"generic32.CEMU" "win64/patched.A" "generic31.ZCS" "generic29.ANPX" "generic15.CGSY" the lists go on

Solved
By sblua
Jun 25, 2013
  1. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    .
    ((((((((((((((((((((((((( 2013-05-27 至 2013-06-27 的新的档案 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-27 08:58 . 2013-06-27 08:58--------d-----w-c:\users\Default\AppData\Local\temp
    2013-06-27 04:12 . 2013-06-27 04:12--------d-----w-c:\users\Song\AppData\Roaming\AVG2013
    2013-06-26 19:29 . 2013-06-26 19:29--------d-----w-C:\FRST
    2013-06-26 05:26 . 2013-06-26 05:57--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-25 07:04 . 2013-06-25 07:04--------d-----w-c:\programdata\KSafeCommon
    2013-06-25 06:03 . 2009-07-14 01:39328704----a-w-c:\windows\system32\services.exe
    2013-06-24 13:56 . 2013-06-24 13:5690936----a-w-c:\windows\system32\drivers\KNBDrv64.sys
    2013-06-24 13:56 . 2013-06-24 13:5690936----a-w-c:\windows\system32\drivers\knbdrv.sys
    2013-06-24 13:55 . 2013-06-24 13:55--------d-----w-c:\users\Song\AppData\Local\liebao
    2013-06-24 11:33 . 2012-06-17 14:181202688----a-w-c:\windows\system32\ac3filter64.acm
    2013-06-24 11:33 . 2012-06-17 14:10965120----a-w-c:\windows\SysWow64\ac3filter.acm
    2013-06-24 11:33 . 2013-06-25 03:23--------d-----w-c:\program files (x86)\AC3Filter
    2013-06-24 11:31 . 2013-06-24 11:31--------d-----w-c:\programdata\KRSHistory
    2013-06-24 11:26 . 2012-06-09 17:21206336----a-w-c:\windows\system32\unrar64.dll
    2013-06-24 11:26 . 2011-12-07 17:37148992----a-w-c:\windows\system32\lagarith.dll
    2013-06-24 11:26 . 2013-06-21 18:00127488----a-w-c:\windows\system32\ff_vfw.dll
    2013-06-24 11:26 . 2013-06-25 03:23--------d-----w-c:\program files\K-Lite Codec Pack x64
    2013-06-24 10:53 . 2013-06-24 10:53--------d-----w-c:\users\Song\AppData\Roaming\Media Player Classic
    2013-06-24 10:52 . 2013-06-25 03:23--------d-----w-c:\program files (x86)\MPC-HC
    2013-06-24 10:46 . 2013-06-24 10:46225280----a-w-c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
    2013-06-24 10:45 . 2013-06-25 03:23--------d-----w-c:\program files (x86)\x264 Video Codec
    2013-06-24 09:29 . 2013-06-25 03:23--------d-----w-c:\program files (x86)\eymd
    2013-06-24 09:20 . 2013-06-24 09:23--------d-----w-c:\program files (x86)\TornTV.com
    2013-06-24 09:18 . 2013-06-25 03:23--------d-----w-c:\program files (x86)\7-Zip
    2013-06-18 08:46 . 2013-06-18 08:46--------d-----w-c:\users\Song\AppData\Roaming\RealNetworks
    2013-06-18 08:45 . 2013-06-18 08:45--------d-----w-c:\program files (x86)\RealNetworks
    2013-06-18 08:45 . 2013-06-18 08:45--------d-----w-c:\programdata\RealNetworks
    2013-06-18 08:44 . 2013-06-18 08:44--------d-----w-c:\program files (x86)\Common Files\xing shared
    2013-06-18 08:44 . 2013-06-18 08:44153736----a-w-c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2013-06-18 08:44 . 2013-06-18 08:44124504----a-w-c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    2013-06-17 14:01 . 2013-06-25 03:23--------d-----w-c:\users\Song\AppData\Roaming\GRETECH
    2013-06-17 14:00 . 2013-06-17 14:00--------d-----w-c:\program files (x86)\GRETECH
    2013-06-14 07:27 . 2013-06-14 07:27--------d-----w-c:\windows\WindowsMobile
    2013-06-13 03:36 . 2013-05-17 01:251767936----a-w-c:\windows\SysWow64\wininet.dll
    2013-06-13 03:36 . 2013-05-17 00:592241024----a-w-c:\windows\system32\wininet.dll
    2013-06-12 15:43 . 2013-05-08 06:391910632----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-06-12 15:28 . 2013-04-26 05:51751104----a-w-c:\windows\system32\win32spl.dll
    2013-06-12 15:28 . 2013-04-26 04:55492544----a-w-c:\windows\SysWow64\win32spl.dll
    2013-06-12 15:27 . 2013-05-10 05:4930720----a-w-c:\windows\system32\cryptdlg.dll
    2013-06-12 15:27 . 2013-05-10 03:2024576----a-w-c:\windows\SysWow64\cryptdlg.dll
    2013-06-12 15:27 . 2013-04-17 06:241424384----a-w-c:\windows\system32\WindowsCodecs.dll
    2013-06-12 15:27 . 2013-04-17 07:021230336----a-w-c:\windows\SysWow64\WindowsCodecs.dll
    2013-06-12 15:26 . 2013-05-13 05:51184320----a-w-c:\windows\system32\cryptsvc.dll
    2013-06-12 15:26 . 2013-05-13 05:511464320----a-w-c:\windows\system32\crypt32.dll
    2013-06-12 15:26 . 2013-05-13 05:51139776----a-w-c:\windows\system32\cryptnet.dll
    2013-06-12 15:26 . 2013-05-13 05:5052224----a-w-c:\windows\system32\certenc.dll
    2013-06-12 15:26 . 2013-05-13 04:45140288----a-w-c:\windows\SysWow64\cryptsvc.dll
    2013-06-12 15:26 . 2013-05-13 04:451160192----a-w-c:\windows\SysWow64\crypt32.dll
    2013-06-12 15:26 . 2013-05-13 04:45103936----a-w-c:\windows\SysWow64\cryptnet.dll
    2013-06-12 15:26 . 2013-05-13 03:431192448----a-w-c:\windows\system32\certutil.exe
    2013-06-12 15:26 . 2013-05-13 03:08903168----a-w-c:\windows\SysWow64\certutil.exe
    2013-06-12 15:26 . 2013-05-13 03:0843008----a-w-c:\windows\SysWow64\certenc.dll
    2013-06-12 15:19 . 2013-04-25 23:301505280----a-w-c:\windows\SysWow64\d3d11.dll
    2013-06-12 15:19 . 2013-03-31 22:521887232----a-w-c:\windows\system32\d3d11.dll
    2013-06-10 06:46 . 2013-06-10 06:46--------d-----w-c:\users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
    2013-06-10 06:43 . 2013-06-10 06:44--------d-----w-c:\program files (x86)\Benjamin Moore
    2013-06-07 04:21 . 2013-06-07 04:21--------d-----w-c:\users\Song\AppData\Roaming\webex
    2013-06-07 04:19 . 2013-06-07 04:20--------d-----w-c:\programdata\WebEx
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-18 08:43 . 2013-04-16 12:58499712----a-w-c:\windows\SysWow64\msvcp71.dll
    2013-06-18 08:43 . 2013-04-16 12:58348160----a-w-c:\windows\SysWow64\msvcr71.dll
    2013-06-12 09:35 . 2013-04-24 06:3771048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 09:35 . 2013-04-24 06:37692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-27 04:47 . 2013-05-27 04:47226304----a-w-c:\windows\system32\elshyph.dll
    2013-05-27 04:47 . 2013-05-27 04:47185344----a-w-c:\windows\SysWow64\elshyph.dll
    2013-05-27 04:47 . 2013-05-27 04:471054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
    2013-05-27 04:47 . 2013-05-27 04:47158720----a-w-c:\windows\SysWow64\msls31.dll
    2013-05-27 04:47 . 2013-05-27 04:47719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
    2013-05-27 04:47 . 2013-05-27 04:47150528----a-w-c:\windows\SysWow64\iexpress.exe
    2013-05-27 04:47 . 2013-05-27 04:47138752----a-w-c:\windows\SysWow64\wextract.exe
    2013-05-27 04:47 . 2013-05-27 04:47523264----a-w-c:\windows\SysWow64\vbscript.dll
    2013-05-27 04:47 . 2013-05-27 04:47137216----a-w-c:\windows\SysWow64\ieUnatt.exe
    2013-05-27 04:47 . 2013-05-27 04:4738400----a-w-c:\windows\SysWow64\imgutil.dll
    2013-05-27 04:47 . 2013-05-27 04:4712800----a-w-c:\windows\SysWow64\mshta.exe
    2013-05-27 04:47 . 2013-05-27 04:47110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2013-05-27 04:47 . 2013-05-27 04:4773728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-05-27 04:47 . 2013-05-27 04:4748640----a-w-c:\windows\SysWow64\mshtmler.dll
    2013-05-27 04:47 . 2013-05-27 04:4761952----a-w-c:\windows\SysWow64\tdc.ocx
    2013-05-27 04:47 . 2013-05-27 04:47361984----a-w-c:\windows\SysWow64\html.iec
    2013-05-27 04:47 . 2013-05-27 04:471441280----a-w-c:\windows\SysWow64\inetcpl.cpl
    2013-05-27 04:47 . 2013-05-27 04:4723040----a-w-c:\windows\SysWow64\licmgr10.dll
    2013-05-27 04:47 . 2013-05-27 04:47197120----a-w-c:\windows\system32\msrating.dll
    2013-05-27 04:47 . 2013-05-27 04:47216064----a-w-c:\windows\system32\msls31.dll
    2013-05-27 04:47 . 2013-05-27 04:47762368----a-w-c:\windows\system32\ieapfltr.dll
    2013-05-27 04:47 . 2013-05-27 04:47452096----a-w-c:\windows\system32\dxtmsft.dll
    2013-05-27 04:47 . 2013-05-27 04:47441856----a-w-c:\windows\system32\html.iec
    2013-05-27 04:47 . 2013-05-27 04:47281600----a-w-c:\windows\system32\dxtrans.dll
    2013-05-27 04:47 . 2013-05-27 04:471400416----a-w-c:\windows\system32\ieapfltr.dat
    2013-05-27 04:47 . 2013-05-27 04:4781408----a-w-c:\windows\system32\icardie.dll
    2013-05-27 04:47 . 2013-05-27 04:47905728----a-w-c:\windows\system32\mshtmlmedia.dll
    2013-05-27 04:47 . 2013-05-27 04:47270848----a-w-c:\windows\system32\iedkcs32.dll
    2013-05-27 04:47 . 2013-05-27 04:47235008----a-w-c:\windows\system32\url.dll
    2013-05-27 04:47 . 2013-05-27 04:47247296----a-w-c:\windows\system32\webcheck.dll
    2013-05-27 04:47 . 2013-05-27 04:471509376----a-w-c:\windows\system32\inetcpl.cpl
    2013-05-27 04:47 . 2013-05-27 04:4797280----a-w-c:\windows\system32\mshtmled.dll
    2013-05-27 04:47 . 2013-05-27 04:4727648----a-w-c:\windows\system32\licmgr10.dll
    2013-05-27 04:47 . 2013-05-27 04:47167424----a-w-c:\windows\system32\iexpress.exe
    2013-05-27 04:47 . 2013-05-27 04:47144896----a-w-c:\windows\system32\wextract.exe
    2013-05-27 04:47 . 2013-05-27 04:47102912----a-w-c:\windows\system32\inseng.dll
    2013-05-27 04:47 . 2013-05-27 04:47599552----a-w-c:\windows\system32\vbscript.dll
    2013-05-27 04:47 . 2013-05-27 04:47173568----a-w-c:\windows\system32\ieUnatt.exe
    2013-05-27 04:47 . 2013-05-27 04:4762976----a-w-c:\windows\system32\pngfilt.dll
    2013-05-27 04:47 . 2013-05-27 04:4751200----a-w-c:\windows\system32\imgutil.dll
    2013-05-27 04:47 . 2013-05-27 04:47149504----a-w-c:\windows\system32\occache.dll
    2013-05-27 04:47 . 2013-05-27 04:4713824----a-w-c:\windows\system32\mshta.exe
    2013-05-27 04:47 . 2013-05-27 04:47136192----a-w-c:\windows\system32\iepeers.dll
    2013-05-27 04:47 . 2013-05-27 04:4792160----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2013-05-27 04:47 . 2013-05-27 04:4752224----a-w-c:\windows\system32\msfeedsbs.dll
    2013-05-27 04:47 . 2013-05-27 04:47135680----a-w-c:\windows\system32\IEAdvpack.dll
    2013-05-27 04:47 . 2013-05-27 04:4712800----a-w-c:\windows\system32\msfeedssync.exe
    2013-05-27 04:47 . 2013-05-27 04:4748640----a-w-c:\windows\system32\mshtmler.dll
    2013-05-27 04:47 . 2013-05-27 04:4777312----a-w-c:\windows\system32\tdc.ocx
    2013-05-27 04:43 . 2013-05-27 04:434096---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:434096---ha-w-c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:439728---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:439728---ha-w-c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:435632---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:435632---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:435632---ha-w-c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:435632---ha-w-c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433584---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433584---ha-w-c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433072---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433072---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433072---ha-w-c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433072---ha-w-c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:432560---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:432560---ha-w-c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:4310752---ha-w-c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:43522752----a-w-c:\windows\system32\XpsGdiConverter.dll
    2013-05-27 04:43 . 2013-05-27 04:43465920----a-w-c:\windows\system32\WMPhoto.dll
    2013-05-27 04:43 . 2013-05-27 04:43417792----a-w-c:\windows\SysWow64\WMPhoto.dll
    2013-05-27 04:43 . 2013-05-27 04:43364544----a-w-c:\windows\SysWow64\XpsGdiConverter.dll
    2013-05-27 04:43 . 2013-05-27 04:432776576----a-w-c:\windows\system32\msmpeg2vdec.dll
    2013-05-27 04:43 . 2013-05-27 04:432284544----a-w-c:\windows\SysWow64\msmpeg2vdec.dll
    2013-05-27 04:43 . 2013-05-27 04:431682432----a-w-c:\windows\system32\XpsPrint.dll
    2013-05-27 04:43 . 2013-05-27 04:431158144----a-w-c:\windows\SysWow64\XpsPrint.dll
    2013-05-27 04:43 . 2013-05-27 04:4310752---ha-w-c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-05-27 04:43 . 2013-05-27 04:433928064----a-w-c:\windows\system32\d2d1.dll
    2013-05-27 04:43 . 2013-05-27 04:43363008----a-w-c:\windows\system32\dxgi.dll
    2013-05-27 04:43 . 2013-05-27 04:432565120----a-w-c:\windows\system32\d3d10warp.dll
    2013-05-27 04:43 . 2013-05-27 04:43220160----a-w-c:\windows\SysWow64\d3d10core.dll
    2013-05-27 04:43 . 2013-05-27 04:431247744----a-w-c:\windows\SysWow64\DWrite.dll
    2013-05-27 04:43 . 2013-05-27 04:431175552----a-w-c:\windows\system32\FntCache.dll
    2013-05-27 04:43 . 2013-05-27 04:431080832----a-w-c:\windows\SysWow64\d3d10.dll
    2013-05-27 04:43 . 2013-05-27 04:43604160----a-w-c:\windows\SysWow64\d3d10level9.dll
    2013-05-27 04:43 . 2013-05-27 04:43296960----a-w-c:\windows\system32\d3d10core.dll
    2013-05-27 04:43 . 2013-05-27 04:43249856----a-w-c:\windows\SysWow64\d3d10_1core.dll
    2013-05-27 04:43 . 2013-05-27 04:43207872----a-w-c:\windows\SysWow64\WindowsCodecsExt.dll
    2013-05-27 04:43 . 2013-05-27 04:431643520----a-w-c:\windows\system32\DWrite.dll
    2013-05-27 04:43 . 2013-05-27 04:43161792----a-w-c:\windows\SysWow64\d3d10_1.dll
    2013-05-27 04:43 . 2013-05-27 04:43648192----a-w-c:\windows\system32\d3d10level9.dll
    2013-05-27 04:43 . 2013-05-27 04:433419136----a-w-c:\windows\SysWow64\d2d1.dll
    2013-05-27 04:43 . 2013-05-27 04:43333312----a-w-c:\windows\system32\d3d10_1core.dll
    2013-05-27 04:43 . 2013-05-27 04:43245248----a-w-c:\windows\system32\WindowsCodecsExt.dll
    2013-05-27 04:43 . 2013-05-27 04:43194560----a-w-c:\windows\system32\d3d10_1.dll
    2013-05-27 04:43 . 2013-05-27 04:431238528----a-w-c:\windows\system32\d3d10.dll
    2013-05-27 04:43 . 2013-05-27 04:431988096----a-w-c:\windows\SysWow64\d3d10warp.dll
    2013-05-27 04:43 . 2013-05-27 04:43293376----a-w-c:\windows\SysWow64\dxgi.dll
    .
  2. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    .
    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2013-05-20 13:001725128----a-w-c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2013-05-20 13:001725128----a-w-c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2013-05-20 13:001725128----a-w-c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LAN Messenger"="c:\program files (x86)\LAN Messenger\lmc.exe" [2012-07-24 1721344]
    "PPS Accelerator"="c:\program files (x86)\PPStream\PPSKernel.exe" [2013-01-23 3682168]
    "Facebook Update"="c:\users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-17 138096]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
    "QQIntl"="c:\program files (x86)\Tencent\QQIntl\Bin\QQ.exe" [2013-04-27 129048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-06-18 295512]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "PPS Accelerator"="c:\program files (x86)\PPStream\PPSKernel.exe" [2013-01-23 3682168]
    .
    c:\users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Facebook Messenger.lnk - c:\users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
    Send to OneNote.lnk - c:\program files\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2013-2-17 185944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.1\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [x]
    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe;c:\program files\Fingerprint Sensor\ATService.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
    S2 KNBCenter;KNBCenter;c:\users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe;c:\users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 KNBDrv;KNBDrv;c:\windows\system32\drivers\KNBDrv.sys;c:\windows\SYSNATIVE\drivers\KNBDrv.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - AVGIDSDRIVER
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-06 21:341165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
    .
    ‘计划任务’ 文件夹 里的内容
    .
    2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 09:35]
    .
    2013-06-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000Core.job
    - c:\users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-17 10:54]
    .
    2013-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000UA.job
    - c:\users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-17 10:54]
    .
    2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 01:44]
    .
    2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 01:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2013-05-20 12:552328776----a-w-c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2013-05-20 12:552328776----a-w-c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2013-05-20 12:552328776----a-w-c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
    @="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
    [HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
    2010-03-02 17:24153520----a-w-c:\program files\TOSHIBA\TFPU\TFPUOverlayIcon.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2010-03-02 925104]
    "TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2010-11-04 789368]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
    "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
    .
    ------- 而外的扫描 -------
    .
    uStart Page = hxxp://toshiba.msn.com
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.99
    TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36F666665656E26616D696C6C656: NameServer = 8.8.8.8,8.8.4.4
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{331D51F6-4375-C0EB-FC13-2CC4758E4C62} - c:\program files (x86)\BaiduAddr\{331D51F6-4375-C0EB-FC13-2CC4758E4C62}\AddressBar.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    Wow6432Node-HKLM-Run-TSUScheduler - %ProgramFiles(x86)%\TOSHIBA\Sync Utility\TosSyncScheduler.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-BatteryManager - c:\program files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    .
    .
    .
  3. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    完成时间: 2013-06-27 17:15:22
    ComboFix-quarantined-files.txt 2013-06-27 09:15
    .
    Pre-Run: 22,897,254,400 bytes free
    Post-Run: 24,606,781,440 bytes free
    .
    - - End Of File - - 0A41C2C71F2C397351D3E997D93581AD
    D41D8CD98F00B204E9800998ECF8427E
  4. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    What a long log file.. :)
  5. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    AdwCleaner.txt

    # AdwCleaner v2.303 - Logfile created 06/28/2013 at 18:52:49
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Song - SONG-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Song\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
    Folder Deleted : C:\Program Files (x86)\Tencent
    Folder Deleted : C:\Program Files (x86)\TornTV.com
    Folder Deleted : C:\Users\Song\AppData\Roaming\Tencent

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\TENCENT
    Key Deleted : HKLM\Software\TENCENT

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0.1 (en-US)

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Song\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.3114] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&[...]

    *************************

    AdwCleaner[S1].txt - [1128 octets] - [28/06/2013 18:52:49]

    ########## EOF - C:\AdwCleaner[S1].txt - [1188 octets] ##########
  7. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Professional x64
    Ran by Song on 28/06/2013 Fri at 18:57:52.41
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files (x86)\baidu"



    ~~~ FireFox

    Emptied folder: C:\Users\Song\AppData\Roaming\mozilla\firefox\profiles\ia653mkn.default\minidumps [2 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 28/06/2013 Fri at 19:31:54.82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    OTL.txt

    OTL logfile created on: 28/6/2013 8:08:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Song\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

    5.90 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 68.16% Memory free
    11.80 Gb Paging File | 9.76 Gb Available in Paging File | 82.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 105.85 Gb Total Space | 22.40 Gb Free Space | 21.16% Space Free | Partition Type: NTFS

    Computer Name: SONG-PC | User Name: Song | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/28 18:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Song\Desktop\OTL.exe
    PRC - [2013/06/24 21:55:35 | 000,456,544 | ---- | M] (Kingsoft Corporation) -- C:\Users\Song\AppData\Local\liebao\LBBrowser\knbcenter.exe
    PRC - [2013/06/18 16:43:51 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2013/05/15 19:49:34 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/03/20 13:37:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2013/03/07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
    PRC - [2013/01/23 11:57:34 | 003,682,168 | ---- | M] (PPStream Inc.) -- C:\Program Files (x86)\PPStream\PPSKernel.exe
    PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/25 03:13:34 | 001,721,344 | ---- | M] (LAN Messenger) -- C:\Program Files (x86)\LAN Messenger\lmc.exe
    PRC - [2012/01/05 17:32:42 | 001,613,192 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe
    PRC - [2012/01/05 17:32:42 | 001,408,904 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
    PRC - [2011/08/09 08:39:32 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/08/09 08:39:26 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/07/22 06:23:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2011/06/08 04:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/19 21:27:26 | 008,864,912 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    MOD - [2013/03/07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
    MOD - [2013/03/07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
    MOD - [2013/03/07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
    MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- c:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- c:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/12/12 13:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2012/10/05 18:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2012/10/05 18:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2012/08/31 18:59:19 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    MOD - [2010/11/21 11:24:32 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2010/11/21 11:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/11/21 11:23:48 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2009/06/23 10:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\LAN Messenger\libgcc_s_dw2-1.dll
    MOD - [2009/06/11 05:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    MOD - [2009/01/11 03:32:38 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\LAN Messenger\mingwm10.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/09/23 13:22:46 | 000,582,064 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2011/09/23 08:20:48 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2011/08/11 06:59:04 | 000,833,464 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2011/06/10 12:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2010/09/23 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/18 09:11:42 | 002,734,912 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
    SRV:64bit: - [2009/07/29 06:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/06/24 21:55:35 | 000,456,544 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Users\Song\AppData\Local\liebao\LBBrowser\knbcenter.exe -- (KNBCenter)
    SRV - [2013/06/12 17:35:57 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/04/10 14:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/03/20 13:37:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/01/05 17:32:42 | 001,408,904 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe -- (ArcGIS License Manager)
    SRV - [2011/08/09 08:39:32 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011/08/09 08:39:26 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2011/07/22 06:23:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
    SRV - [2011/07/12 08:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2011/06/08 04:08:26 | 000,250,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
    SRV - [2011/06/08 04:07:28 | 000,047,032 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/06/24 21:56:33 | 000,090,936 | ---- | M] (Kingsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\knbdrv.sys -- (KNBDrv)
    DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/10 10:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/01 03:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/08/24 01:41:00 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
    DRV:64bit: - [2011/08/09 08:53:28 | 000,045,168 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011/07/29 00:20:08 | 000,209,408 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/07/29 00:20:06 | 000,092,672 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/05/26 08:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/09 10:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2011/02/04 10:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/13 08:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/18 10:46:46 | 002,675,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 11:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/20 07:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 16:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/09/23 16:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/06/18 09:30:04 | 000,770,152 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
    DRV:64bit: - [2009/07/31 11:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/15 03:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 08:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/14 08:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/14 07:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/25 06:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2009/06/20 10:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com
    IE - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=TSHPDF&pc=MATP&src=IE-SearchBox
    IE - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: c:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1CA7765-44E4-452e-9D00-A04F3D434281}:
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/18 16:45:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/22 19:48:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/18 16:44:28 | 000,000,000 | ---D | M]

    [2013/04/22 19:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Song\AppData\Roaming\Mozilla\Extensions
    [2013/06/24 17:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Song\AppData\Roaming\Mozilla\Firefox\Profiles\ia653mkn.default\extensions
    [2013/06/24 17:20:35 | 000,213,470 | ---- | M] () (No name found) -- C:\Users\Song\AppData\Roaming\Mozilla\Firefox\Profiles\ia653mkn.default\extensions\torntv2@torntv.com.xpi
    [2013/04/22 19:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/10 14:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    [2013/06/18 16:44:07 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2013/04/10 14:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/04/10 14:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Song\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = c:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

    O1 HOSTS File: ([2013/06/27 17:04:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O2 - BHO: (TFPUPWDBankBHO Class) - {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (331D51F6-4375-C0EB-FC13-2CC4758E4C62 Class) - {331D51F6-4375-C0EB-FC13-2CC4758E4C62} - C:\Program Files (x86)\BaiduAddr\{331D51F6-4375-C0EB-FC13-2CC4758E4C62}\AddressBar.dll File not found
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [BatteryManager] C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE (CANON INC.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe (TOSHIBA)
    O4:64bit: - HKLM..\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe (TOSHIBA)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKU\.DEFAULT..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (PPStream Inc.)
    O4 - HKU\S-1-5-18..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (PPStream Inc.)
    O4 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000..\Run: [Facebook Update] C:\Users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000..\Run: [LAN Messenger] C:\Program Files (x86)\LAN Messenger\lmc.exe (LAN Messenger)
    O4 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe (PPStream Inc.)
    O4 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000..\Run: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background File not found
    O4 - Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
    O4 - Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
    O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - c:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.99
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}: DhcpNameServer = 192.168.1.99
    O18:64bit: - Protocol\Handler\kuwo - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\kuwo - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  9. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/28 18:57:46 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/06/28 18:57:38 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/28 18:44:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Song\Desktop\OTL.exe
    [2013/06/28 18:44:23 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Song\Desktop\JRT.exe
    [2013/06/28 13:32:51 | 000,000,000 | ---D | C] -- C:\Users\Song\Desktop\print
    [2013/06/27 17:18:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/06/27 17:15:28 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2013/06/27 16:20:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/06/27 16:20:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/06/27 16:20:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/06/27 16:20:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/06/27 16:19:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2013/06/27 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\AVG2013
    [2013/06/27 11:22:06 | 005,082,915 | R--- | C] (Swearware) -- C:\Users\Song\Desktop\ComboFix.exe
    [2013/06/27 03:29:45 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/06/26 13:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/25 15:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\KSafeCommon
    [2013/06/24 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\猎豹安全浏览器
    [2013/06/24 21:56:33 | 000,090,936 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\KNBDrv64.sys
    [2013/06/24 21:56:33 | 000,090,936 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\knbdrv.sys
    [2013/06/24 21:55:03 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Local\liebao
    [2013/06/24 19:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
    [2013/06/24 19:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
    [2013/06/24 19:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\KRSHistory
    [2013/06/24 19:30:49 | 000,000,000 | ---D | C] -- C:\KRECYCLE
    [2013/06/24 19:30:45 | 000,223,032 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kisknl.sys
    [2013/06/24 19:30:43 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Local\Kingsoft
    [2013/06/24 19:30:42 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\kingsoft
    [2013/06/24 19:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸
    [2013/06/24 19:30:22 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\ksskrpr.sys
    [2013/06/24 19:30:21 | 000,166,776 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kdhacker64.sys
    [2013/06/24 19:30:21 | 000,127,992 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kdhacker.sys
    [2013/06/24 19:30:21 | 000,024,472 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\bc.sys
    [2013/06/24 19:30:16 | 000,223,032 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kisknl64.sys
    [2013/06/24 19:30:15 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kavbootc64.sys
    [2013/06/24 19:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
    [2013/06/24 19:30:14 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kavbootc.sys
    [2013/06/24 19:30:11 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kusbquery64.sys
    [2013/06/24 19:30:11 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kusbquery.sys
    [2013/06/24 19:30:10 | 000,084,328 | ---- | C] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\ksapi.sys
    [2013/06/24 19:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kingsoft
    [2013/06/24 19:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
    [2013/06/24 19:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
    [2013/06/24 18:53:15 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\Media Player Classic
    [2013/06/24 18:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
    [2013/06/24 18:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
    [2013/06/24 18:45:44 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
    [2013/06/24 18:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\x264 Video Codec
    [2013/06/24 17:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Yahoo Maps Downloader
    [2013/06/24 17:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eymd
    [2013/06/24 17:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013/06/24 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
    [2013/06/22 18:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/06/21 19:54:08 | 000,000,000 | ---D | C] -- C:\Users\Song\Documents\OneNote Notebooks
    [2013/06/18 16:46:51 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\RealNetworks
    [2013/06/18 16:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
    [2013/06/18 16:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
    [2013/06/18 16:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2013/06/17 22:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
    [2013/06/17 22:01:08 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\GRETECH
    [2013/06/17 22:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GRETECH
    [2013/06/14 15:27:10 | 000,000,000 | ---D | C] -- C:\windows\WindowsMobile
    [2013/06/10 14:46:03 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
    [2013/06/10 14:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Benjamin Moore
    [2013/06/10 14:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Benjamin Moore
    [2013/06/07 12:21:07 | 000,000,000 | ---D | C] -- C:\Users\Song\AppData\Roaming\webex
    [2013/06/07 12:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx

    ========== Files - Modified Within 30 Days ==========

    [2013/06/28 20:16:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/06/28 19:54:01 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/28 19:54:00 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/28 19:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/06/28 19:02:54 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/28 19:02:54 | 000,028,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/28 19:00:29 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000UA.job
    [2013/06/28 19:00:26 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000Core.job
    [2013/06/28 18:59:56 | 000,735,048 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/06/28 18:59:56 | 000,620,290 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/06/28 18:59:56 | 000,110,478 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/06/28 18:55:20 | 458,657,791 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/28 18:44:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Song\Desktop\OTL.exe
    [2013/06/28 18:44:25 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Song\Desktop\JRT.exe
    [2013/06/28 18:44:16 | 000,648,201 | ---- | M] () -- C:\Users\Song\Desktop\adwcleaner.exe
    [2013/06/27 17:57:51 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/27 17:04:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2013/06/27 11:22:49 | 005,082,915 | R--- | M] (Swearware) -- C:\Users\Song\Desktop\ComboFix.exe
    [2013/06/24 21:56:33 | 000,090,936 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\KNBDrv64.sys
    [2013/06/24 21:56:33 | 000,090,936 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\knbdrv.sys
    [2013/06/24 19:32:18 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
    [2013/06/24 19:30:22 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\ksskrpr.sys
    [2013/06/24 19:30:21 | 000,166,776 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kdhacker64.sys
    [2013/06/24 19:30:21 | 000,127,992 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kdhacker.sys
    [2013/06/24 19:30:21 | 000,024,472 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\bc.sys
    [2013/06/24 19:30:16 | 000,223,032 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kisknl64.sys
    [2013/06/24 19:30:16 | 000,223,032 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kisknl.sys
    [2013/06/24 19:30:15 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kavbootc64.sys
    [2013/06/24 19:30:14 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kavbootc.sys
    [2013/06/24 19:30:11 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kusbquery64.sys
    [2013/06/24 19:30:11 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\kusbquery.sys
    [2013/06/24 19:30:10 | 000,084,328 | ---- | M] (Kingsoft Corporation) -- C:\windows\SysNative\drivers\ksapi.sys
    [2013/06/22 02:00:00 | 000,127,488 | ---- | M] () -- C:\windows\SysNative\ff_vfw.dll
    [2013/06/21 19:54:16 | 000,001,155 | ---- | M] () -- C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    [2013/06/21 19:45:54 | 000,002,004 | -H-- | M] () -- C:\Users\Song\Documents\Default.rdp
    [2013/06/20 19:59:44 | 000,113,469 | ---- | M] () -- C:\Users\Song\Desktop\Note_20130620_200407_1.pdf
    [2013/06/19 15:04:46 | 000,170,809 | ---- | M] () -- C:\Users\Song\Desktop\flower for sheil.pdf
    [2013/06/19 13:13:22 | 000,001,253 | ---- | M] () -- C:\Users\Song\Desktop\Google Earth Pro v7.1.1.1580 Final.lnk
    [2013/06/18 16:43:56 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
    [2013/06/17 22:01:20 | 000,001,180 | ---- | M] () -- C:\Users\Song\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/06/12 18:39:15 | 000,021,684 | ---- | M] () -- C:\Users\Song\Desktop\ampang_hub1&2.zip
    [2013/06/12 17:30:48 | 000,001,326 | ---- | M] () -- C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
    [2013/06/12 13:54:47 | 000,014,575 | ---- | M] () -- C:\Users\Song\Desktop\hmt_logo.png
    [2013/06/12 13:54:46 | 000,000,132 | ---- | M] () -- C:\Users\Song\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2013/06/10 12:51:36 | 000,103,939 | ---- | M] () -- C:\Users\Song\Desktop\MAXIS.pdf
    [2013/06/09 22:08:34 | 000,031,462 | ---- | M] () -- C:\Users\Song\Desktop\Untitled-1.png

    ========== Files Created - No Company Name ==========

    [2013/06/28 18:44:07 | 000,648,201 | ---- | C] () -- C:\Users\Song\Desktop\adwcleaner.exe
    [2013/06/27 16:20:54 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/06/27 16:20:54 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/06/27 16:20:54 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/06/27 16:20:54 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/06/27 16:20:54 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/06/24 19:33:16 | 001,202,688 | ---- | C] () -- C:\windows\SysNative\ac3filter64.acm
    [2013/06/24 19:33:13 | 000,965,120 | ---- | C] () -- C:\windows\SysWow64\ac3filter.acm
    [2013/06/24 19:26:45 | 000,206,336 | ---- | C] () -- C:\windows\SysNative\unrar64.dll
    [2013/06/24 19:26:45 | 000,148,992 | ---- | C] ( ) -- C:\windows\SysNative\lagarith.dll
    [2013/06/24 19:26:24 | 000,127,488 | ---- | C] () -- C:\windows\SysNative\ff_vfw.dll
    [2013/06/21 19:54:16 | 000,001,155 | ---- | C] () -- C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    [2013/06/20 19:59:31 | 000,113,469 | ---- | C] () -- C:\Users\Song\Desktop\Note_20130620_200407_1.pdf
    [2013/06/19 15:04:46 | 000,170,809 | ---- | C] () -- C:\Users\Song\Desktop\flower for sheil.pdf
    [2013/06/19 13:10:34 | 000,001,253 | ---- | C] () -- C:\Users\Song\Desktop\Google Earth Pro v7.1.1.1580 Final.lnk
    [2013/06/17 22:01:20 | 000,001,180 | ---- | C] () -- C:\Users\Song\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
    [2013/06/14 15:27:40 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
    [2013/06/12 18:39:14 | 000,021,684 | ---- | C] () -- C:\Users\Song\Desktop\ampang_hub1&2.zip
    [2013/06/12 13:54:46 | 000,014,575 | ---- | C] () -- C:\Users\Song\Desktop\hmt_logo.png
    [2013/06/10 12:51:33 | 000,103,939 | ---- | C] () -- C:\Users\Song\Desktop\MAXIS.pdf
    [2013/06/09 22:08:34 | 000,000,132 | ---- | C] () -- C:\Users\Song\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2013/06/09 22:08:31 | 000,031,462 | ---- | C] () -- C:\Users\Song\Desktop\Untitled-1.png
    [2013/04/28 02:09:22 | 000,018,760 | ---- | C] () -- C:\windows\SysWow64\QQVistaHelper.dll
    [2013/03/24 12:43:05 | 001,686,150 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2013/02/06 02:20:52 | 000,000,126 | ---- | C] () -- C:\Program Files (x86)\Download Software Full Version SoftVipDownload.com.url
    [2011/11/28 14:41:38 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
    [2011/11/28 14:06:15 | 000,000,048 | ---- | C] () -- C:\windows\MUIConfig-old.INI
    [2011/09/01 03:51:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/09/01 03:51:14 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/09/01 03:51:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2011/09/01 03:45:58 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2011/09/01 03:26:18 | 013,903,872 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

    ========== ZeroAccess Check ==========

    [2013/06/25 14:02:45 | 000,002,048 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-21-3090707503-2689606237-485621480-1000\$RPO924G\@.vir
    [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/04/05 14:12:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/04/05 14:12:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/06/27 12:12:16 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\AVG2013
    [2013/06/10 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
    [2013/05/11 19:19:12 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\Canon
    [2013/03/20 14:06:20 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\ESRI
    [2013/05/05 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\FileMaker
    [2013/06/21 15:01:39 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\FileZilla
    [2013/04/19 12:46:46 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\Helios
    [2013/06/24 19:33:16 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\kingsoft
    [2013/06/25 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\LAN Messenger
    [2013/05/05 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\Leadertech
    [2013/03/25 17:02:40 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\npm-cache
    [2013/06/25 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\PPStream
    [2013/03/20 14:26:38 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\Softland
    [2013/03/20 00:53:44 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\TFPU
    [2013/03/19 23:29:16 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\Toshiba
    [2013/06/25 11:23:32 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\uTorrent
    [2013/06/07 12:21:07 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\webex
    [2013/03/19 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\WinBatch
    [2013/03/20 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\Song\AppData\Roaming\XnView

    ========== Purity Check ==========



    < End of report >
  10. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    Extra.txt

    OTL Extras logfile created on: 28/6/2013 8:08:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Song\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16576)
    Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

    5.90 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 68.16% Memory free
    11.80 Gb Paging File | 9.76 Gb Available in Paging File | 82.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 105.85 Gb Total Space | 22.40 Gb Free Space | 21.16% Space Free | Partition Type: NTFS

    Computer Name: SONG-PC | User Name: Song | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3090707503-2689606237-485621480-1000\SOFTWARE\Classes\<extension>]
    .html [@ = Liebao.HTML] -- C:\Users\Song\AppData\Local\liebao\LBBrowser\liebao.exe (Kingsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- Reg Error: Value error.
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [kwopen] -- "C:\Program Files (x86)\kuwo\KWMUSIC2013\KwMusic.exe" \dir "%1" (酷我科技)
    Directory [kwplaylist] -- "C:\Program Files (x86)\kuwo\KWMUSIC2013\KwMusic.exe" \dirlist "%1" (酷我科技)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- Reg Error: Value error.
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [kwopen] -- "C:\Program Files (x86)\kuwo\KWMUSIC2013\KwMusic.exe" \dir "%1" (酷我科技)
    Directory [kwplaylist] -- "C:\Program Files (x86)\kuwo\KWMUSIC2013\KwMusic.exe" \dirlist "%1" (酷我科技)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06B49E2D-EEB9-40A6-B3C7-2CD0EFD81EBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{08AF95DC-B0A7-4068-BD82-AADFBB985287}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{09951204-E4CA-465E-9827-ECA22D32E5D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{141EBADD-FE94-4026-8228-0BB7939246F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{233BCFA5-7BE9-4ED3-B9E8-26A0DAF4413B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{25602EE8-4DB4-406E-BCA6-39A78F8D70B5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{440FCDB4-DF96-4ACE-A20C-7F078906E26E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{512FBB36-290F-4F84-BD20-43BB08E45AD2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{54206C92-C896-44B0-A27C-C895184EE753}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{62D08D75-FB20-449F-9369-7ABCDA9B9873}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{691B93DC-72AD-46A8-9155-74CC4AC6A1E9}" = rport=137 | protocol=17 | dir=out | app=system |
    "{71D26F3B-610A-4AD9-B619-85E22A2202AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7F0C90A0-B8FA-4031-A7F6-F66377D36917}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7FA136CF-6B60-4C2F-8026-9E0CA6293800}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7FCB23A7-867F-4412-AAFB-05006FB39F0F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8B8FD7B2-39C0-4EA5-BC9C-FC5E8B666029}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{9014ED19-C2DD-4810-9984-098A8CAA3DAF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{90F5740D-F8D6-45E7-8B62-E1F800162E01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{98E2C1AF-E90E-40D2-8D2B-BCCE064D42C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BFBD41E0-27A9-4A3D-BBED-A7C898741B01}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C06BCE98-3518-44E5-BE11-378F8B7E94D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C1EAF056-816B-49DB-BA95-3491433D83ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{CDC657BB-C0B3-4A35-B6E2-7DAEFDCD0E98}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D855DB48-7907-422C-8735-2060F10FDEA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D8DFBABB-B161-4E2A-8EED-FE1C6428D5F2}" = lport=137 | protocol=17 | dir=in | app=system |
    "{E1B3B91E-289E-4E23-A47C-3F9B0ADC67AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E94667CD-B531-45CF-9A72-D5822CBF0AF5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EA9ADAA8-0FA7-4EF0-88C9-FAFD4909ED85}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{F0199E20-AF0D-4CE1-84A5-F6D8D7C812FC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F3FDB284-F344-4464-9262-13261143F4A3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F419AAC9-95D6-4B27-8D08-0F1289DD8514}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F4C344C3-75B2-4C8A-906B-18F150D7D15E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
    "{F78B4C2C-1C58-4306-9E6E-42879A86A433}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F9282C33-C915-4F20-935B-CEA4BD22E237}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0493DB1B-3997-4463-9EF1-446BD0E5AEDB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{0641069C-5B41-487F-AE33-083985C8C566}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{067D5AE7-FF00-4FB9-8A43-9C41156AF4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{08198BA8-FB78-4CF0-A681-A0B02427C27D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "{08F76A67-CA65-4976-A7D1-1E10333CB03E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0A8609CB-58AD-474F-BCA4-70AC6D0C5CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{0CAD7E9E-3613-4878-9A01-78DF625C1151}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
    "{16036178-E694-4C8E-93D6-4FF7EB91C23C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{23F233A5-EC8D-4DE8-9F0A-62246300A390}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{28953926-9772-4A65-9C2B-FD1948642137}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{2A3B0421-9C73-496E-8D9B-134BEA05FFEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2B944E92-0369-4359-B6EC-30865D50761D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
    "{2DDD3704-D57D-40B6-901E-88F9397A7BCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{31BE453B-1323-4C98-801D-5EC0AEDA551F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{32326BEA-14D6-468B-8AF9-691C0F2406F7}" = protocol=6 | dir=in | app=c:\program files (x86)\tilemill-v0.10.1\tilemill\node.exe |
    "{325442F0-768A-41FB-8AC4-15B6C3E6AF9B}" = protocol=17 | dir=in | app=c:\program files (x86)\tilemill-v0.10.1\tilemill\node.exe |
    "{326AE6A1-C673-416F-8C12-F43A791F65C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{33AEC82A-5DE6-4823-87E7-DB310EEC76CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{36D5CA69-641F-45EA-8B95-B88D57520744}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{37D60201-7E4E-46DE-B7E4-25A54E056E10}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{46C096C7-3957-4D1A-A1AA-A873E594BEF9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{46CD5929-42A7-4DF6-B48D-40CCDFCA6DF9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{4B182DE2-3E0F-450F-88CB-974C78D54C88}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4EC2E0EF-24FC-4501-A588-7EC530ABCC4E}" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lmc.exe |
    "{55F3DD93-49D9-43A3-925B-A02A0BE9A58B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{5FC9EF1F-6EE4-4D49-A1C5-C236B75E40AC}" = protocol=17 | dir=in | app=c:\program files (x86)\kuwo\kwmusic2013\bin\kwservice.exe |
    "{61D501FA-6630-4F16-92FA-42755F5E0A0E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "{6220C8C3-AD8E-4822-B3AC-D1878FAF5B8E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6761C890-2FBD-4173-A206-5083FB4019DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{69155C89-99D0-4B13-9399-DBFE048FEC69}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6BD27E59-B633-4717-91CE-16476B9583CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{6F7233C8-A8F4-4342-B769-C93A720283DF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{7147FD01-9F71-4D4D-8E7A-3C57111D6C84}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{761F8031-9FBC-429A-BD69-4A1F740EACC1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{78B2CA3D-2C07-4A15-8484-2E259535B904}" = dir=in | app=c:\program files (x86)\ppstream\ppskernel.exe |
    "{7BA99309-31A9-4371-ADF1-15D267DEFDDD}" = protocol=17 | dir=in | app=c:\users\song\appdata\roaming\utorrent\utorrent.exe |
    "{7E12C93C-A482-4089-A770-8BC807B2821F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8731AC33-C44A-414F-A648-1F9FE08D3C19}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{89B04096-4C6B-447A-94EF-2E57493112AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8A58B5EB-1AC0-4CA7-A145-EE97203EC717}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8AC70968-5D30-4531-9605-A6BB3D33F784}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{8F4DAB35-6F4B-4FC2-90B4-CD36D97BC9A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{90DCD684-F891-408B-8B0D-F7C464B81F16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{97933CDF-F301-471D-ADCA-EC3C179E112D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{9DEB5CBF-804E-4975-918F-F697B9745931}" = dir=in | app=c:\users\song\appdata\roaming\ppstream\ppsupdate.exe |
    "{A2ED17C9-75E6-43BF-810C-9C233333FD15}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{AAED8347-7E9E-4FEA-82DD-2992E00E53F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ABB29FA2-56FD-485F-91FE-1E65BC2D1F9A}" = protocol=17 | dir=in | app=c:\program files (x86)\kuwo\kwmusic2013\bin\kwmusic.exe |
    "{ABC28640-D470-486F-A28F-5359A63212EC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B4A31CC0-7E37-4D3A-8F0D-2D81AF121514}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |
    "{B5B01B37-BF61-4B76-AF91-837E4F7AD06C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{BE2B3B19-7135-455C-82D1-3F6041E4C65C}" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lmc.exe |
    "{C09C718C-2A70-4807-89A2-C4A32065CBA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C28967C8-B06F-4D6D-9D07-62C59D891869}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |
    "{C56F87E1-40C0-459A-9DAB-7F84AE5E9372}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{C881D577-976C-4BCF-929B-AFF59EBFA83C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
    "{C96422F0-1853-483F-AE0C-B91DBE4912CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C990D384-FA17-415A-8834-E62CE17CC88D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{CE05417B-E176-45C7-A2D5-3FB0EF665404}" = protocol=6 | dir=in | app=c:\program files (x86)\kuwo\kwmusic2013\bin\kwservice.exe |
    "{D05ACE8A-9B8E-460F-91D8-CB05E8AF0BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{D17D02CB-9752-428C-8813-CE486CF332FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
    "{D3557D6A-0FBB-47C8-BAE2-D8C5E559FECB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DD6310DE-1B95-46DE-8333-40D573C4EEDD}" = protocol=6 | dir=out | app=system |
    "{DFC39C3A-007F-40AB-B31B-2BA2FA022DE1}" = protocol=6 | dir=in | app=c:\users\song\appdata\roaming\utorrent\utorrent.exe |
    "{E0E04F79-9358-451E-BCF9-45DEE138458F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{E6B72B40-0D9F-4218-A4CF-3256AB2001DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{EB104052-A9B9-4FFD-85E4-FF2D64637717}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EC91EBBC-B466-4639-AB7A-A12FA7B8BF3C}" = protocol=6 | dir=in | app=c:\program files (x86)\kuwo\kwmusic2013\bin\kwmusic.exe |
    "{F63899EB-B9F7-4147-94FB-5BD5870EF8D7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
    "{F780573C-1EE8-49DA-B5B5-ED1361881145}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
    "{F7E7A52F-55EE-48FD-B5B6-0C7FD3FCAAF3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{FBC4F385-DD79-4A05-BE4B-2D0B983462FA}" = dir=in | app=c:\program files (x86)\ppstream\ppstream.exe |
    "{FC8DBB17-42DB-4F87-AFFA-A5A367D3E648}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "TCP Query User{17712006-2165-4BFE-8CE6-A8D2F605717B}C:\program files (x86)\kuwo\kwmusic2013\bin\kwservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kuwo\kwmusic2013\bin\kwservice.exe |
    "TCP Query User{376495F5-9E6C-4C42-B1DF-A18EFB357538}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "TCP Query User{5A136812-024B-4F84-ADFA-B9A833D71C0E}C:\program files (x86)\ppstream\ppskernel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppskernel.exe |
    "TCP Query User{5AEAE3E8-D6B2-4BAB-B401-033E29434AA1}C:\program files (x86)\filemaker\filemaker pro 12 advanced\filemaker pro advanced.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 12 advanced\filemaker pro advanced.exe |
    "TCP Query User{753CBC3F-BCCF-4F40-85A9-E39909725401}C:\program files (x86)\tilemill-v0.10.1\tilemill\node.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tilemill-v0.10.1\tilemill\node.exe |
    "TCP Query User{C74F1D53-C229-41DD-8251-367E62AF66B8}C:\program files (x86)\lan messenger\lmc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lan messenger\lmc.exe |
    "UDP Query User{0CE486CE-08BD-47CB-96E9-12CF44AF57E9}C:\program files (x86)\ppstream\ppskernel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppskernel.exe |
    "UDP Query User{2DEAC915-7179-43CE-B88A-220B09895198}C:\program files (x86)\kuwo\kwmusic2013\bin\kwservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kuwo\kwmusic2013\bin\kwservice.exe |
    "UDP Query User{985B220C-A297-47F4-B152-4F5C35468ABC}C:\program files (x86)\tencent\qqintl\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
    "UDP Query User{9DF83F71-C449-4511-8EB0-413DB89CF487}C:\program files (x86)\lan messenger\lmc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lan messenger\lmc.exe |
    "UDP Query User{BD55684D-EB19-4FC4-B961-6E35E475A439}C:\program files (x86)\filemaker\filemaker pro 12 advanced\filemaker pro advanced.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filemaker\filemaker pro 12 advanced\filemaker pro advanced.exe |
    "UDP Query User{E0C8C88B-9479-4EF4-8A75-5916E670DD31}C:\program files (x86)\tilemill-v0.10.1\tilemill\node.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tilemill-v0.10.1\tilemill\node.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{26601FD6-CCFC-4F06-88C5-D110B1D4756F}" = TOSHIBA eco Utility
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety
    "{444085BE-389B-4330-A291-3FC258B846EC}" = Canon MF4800 Series
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5F1DFCC1-595D-4235-A044-E05B706D800A}" = AuthenTec Fingerprint Software
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
    "{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
    "{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
    "{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
    "{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
    "{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
    "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
    "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
    "{90150000-001F-0804-1000-0000000FF1CE}" = Microsoft Office 校对工具 2013 - 简体中文
    "{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
    "{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
    "{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
    "{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
    "{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
    "{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
    "{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
    "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
    "{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
    "{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
    "{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
    "{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
    "{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
    "{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
    "{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
    "{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}" = TOSHIBA Audio Enhancement
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "doPDF 7 printer_is1" = doPDF 7.3 printer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
    "PROSet" = Intel(R) Network Connections Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DD1D1E9-FC96-4B17-BE0A-A5481F8B0D67}" = ArcGIS 10.1 License Manager
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
    "{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
    "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf13
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6C8365F4-1102-4064-B696-68842D20B933}" = ArcGIS 10.1 for Desktop
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9602841E-ECE2-1019-AAEE-906A4DE25D6B}" = Intel(R) Identity Protection Technology 1.2.18.0
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AB4D07D-3754-1CD4-1E25-0C1AF3355921}" = Personal Color Viewer
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F53AC20-2D32-4341-9DA1-29DD40E2199E}" = TextPad 7
    "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}" = TOSHIBA ConfigFree
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}" = TOSHIBA Sync Utility
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC21B3F4-6A5B-4D77-A796-BB4F1A646C8B}" = FileMaker Pro 12 Advanced
    "{EC21B3F4-6A5B-4D77-A796-BB4F1A646C8B}_FileMaker" = FileMaker Pro 12 Advanced
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
    "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.15.17.02
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ArcGIS 10.1 for Desktop" = ArcGIS 10.1 for Desktop
    "ArcGIS 10.1 License Manager" = ArcGIS 10.1 License Manager
    "BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1" = Personal Color Viewer
    "BvSshClient" = Bitvise SSH Client 4.60 (remove only)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "FileZilla Client" = FileZilla Client 3.7.0.2
    "Google Chrome" = Google Chrome
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "KwMusic7" = 酷我音乐 2013
    "LAN Messenger" = LAN Messenger
    "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "PPStream" = PPS影音 V2.7.0.1515 正式版
    "Quantum GIS Lisboa" = Quantum GIS Lisboa 1.8.0 Lisboa
    "RealPlayer 16.0" = RealPlayer
    "TileMill" = TileMill 0.10.1
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live 程式集
    "XnView_is1" = XnView 1.99.6

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3090707503-2689606237-485621480-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "ActiveTouchMeetingClient" = Cisco WebEx Meetings

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 28/6/2013 7:31:54 AM | Computer Name = Song-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
  11. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKU\S-1-5-21-3090707503-2689606237-485621480-1000..\Run: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background File not found
    O4 - Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
    O18:64bit: - Protocol\Handler\kuwo - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\kuwo - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2013/06/25 14:02:45 | 000,002,048 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-21-3090707503-2689606237-485621480-1000\$RPO924G\@.vir
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/TXSSO\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QQIntl deleted successfully.
    C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\kuwo\ deleted successfully.
    File Protocol\Handler\kuwo - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\kuwo\ not found.
    File Protocol\Handler\kuwo - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\$Recycle.bin\S-1-5-21-3090707503-2689606237-485621480-1000\$RPO924G\@.vir moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Song
    ->Temp folder emptied: 1208793 bytes
    ->Temporary Internet Files folder emptied: 24823363 bytes
    ->Java cache emptied: 3185833 bytes
    ->FireFox cache emptied: 50970052 bytes
    ->Google Chrome cache emptied: 81107650 bytes
    ->Flash cache emptied: 59532 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4384 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
    RecycleBin emptied: 19333972 bytes

    Total Files Cleaned = 172.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Song
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Song
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06302013_023930

    Files\Folders moved on Reboot...
    C:\Users\Song\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  13. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    Checkup.txt

    Results of screen317's Security Check version 0.99.68
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    新毒霸铠甲防御
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 20
    Java version out of Date!
    Adobe Flash Player 11.7.700.224
    Adobe Reader XI
    Mozilla Firefox 20.0.1 Firefox out of Date!
    Google Chrome 27.0.1453.110
    Google Chrome 27.0.1453.116
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  14. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    FSS.txt

    Farbar Service Scanner Version: 27-06-2013
    Ran by Song (administrator) on 30-06-2013 at 16:14:34
    Running from "C:\Users\Song\Downloads"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  15. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/TXSSO\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3090707503-2689606237-485621480-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QQIntl deleted successfully.
    C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\kuwo\ deleted successfully.
    File Protocol\Handler\kuwo - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\kuwo\ not found.
    File Protocol\Handler\kuwo - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\$Recycle.bin\S-1-5-21-3090707503-2689606237-485621480-1000\$RPO924G\@.vir moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Song
    ->Temp folder emptied: 1208793 bytes
    ->Temporary Internet Files folder emptied: 24823363 bytes
    ->Java cache emptied: 3185833 bytes
    ->FireFox cache emptied: 50970052 bytes
    ->Google Chrome cache emptied: 81107650 bytes
    ->Flash cache emptied: 59532 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4384 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
    RecycleBin emptied: 19333972 bytes

    Total Files Cleaned = 172.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Song
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Song
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06302013_023930

    Files\Folders moved on Reboot...
    C:\Users\Song\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  16. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    You posted OTL fix log twice.
    I still need Eset log.
  17. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    ESET is still runnnnnnnnnnnnnning~
  18. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Oh well...lol
  19. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

  20. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    [​IMG] Update Firefox to the current 22.0 version.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==========================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  21. sblua

    sblua Newcomer, in training Topic Starter Posts: 35

    Done all!!

    I think my computer is good!!

    Thank you Broni!!! Bravo!!
  22. Broni

    Broni Malware Annihilator Posts: 46,172   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.