F055DBBF-8342-4A57-A885-697FA0FEE28D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F0CBEFAC-8DAF-4EF4-8152-8F7D8669E188}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F10E628A-211F-40AF-84CB-3B7BA5158E98}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F15F362D-B718-48CE-82FB-B5C3DD51DEC8}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F163D76D-8F12-493E-8ADD-63B66A58E57C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1C27B13-91A9-490C-B071-0B52CF9386E9}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1CCD26D-715B-442B-97F8-27CA65ED1556}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1F9C58D-CCC3-4996-8836-587C92F9E905}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F242C813-A831-4F80-9583-E4643C7C8D64}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F2553473-17A9-4193-8FBD-B7FEFB2A6C9B}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F27E558B-940E-4826-9CF6-A0CC97D3E33F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F2E8C84A-34C4-459C-9BCD-3F551BB5AB35}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F352552B-DCF5-48DE-A570-D753518AF965}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F3829602-BDEA-4EA7-83AA-8EF23661FAEB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F39AB4A5-0929-4A3E-BBEA-40C4AB09243E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F41594BE-C256-4F14-BE91-DB096DB7A4D3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F457A7AC-FB1D-4110-88F6-2A841AA93A38}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F4A35D43-CEF8-42DC-9E7A-C12A69E3EAF5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F4F6F937-3057-462B-B643-6B791DBFFFA3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F572ABC9-0A07-4B7E-8F36-CA12EAC82053}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F57F71C1-877B-4B8A-863E-9A735627FFD5}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F58CF17B-429D-4C53-B504-8FA21CA3C740}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F5B77B71-8D50-4FE5-A917-AF337DC04E54}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F62D48FD-E945-45ED-BBAC-7C65381F0C87}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F6FE4D6B-3809-4352-9168-6AAE41935B9A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F74260C1-E3B3-45D2-840C-C75A051E4C52}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F7578005-1823-4D50-A38E-603B58EA3725}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F7AF0C6E-E353-4A77-B930-C144DACD05FD}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F80E71F7-0E33-4496-A113-49F56DC2D40A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F83575B3-BAF0-423F-BA5B-688BD7B753A7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F85401CD-CBD1-4580-9CCE-D8A5C6F31EF1}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F8C8F385-477C-4A18-B98C-D04BC043018F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F8EC674F-EF3A-44D3-B01E-8EE05DC741B7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F908B87B-16DA-4D61-910B-2F2292351172}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F9A3C5F5-AABC-4327-93FA-8BBE95E6256C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA0B4B1B-D132-4E4C-838D-846376493D5C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FABA40F2-5D56-4DF2-AB0E-C2E54E8C81A3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FACF30EE-C4FF-455F-81A4-3553D80886E3}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB096669-CBE2-4CC7-BB62-9A2DE09AB0FA}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB1BA07B-00B3-45A9-9679-DA55061E1522}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB306AC2-0B2B-4355-B626-FA05980E8056}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB37B024-78FB-46FB-BB5E-BE964554691E}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB86DFB0-928A-434F-84FA-B2336AE9759F}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBC0851F-8997-409B-92A9-1914B6B60EFC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBDEC500-F85C-4C72-B97D-6936EF4CEEEB}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC019083-6643-4533-A4E5-F356B2917709}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC0E326C-D7A9-42BC-A772-92B2973FEA30}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC56113C-F2F4-4B42-AA94-1E50A652090D}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC6B1CA9-5B55-4012-818B-7CECAAF7AEAC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCC891F6-92B8-4237-A355-C6367747B530}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCF35593-6BE6-4575-8422-AEB12BB84984}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCF9DC07-B562-4756-864B-16FE9002E641}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD1E167D-BFDE-4A0E-B6D6-3D7D4CBBAEBC}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD7C848A-2F75-4EDD-8A92-FB1D640AE421}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDC5ECC1-A276-4BAC-815E-00D514121BF7}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDD2DBE3-07E9-4EE9-ABB6-2C9862710E3C}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDFB9DC4-E3F4-42CC-BB36-E71222BA7DFE}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE2741F9-ADA9-4EE4-BE59-9EF7DBCF47B2}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE4BD00B-4AE3-4384-9D62-E33844214994}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE7147EE-7836-47E3-AF59-14A50B994574}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FEA326A2-312C-4B06-9FA4-6617133558C6}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FEC4AF27-0517-40F6-9EED-F02B0A2AB98A}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FF41457F-3FA6-4C80-AB1A-F8771DD79C38}.xps
    c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FF75422D-DADC-4175-8811-93C16E29C697}.xps
    c:\windows\KwYlx.dat
    .
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.