Solved I think my HP desktop might have a virus

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 16:43:37
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Rosalie Blythe - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Rosalie Blythe\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\spigot
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\uTorrentBar_FR
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Ada Suk Yi Ma\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ada Suk Yi Ma\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Kitty\AppData\Local\Conduit
Folder Deleted : C:\Users\Kitty\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Kitty\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kitty\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Kitty\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Kitty\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Rosalie Blythe\AppData\LocalLow\Search Settings

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_FR Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851639
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3070524
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02DD0B9-6CF4-4276-860C-12194F21026E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE773C73-5D1D-4D31-966C-240B7DABF120}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\uTorrentBar_FR
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8683 octets] - [15/02/2013 16:43:37]

########## EOF - C:\AdwCleaner[S1].txt - [8743 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.3 (02.12.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Rosalie Blythe on 15/02/2013 星期五 at 17:05:28.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tencent"
Successfully deleted: [Folder] "C:\Users\Rosalie Blythe\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\Rosalie Blythe\appdata\local\tencent"
Successfully deleted: [Folder] "C:\Users\Rosalie Blythe\appdata\locallow\tencent"
Successfully deleted: [Folder] "C:\Program Files\tencent"
Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/02/2013 星期五 at 17:13:56.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
My computer has been acting very weird, today it fails to start and then I have to run a system repair, which leads to a system restore...I don't know why is this happening
 
OTL logfile created on: 15/2/2013 17:15:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosalie Blythe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: HONG KONG SAR | Language: ZHH | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.15% Memory free
4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.17 Gb Total Space | 77.02 Gb Free Space | 26.64% Space Free | Partition Type: NTFS
Drive D: | 8.92 Gb Total Space | 0.95 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Rosalie Blythe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/15 17:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rosalie Blythe\Desktop\OTL.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rosalie Blythe\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 15:57:24 | 000,194,512 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Users\Public\Thunder Network\XMP4\Core\Program\xmp.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/31 23:53:04 | 000,251,296 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/04/05 19:42:35 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2011/12/16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011/12/16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/12/15 09:25:28 | 003,998,616 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
PRC - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2010/09/30 10:47:44 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\ib\olycamdetect.exe
PRC - [2010/02/23 22:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe
PRC - [2010/01/24 23:25:14 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/15 11:21:12 | 012,638,576 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/15 02:48:29 | 000,444,816 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.2542\tipsclient.dll
MOD - [2012/11/23 05:22:05 | 000,088,008 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.2542\tipsdone.dll
MOD - [2012/11/16 15:34:30 | 000,100,304 | ---- | M] () -- c:\Program Files\Thunder Network\Xmp4\Program\XLBugHandler.dll
MOD - [2012/10/31 23:53:22 | 002,298,768 | ---- | M] () -- C:\WINDOWS\System32\kindling.dll
MOD - [2012/10/31 23:52:50 | 000,622,992 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.2542\MngModule.dll
MOD - [2011/12/15 09:25:24 | 000,070,040 | R--- | M] () -- C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/02/08 00:47:52 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/31 23:53:36 | 000,492,432 | ---- | M] (PPTV) [Auto | Running] -- C:\WINDOWS\System32\PPTVSvc.dll -- (PPTVService)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/13 20:09:42 | 000,603,704 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/05 19:42:35 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/12/16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011/10/14 02:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2010/01/24 23:25:14 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/11/18 16:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROSALI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/02/15 16:54:20 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5F29F63-963A-4CCF-8BA7-66B233BDD57E}\MpKsl06f0eeb8.sys -- (MpKsl06f0eeb8)
DRV - [2013/02/09 09:44:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/13 20:03:14 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2011/12/16 13:18:56 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2011/10/04 05:22:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/10/04 05:22:16 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/19 23:50:50 | 000,391,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2008/05/08 07:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 07:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/12 21:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/08/12 21:48:43 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{1DDDACAD-50A5-43BC-801E-299A73ED35B6}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&FORM=HVDCS7
IE - HKLM\..\SearchScopes\{4913D242-6842-44ED-83E3-10314985B43E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{9801283B-19A2-4467-933B-2B4FA0B412A1}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\SearchScopes\{C4CAD18F-A5B7-43FD-9BFB-F40635AA946A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.2148\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(75).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/KKVA: C:\Program Files\Common Files\Thunder Network\KanKan\npKKVA.1.0.0.6.(76).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 08:06:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/24 08:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/11 17:26:05 | 000,000,000 | ---D | M]


========== Chrome ==========
 
CHR - homepage:
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QQ2011 (Enabled) = C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll
CHR - plugin: NPTXSSO Dynamic Link Library (Enabled) = C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll
CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.4.(269).dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1717\npplugin2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: QQMusic (Enabled) = C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll
CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Showwall \u660E\u661F\u52D5\u6F2B\u684C\u5E03 = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpccflpmccajjbiloadclfaelnegbf\1.2_0\
CHR - Extension: Google Search = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Hello Kitty = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld\1.1_0\
CHR - Extension: AVG Do Not Track = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Unblock Youku = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.1.5_0\
CHR - Extension: Gmail = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/15 12:27:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (VideoUrlSniffer Class) - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(71).dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (BrowserHelper) - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll (TODO: <Company name>)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101 File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rosalie Blythe\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rosalie Blythe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
O9 - Extra Button: 迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.197.191.194 38.117.85.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54C2B5EC-D81C-4B8C-9CB0-B146A3BC081D}: DhcpNameServer = 204.197.191.194 38.117.85.2
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 13:06:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/15 17:14:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rosalie Blythe\Desktop\OTL.exe
[2013/02/15 17:03:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/15 17:03:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/15 17:01:43 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rosalie Blythe\Desktop\JRT.exe
[2013/02/15 14:28:31 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\AppData\Local\ElevatedDiagnostics
[2013/02/15 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\AppData\Local\HP
[2013/02/15 12:33:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/15 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\AppData\Roaming\PeerNetworking
[2013/02/15 11:37:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/15 11:37:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/15 11:37:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/15 11:36:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/02/15 11:35:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/15 11:33:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/15 11:28:19 | 005,033,715 | R--- | C] (Swearware) -- C:\Users\Rosalie Blythe\Desktop\ComboFix.exe
[2013/02/13 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar(47)
[2013/02/13 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot(33)
[2013/02/09 18:02:41 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\Desktop\mbar-1.01.0.1020
[2013/02/09 17:22:23 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\Desktop\RK_Quarantine
[2013/02/09 10:53:40 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\stcusb.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\pscr.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | C] (SCM Microsystems) -- C:\Windows\System32\drivers\zh-TW\SCR111.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | C] (OMNIKEY AG) -- C:\Windows\System32\drivers\zh-TW\cmbp0wdm.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | C] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\gpr400.sys.mui
[2013/02/09 10:53:40 | 000,002,560 | ---- | C] (OMNIKEY) -- C:\Windows\System32\drivers\zh-TW\cxbp0wdm.sys.mui
[2013/02/09 10:53:39 | 000,003,072 | ---- | C] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\grserial.sys.mui
[2013/02/09 10:52:33 | 000,003,072 | ---- | C] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\zh-TW\ntrigdigi.sys.mui
[2013/02/09 10:52:30 | 000,004,096 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\zh-TW\yk60x86.sys.mui
[2013/02/09 10:46:26 | 000,005,120 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\zh-TW\ltmdmnt.sys.mui
[2013/02/09 10:46:17 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrSerId.sys.mui
[2013/02/09 10:46:17 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrParwdm.sys.mui
[2013/02/09 10:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\0404
[2013/02/09 10:44:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\0C04
[2013/02/09 10:44:48 | 000,000,000 | ---D | C] -- C:\Windows\zh-TW
[2013/02/09 10:43:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2013/02/09 10:40:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2013/02/09 10:40:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHT
[2013/02/09 10:40:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Windows System Resource Manager
[2013/02/09 10:23:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Vistalizator
[2013/02/09 09:44:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/02/02 02:30:02 | 000,000,000 | ---D | C] -- C:\found.001
[2013/02/01 13:56:29 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\Desktop\TVBOXNOW 宮
[2013/01/21 08:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign

========== Files - Modified Within 30 Days ==========

[2013/02/15 17:25:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45D4C764-4362-407E-9FCE-066735E027A3}.job
[2013/02/15 17:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rosalie Blythe\Desktop\OTL.exe
[2013/02/15 17:02:07 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rosalie Blythe\Desktop\JRT.exe
[2013/02/15 16:56:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/15 16:50:03 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 16:50:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/15 16:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/15 16:45:19 | 000,000,104 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/15 16:35:39 | 000,587,671 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\adwcleaner0.exe
[2013/02/15 15:47:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/15 14:01:27 | 000,450,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/15 13:28:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/15 13:21:13 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/15 13:21:13 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/15 12:46:28 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/02/15 12:27:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/15 11:56:31 | 000,024,109 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Roaming\UserTile.png
[2013/02/15 11:30:44 | 005,033,715 | R--- | M] (Swearware) -- C:\Users\Rosalie Blythe\Desktop\ComboFix.exe
[2013/02/13 17:03:08 | 000,000,047 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Roaming\CoreAVC.ini
[2013/02/10 14:25:06 | 000,000,680 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Local\d3d9caps.dat
[2013/02/10 01:39:39 | 000,068,585 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\未命名.jpg
[2013/02/09 16:07:27 | 013,711,621 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\mbar-1.01.0.1020.zip
[2013/02/09 13:38:41 | 000,000,584 | RHS- | M] () -- C:\Users\Rosalie Blythe\ntuser.pol
[2013/02/09 13:38:39 | 000,000,210 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/02/09 10:53:40 | 000,003,072 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\stcusb.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\pscr.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | M] (SCM Microsystems) -- C:\Windows\System32\drivers\zh-TW\SCR111.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | M] (OMNIKEY AG) -- C:\Windows\System32\drivers\zh-TW\cmbp0wdm.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | M] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\grserial.sys.mui
[2013/02/09 10:53:40 | 000,003,072 | ---- | M] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\gpr400.sys.mui
[2013/02/09 10:53:40 | 000,002,560 | ---- | M] (OMNIKEY) -- C:\Windows\System32\drivers\zh-TW\cxbp0wdm.sys.mui
[2013/02/09 10:52:33 | 000,003,072 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\zh-TW\ntrigdigi.sys.mui
[2013/02/09 10:52:30 | 000,004,096 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\zh-TW\yk60x86.sys.mui
[2013/02/09 10:46:26 | 000,005,120 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\zh-TW\ltmdmnt.sys.mui
[2013/02/09 10:46:17 | 000,005,120 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrSerId.sys.mui
[2013/02/09 10:46:17 | 000,002,048 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrParwdm.sys.mui
[2013/02/09 10:44:04 | 000,116,092 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\re.jpg
[2013/02/09 09:44:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/02/01 12:29:17 | 000,027,681 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\cEbm9.jpg
[2013/01/31 18:25:53 | 000,000,962 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/31 18:25:42 | 000,000,948 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\Dropbox.lnk
[2013/01/21 17:24:19 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job

========== Files Created - No Company Name ==========

[2013/02/15 16:43:57 | 000,000,104 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/15 16:34:09 | 000,587,671 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\adwcleaner0.exe
[2013/02/15 12:46:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/15 11:56:10 | 000,024,109 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Roaming\UserTile.png
[2013/02/15 11:37:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/15 11:37:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/15 11:37:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/15 11:37:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/15 11:37:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/10 01:39:39 | 000,068,585 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\未命名.jpg
[2013/02/09 16:04:32 | 013,711,621 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\mbar-1.01.0.1020.zip
[2013/02/09 10:41:53 | 000,116,092 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\re.jpg
[2013/02/01 12:29:02 | 000,027,681 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\cEbm9.jpg
[2013/01/21 08:10:40 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2012/11/12 20:46:57 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2012/10/31 23:53:22 | 002,298,768 | ---- | C] () -- C:\Windows\System32\kindling.dll
[2012/10/27 07:04:54 | 000,000,680 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Local\d3d9caps.dat
[2012/05/07 11:51:10 | 000,000,047 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Roaming\CoreAVC.ini
[2012/04/23 21:09:30 | 000,010,240 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/23 20:39:53 | 000,000,584 | RHS- | C] () -- C:\Users\Rosalie Blythe\ntuser.pol
[2012/01/20 17:29:25 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/06/11 15:53:18 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/05/15 02:13:53 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2011/03/21 16:15:18 | 000,000,210 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/30 21:24:17 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/20 15:07:02 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Ad-Aware Antivirus
[2012/04/20 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Auslogics
[2010/04/04 21:41:34 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\AVG9
[2010/09/30 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Blitware
[2010/12/25 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\GetRightToGo
[2012/09/13 16:26:09 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\KuGou7
[2010/04/10 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\PlayFirst
[2011/09/01 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\PPLive
[2012/04/20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\PPStream
[2010/04/02 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Snapfish
[2010/09/30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Soluto
[2010/10/15 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\SuperMP3Download
[2012/04/14 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Tencent
[2011/06/23 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\UDown
[2012/04/09 01:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\uTorrent
[2010/04/05 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\WildTangent
[2011/05/20 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\WinBatch
[2012/04/20 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Wise Disk Cleaner
[2011/07/09 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Youtube Downloader HD
[2013/01/12 09:47:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/12 09:47:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/12/12 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2013
[2012/11/12 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BITS
[2013/02/15 00:16:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Dropbox
[2012/11/12 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\FlashgetSetup
[2013/02/15 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Kugou7
[2012/11/06 16:33:47 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\KuGou8
[2012/07/15 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PPLive
[2013/02/15 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ppStream
[2010/08/06 17:08:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Snapfish
[2013/02/09 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Tencent
[2012/12/08 08:27:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2012/04/20 15:50:34 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Ad-Aware Antivirus
[2012/08/08 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Application Data
[2012/04/20 16:10:16 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Auslogics
[2012/08/19 10:03:42 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Kugou7
[2012/09/23 15:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\KuGou8
[2012/08/08 19:31:38 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\PPLive
[2012/08/09 07:46:47 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\ppStream
[2010/04/18 14:54:45 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Snapfish
[2011/05/23 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Soluto
[2011/11/02 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Tencent
[2011/06/08 20:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\TypingMaster7
[2012/07/12 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\uTorrent
[2010/10/08 23:32:59 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\WildTangent
[2011/04/17 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Youtube Downloader HD
[2012/12/15 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\AVG2013
[2013/02/15 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\Dropbox
[2012/09/13 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\Kugou7
[2012/10/28 19:32:08 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\KuGou8
[2013/02/15 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\PeerNetworking
[2012/05/12 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\PPLive
[2013/02/10 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\ppStream
[2012/06/09 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\QQMusicUpdate
[2012/12/12 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\TuneUp Software
[2012/12/16 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/12/15 23:42:03 | 000,001,189 | ---- | M] ()(C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\??迅雷看看播放器.lnk) -- C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\启动迅雷看看播放器.lnk
[2012/05/12 19:56:07 | 000,001,189 | ---- | C] ()(C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\??迅雷看看播放器.lnk) -- C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\启动迅雷看看播放器.lnk
[2011/03/29 14:25:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᰐť
[2011/03/29 14:25:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᰐť
[2010/11/17 03:07:36 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?α) -- C:\Windows\System32\䎀α
[2010/11/17 03:07:36 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?α) -- C:\Windows\System32\䎀α
[2010/10/11 14:51:50 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\쿠˳
[2010/10/11 14:51:50 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\쿠˳
[2010/10/03 14:27:16 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\꿠Ī
[2010/10/03 14:27:16 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\꿠Ī
[2010/08/11 18:12:34 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\땘̢
[2010/08/11 18:12:34 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\땘̢
[2010/08/04 16:16:09 | 000,000,036 | ---- | M] ()(C:\Windows\System32\禠?) -- C:\Windows\System32\禠ŏ
[2010/08/04 16:16:09 | 000,000,036 | ---- | C] ()(C:\Windows\System32\禠?) -- C:\Windows\System32\禠ŏ
[2010/07/06 17:40:58 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\겸Ł
[2010/07/06 17:40:58 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\겸Ł
[2010/06/27 18:01:23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᙀќ
[2010/06/27 18:01:23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᙀќ
[2010/06/13 18:54:59 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ࣈŀ
[2010/06/13 18:54:59 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ࣈŀ
[2010/06/03 03:36:15 | 000,000,036 | ---- | M] ()(C:\Windows\System32\讀?) -- C:\Windows\System32\讀Ŀ
[2010/06/03 03:36:15 | 000,000,036 | ---- | C] ()(C:\Windows\System32\讀?) -- C:\Windows\System32\讀Ŀ
[2010/05/03 05:06:31 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᨘĪ
[2010/05/03 05:06:31 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᨘĪ
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >
 
OTL Extras logfile created on: 15/2/2013 17:15:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosalie Blythe\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: HONG KONG SAR | Language: ZHH | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.15% Memory free
4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.17 Gb Total Space | 77.02 Gb Free Space | 26.64% Space Free | Partition Type: NTFS
Drive D: | 8.92 Gb Total Space | 0.95 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Rosalie Blythe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Users\Guest\AppData\Local\Temp\fgcn_349.exe" = C:\Users\Guest\AppData\Local\Temp\fgcn_349.exe:*:Enabled:fg_ol_silent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0970C23E-CA06-4F68-993A-3A0210AFAE07}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1015C726-F919-4E4E-B475-D863C3D48B4D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{161B1296-3B0E-4BB5-8E36-B6ADF1710B43}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A63088B-411D-43E8-AB64-C66B770F77A3}" = lport=137 | protocol=17 | dir=in | app=system |
"{20A4667E-460D-4635-9051-C5EA0E7F1EF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{2544F794-ED69-4C47-A35C-C1C7BE7E859B}" = rport=137 | protocol=17 | dir=out | app=system |
"{290D20A9-2112-4618-B2B6-454AAD96DF97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2925EA8A-C1CA-4503-84EA-7FFDF6B9439D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B00A74F-3AA7-42CE-B109-9C51D0B251BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C1A5918-05EB-4600-BA17-DDFEE911520E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{303B5E4C-9EC1-4C49-8040-245D37222F86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{30ACC688-08D3-4B38-AC68-3F829CEBE26B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{35DFBA68-E445-4FA6-AD46-363FBA0C8D93}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{3756C372-E75C-4F2B-8565-649EDF0FB1C4}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{39167BE9-6CB4-4AD4-A2CB-8FB1BEB2E9AF}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{3CCF5EF8-125E-4477-9E54-97C79BD45560}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4142AB31-463E-4AE4-8E2F-42F8BDB5454E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4158D010-3223-493F-9219-1D3D3B64FFAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F559DA0-5EDD-4E16-A9A1-35396AA805AA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4FC83398-0A46-49D1-9A3B-C1941BBC566A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AFA06A6-2E3B-4FC8-8469-CEDCF768038A}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
"{5C10DB2C-B529-4CC4-B3F1-56D6CF8323A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7363FB2B-5780-4B83-B53B-2B5B9C45377F}" = lport=139 | protocol=6 | dir=in | app=system |
"{73AB3D8B-4A67-4DBE-8289-67A313B4A070}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7510F71B-3A18-4EDE-9F11-39094F724E0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7C735F7C-E9F5-4FA4-A51B-01CFAC11C235}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{7F85678A-EAAA-4BE9-BAFF-BA9AD5ED91F1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{86D20B85-FCEE-4FA4-9EF2-F0E2ED673C00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{887EF69C-6A48-4022-AAC5-8E3C039BC44D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91B1A1EA-D08A-49B8-AAE4-94C8C7DCC863}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96D5E214-3BAC-4E25-8B1B-32CA3600ACD3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99039C1F-97D0-44D2-AB6C-80CAA9FAE827}" = rport=139 | protocol=6 | dir=out | app=system |
"{9C47E243-E379-4210-8668-A2C7E997AA2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{9DDB4DF1-1E85-444C-8A4D-70191DBD81ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4015CEE-C98C-4EF5-8476-1E399796EC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADBCE9FD-44A9-4F65-9D9D-EBDEB3FFE96C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFADDF23-5D70-402F-B2F3-4E5846038F01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDD48FB9-F456-47CB-8A54-24BF6116092D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C043112D-FCD5-4F70-A22E-28C65DCE13F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C057E302-7A49-4AA7-B143-F757EC569BF4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C914ADD7-26E3-43AC-B34A-7CDB6191E465}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{CCDBF3F6-C066-41AF-9FE9-3EEBD245A065}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD35EC22-42D1-4ED6-8CE1-5596C4F7F079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAE0C21F-6AF6-41DA-8CE6-87E4CEC8C920}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF5E735-9BE6-4F88-A206-38BCDE70D233}" = rport=138 | protocol=17 | dir=out | app=system |
"{DCF8BD59-8F67-4007-9B6D-74A4AC5C99D9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DFD7D73E-C392-4B76-9034-13B0E91B9857}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
"{E0AFF66E-8DC0-4D94-9D36-2B888D71EC88}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E57A6DF7-12CB-4F2A-A397-2C5D06CACA7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E59102B3-2B09-4F34-B1C1-3B5ADB3EEAEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B111EB-9B47-4E42-97A6-E3E6BCCA6BC8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{01E865AF-9C74-4CF7-B95A-0CF3447A2392}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{024831F1-8F3F-40AF-938F-865EE08AACA7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{05D0BB79-00BC-4487-B522-D4D2980FDF07}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{06440FD3-7B82-4873-9A55-9928AF047FC4}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{06605606-0631-4419-8825-DE4B63836239}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{0683E1D2-044D-443A-A2D3-CAF9997EA967}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{0756FA90-8989-44BF-817D-64509B8B0D1F}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{078A2C10-9A9D-4B6C-AAF4-23E706FE9A2B}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{07F40082-4E26-4DA1-83F1-F22537F890F4}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{0B3A3350-5DD3-448A-BDD1-883B8B3222F4}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{0BE4C23C-8CA7-4DD8-B84B-F403203F8EDB}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{0D369716-4A2E-46F6-A5AA-152F7EDBEFA2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0E48CF51-D782-4BF4-9030-B269E3C4EC70}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{0EA87A4A-35F9-4A05-992B-D77005BE4267}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
"{0EE9F0C6-3F7B-42AF-90D6-21849F933C8E}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
"{0F1176AC-E8AE-4EE2-BC31-B9817794E3F2}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\ppliveu.exe |
"{0F311545-8265-43B6-8F85-FCAC13DF3CB1}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicupdate.exe |
"{12655268-8915-4360-8A1C-49726B5E4A14}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
"{1291AB49-47A4-4836-BBA4-C94526BD4937}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{135F20D8-5899-40B0-876D-3503B9A71776}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{1497EF66-DD1E-42B6-AF5F-AEED623BA19E}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{151D1994-21C2-4ECC-85FB-894AA99B02ED}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\ppliveu.exe |
"{15D89F38-BF07-4FE3-884B-C2706F30C223}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicie.exe |
"{169E8D43-1BC6-4E5A-BF2D-15596F080505}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16D3718C-6696-492B-B10A-5B1496699009}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic\qzonemusic.exe |
"{18D1D7A2-60F7-4A19-9BAB-CAFBDD7539DD}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{198B383D-D900-4C47-9DA5-EF52ACB49848}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{1A40AC98-3AE7-4432-8EE2-502E2A114861}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{1B5FDF5B-2353-45BC-B3C0-B77A628DA841}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic\qzonemusic.exe |
"{1C04D690-12C2-4469-9F62-7B12A8B46ADD}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{1C83E579-5A34-4A32-B729-F0EEFDF88C12}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{1C99AA0B-124D-49DB-A897-B7BD60DAF174}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{1CF2F001-16C0-49A3-BAB7-0F27C075CCB2}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{1D34C108-064A-44BC-81B0-A7D6BAC843B5}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{1F3D8463-17A8-40E9-8CE7-5455FCD2E9C0}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{208EFCF0-9DB6-4E04-952E-97E6275EB82A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{20F16ED3-0AA2-4DB5-B9EF-913DFE728BBB}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\ppliveu.exe |
"{22D9CC4C-CEE8-4577-A296-4C83FF74C15D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{23F37FB7-BD57-4285-9EA0-B433BC7A712F}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{24426076-7B28-4495-B79E-49460A2BB3C5}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
"{25019BF0-236E-4A9F-BF56-9F685B5B51A6}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{2653DAAD-44A0-4AE0-82A9-D66E88BA74A6}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
"{265EC563-FB2A-4650-B310-5BB2D1DC8015}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderliveud.exe |
"{269F1D12-C60C-4AD7-9521-D94C74355093}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
"{26FE773E-1C17-472F-95B3-5A071261FA68}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{273EBA5E-3286-4D99-B3ED-C6F0C0E486D6}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\crashreporter.exe |
"{282B2178-FB03-4083-99A8-8A10DEA8010B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{286048F4-B6DE-48CE-A8D8-3BFB8EE3B7AF}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{2A57D422-2AC1-4559-8534-8388AA470557}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
"{2B1E3DCC-6065-442C-980A-D316F4EAD681}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{2CB1358D-3FF8-4F73-B4BE-AA5A0B28009D}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{2D26548B-F34C-4B57-8122-3223BB98A4E3}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\xlbugreport.exe |
"{2D2AFA9F-7458-4E30-80B7-7E63B0242DD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{2E484B57-F98E-475E-9B62-4B8292098EB2}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\crashreporter.exe |
"{2F640710-4CEF-4BF0-9176-465843041B29}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{3106623F-894E-460C-8186-FD7BA1043A1A}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\setupex\qqsetupex.exe |
"{36D18A47-B585-4676-A338-C4378C3C9416}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{375B5E02-3E45-487E-A4D1-EDC8547BCDDD}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{38DDAC88-66DF-4C94-8627-25735023B81C}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{3BB9C162-1C4A-4D57-A3BC-1C49C3DAAB72}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
"{3BE9B834-9436-4924-9CD2-7256F41C55F7}" = protocol=17 | dir=in | app=c:\users\rosalie blythe\appdata\local\temp\qqpcdetector.exe |
"{401285A5-2E29-4B72-B082-555CEAAC5967}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{41C77756-8E6F-461C-ACD4-319C8860269E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41D46263-07BF-4147-810E-8E8D9D6B6FA3}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{438F904E-A87E-4404-9387-9C61594A370B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{44145E59-C211-4806-B2EB-4467B53294CD}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{44320236-FAF8-4C15-A4EF-292D1CD8150B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{44557529-750C-426C-8A5B-4643543276B3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{45A1FD17-2D72-4B56-9292-3D664A4B69B5}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{45D38DBF-48A0-4CD7-AE18-D4A8BF076007}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{468B2855-F7CD-4FEA-AB50-678037A0DF9A}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{46CE7219-755F-49E8-9BD3-C80779C2004C}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{474BD6BB-A39F-4CC7-A149-AAC7D06B1C1A}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{4A630038-E9B1-47DB-8E90-9E9CFE3DD408}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{4BA747CD-539F-4550-816A-2CCA27E00EA0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{4C1E48AB-826A-49A5-A340-3B4E5398B2B8}" = protocol=17 | dir=in | app=c:\program files\online services\aolca\installaol.exe |
"{4D090001-D991-4B4A-8136-49ABA234967F}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{50F11FC2-CCE7-4315-802E-AC116C2307AF}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{5135439E-81D7-45E4-819C-D15D5B13CE9C}" = protocol=6 | dir=out | app=system |
"{5177BBA1-E669-4AA8-A034-D07F810236F3}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{52AD5094-2D52-4CAD-A43C-11976B503BAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{530933F0-587F-42B0-8588-A27DC731C8B7}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{534A76F6-E78F-4EA7-B19B-8493BE64BF58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{535573C7-4843-4235-89EE-B08ECF5C069A}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
"{5572E4BC-7A10-4D47-A6D3-009D2FD28C50}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{55EF55E6-9989-4BA5-9AF0-535B9803B950}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{56215D21-FA4B-4632-85BD-89AFE5127AE0}" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\107\tencentdl.exe |
"{5795DB26-F5B8-4ADF-A23A-5E1F2A4C73F8}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
"{596AF275-1EAE-48C9-874E-979DC02594E4}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\ppliveu.exe |
"{5F64D5EA-1528-4FEC-83BA-AF69CBC7610F}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
"{608293C1-3B25-4A45-B64C-D7973D1641AB}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{60BAAA64-A87F-4FF3-B96F-E65F771B23E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6200FD58-36E1-489D-910B-917F87BB97AE}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
"{63D534D9-0868-4C2B-946F-6824832289D2}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{63F5A44E-44CB-486C-B3E5-4F69488CF2F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65C7E1D1-0951-495F-82E0-EB3B277F1F62}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{666C9A6C-73F1-4E6F-853A-76B710B43797}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{667C4045-8DC5-48CA-903C-5EDDCE4E3F82}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{6689FC36-995E-480A-9C20-5164E7E7F753}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{66E6023B-5AA8-4D3B-AFDA-54FC7CD84AD9}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\repairsetup.exe |
"{66F00ED5-E790-4FFB-A01C-F6AC2B020CD8}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicie.exe |
"{67AF3FB3-961D-4EB6-8585-AEFF0AA70058}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{694034F6-0D54-46D7-A1EE-7FE8126A9DC1}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{698698BD-6F96-4465-B6AD-442432B93BC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{69972C9D-EF45-4E51-A58F-7618DEB4AF8A}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{699CAC42-048F-45F2-8866-506D86DAF98D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{69B141DA-B790-4CC1-B069-8EA650E9A7D3}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{6A40FB88-D816-441A-82B5-DF0CF99CA7A9}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{6D548B47-DFD9-45AE-BA21-DF87A28AF8DE}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{702879E8-2DD0-453F-A2E4-0E0A9E427768}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{710A43F8-0C31-433E-94FE-18F5DC01B2C7}" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\local\temp\qqpcdetector.exe |
"{71183EA3-9BDD-41EC-A58F-027DBA5F2BC1}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{71292472-9ABE-417C-B0D4-9F9AC880BF1F}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{721C7925-E94D-4AA5-B7BB-D95F38F95EC6}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
"{73A6617F-D83D-4A18-AE86-B4E3DD69F60E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{769D95E2-DB83-422E-8463-DB9F52E5DA15}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{79DC29E7-88B5-4904-810D-3A6762B61347}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\txupd.exe |
"{7C7EA3EF-76E3-4D8E-B6E8-3766CCB76061}" = protocol=17 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
"{7CE61D89-A85F-49D9-91F4-8D823EF77FDA}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.3.3254_2\program\xldoctorui.exe |
"{7CF1E56D-6BBB-4CD9-846F-9B5A79013B93}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
"{7D1D23B9-91B3-4E0B-896A-DC8A6BA34F95}" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\tencent\qq\stemp\setupex~0\qqsetupex.exe |
"{7D460178-6C4C-4AA2-A863-51740976B835}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{7E40B1DD-1EB0-4415-907D-C17D90B2B6C9}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{7E6D97F5-45E7-473A-A79E-08748D61DBB2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7EA43EC0-7A11-44D4-9D86-8D12E4DBA1E6}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\repairsetup.exe |
"{7F2A4FF9-E448-4FF4-BE1A-D7C1F82EAE3C}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{7F69EEB7-6B16-4A22-BEE2-2AB76E7994B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8098454F-58FE-4966-BE65-C028B6DE4252}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{837BD833-266F-43FA-B009-6FFDC48CDD99}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{849B832A-9595-421C-B14D-E077802D0BE4}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{8613A1C2-8A93-4C66-9EDC-5829C8D9082C}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{86BEFC81-91DC-4643-86B6-89A44C4E7C06}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\setupex\qqsetupex.exe |
"{870C2032-7017-4C52-8825-26F72571EF8A}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"{8758453D-F198-499B-9A41-0D089606515C}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{881E78B1-B448-4F01-A19C-4633BCBE77C8}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"{89333795-907B-4087-A866-03876031DDEE}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{89C652DF-AA68-4295-A36D-28723336195F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B7D7DA8-F7F2-46FB-95C1-E91DAAC3E8BE}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{8BD7902B-3969-4FA5-A8F4-9FB317CCD5DA}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8DD744EA-3307-4823-9964-4B8952F2C8EE}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8DFEFEB0-9CC0-4F70-A34F-56C724973447}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{8E28C663-AB09-4467-9EEC-927E66CA736D}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
"{8E9BF434-00C0-4AC9-A5A9-B0362FC28513}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\txupd.exe |
"{8EE2E95E-718F-4C8A-8BE8-E12A474719FB}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"{90BCB571-CE06-4E2B-BFB6-DB08E8502906}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{9120C562-0EB5-4F1A-A941-525E664A4AFD}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{91F572CA-E8F3-4F22-9A13-DCC402409C20}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{9241B653-B737-467F-A587-832C3BD65018}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9337A8A7-6E13-4C17-BF32-B8A7D574152D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9427FB42-8C16-4FEB-BC2C-7C90BC9C64D8}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{9457A587-B74F-4270-95AC-21C7AFF51162}" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\107\tencentdl.exe |
"{9536C406-8BB8-45B2-82AA-895615CCDB5F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{96BBCF76-147A-4623-B36F-2CE5A7EB914B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{971C516E-3AB8-4D3E-B603-0136A092883D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{98A663B6-BAE1-47A5-B390-55DAC7D23E2F}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
"{99310EE1-D5B8-42DA-9AE5-8F80D1C7FFA5}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{993AA46C-701F-420D-A6EB-4D49DB021D62}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{9BFE2B97-DDB2-4CB2-94E9-B44C73869A4F}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{9D621559-E19A-4505-9DA7-E540F9F5A7E1}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{9DB20958-5395-44E1-A17D-2006B7DBF9A2}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
"{9E43B11E-B78A-4D63-8518-985B039A2A8C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9E4982E2-B84B-497D-B119-7C35DD40BF05}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
"{9E74294C-FC61-4D4D-905B-30F6EFA58A62}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\crashreporter.exe |
"{9F8BA50B-294A-4C88-9D04-8638718FA19F}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{A031AC8E-257A-487F-A704-2CEA225EDDC6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{A0498254-BEE4-4CAA-80EE-12F014D393B8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A1826D5F-2BCD-4479-8B0F-6784DF10BD0E}" = protocol=6 | dir=in | app=c:\program files\online services\aolca\installaol.exe |
"{A3AFD66E-5ECA-475F-8A40-3845EAF0643B}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
"{A4F720AF-51E1-469C-ACD7-1F67FC9754ED}" = protocol=6 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
"{A6138E7A-CCBD-4B12-B269-176167E5B729}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{A6A73347-563E-4FC1-8CCE-72A265B745D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A70A5276-8591-456C-863D-DBC5CC663651}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{A97F8986-2F2C-4624-B636-BB073281331C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB0489D8-E025-4DBE-85CF-04B6F5CAC27B}" = protocol=6 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
"{ABA0ACD8-7FC3-43D1-8A46-4D80E7B59A0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABD81F02-1ED8-4F8A-B377-7C62F6BB7798}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderliveud.exe |
"{AC285BDC-8007-482C-A4CB-90FCE2A40D48}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicupdate.exe |
"{ADC2E742-14CF-48C8-A3E8-8874677C44C7}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{AE55150D-F695-4B8B-B2C6-7148B21DC29E}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{AF07D895-93F8-4538-BB5B-BDC1C538FC69}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
"{AF38DB6D-60D8-4F50-B94F-495C2F93DDF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{AF799F22-05CB-4D17-8CCC-9E553BE299E6}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{B1000F5A-BA79-4301-90B4-4553E270ED77}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"{B42D2F75-2483-488C-895C-0227A8B55B7D}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\xlbugreport.exe |
"{B4686751-9F30-4F1A-B61E-C0CD48394C1D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B47F24D6-3892-434B-BF2F-90A5349FFBB5}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{B6F6F7CF-6DA1-4621-800A-F0D450DF55DA}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
"{B816AB10-C5A3-409E-B978-3AFD76434D9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BA64FB54-3DF1-403C-8770-207C2613E234}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BDC2F45B-D3D9-431F-B7C7-B561C6228DDD}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{BF972230-2FC8-4C8D-931D-F93B1B32FC8C}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{BFB8231B-00A1-4261-A6B1-3F3B5EF808E9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{C02DE3E8-B092-47EA-91AF-D29F26AF6870}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
"{C06D4C83-EBEB-414D-822F-49968D6B76C7}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C1FF4727-4CD8-45D8-9BD9-5135ABF4C32A}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\repairsetup.exe |
"{C220655F-FEA4-496E-9BD5-DAF66D5394DF}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\crashreporter.exe |
"{C4A1E181-C50F-4929-B6F3-0941A2B73323}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{C5232335-CB23-4784-87E5-C24C8366ED66}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
"{C53EDB2C-B681-4EC2-AEDF-AD0F098F9B92}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{C57D1ABA-82F1-4DFA-AA62-1691E4E7C18F}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{C5E47846-C2EB-4B0B-8AA7-80A125DBF2AF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{C6E7BDB3-7887-451E-B949-E29048F31FC2}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{C734591E-12CC-4BC1-AE36-0398A3C45D5F}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.3.3254_2\program\xldoctorui.exe |
"{C757CABE-0D88-45E3-847E-CD94642584FA}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
"{CBB325A5-3E75-4275-A1D0-DB520BF93A2E}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{CC12FFA7-B432-40F2-9065-0B19DE3DBD99}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{CCA30264-0867-428D-8A7F-F2B677867F73}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CD8D2471-00DF-4050-9405-552649E964B3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CFC08325-063E-4093-9708-17E5E9DC2D6B}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{D0A02A28-8DEC-4E59-BD4B-6787E98D75FB}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{D23C5700-2837-451E-8A68-F6D2EFCADB83}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{D2864757-6B95-42AC-8E6C-FA8524120A10}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{D2F78A07-2613-4F81-8C12-E4F41EF8BFDA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{D3EF2D49-2301-4102-A9E3-11AF919FE594}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"{D4034363-38C1-4891-94D1-4D6E044145D3}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"{D52E0EB2-92E7-4695-87C1-4FB55C813F2C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D6A320A1-551D-4BDD-B455-D763940EEE69}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D75AEA89-12F4-4AED-B4AB-DA6167A94E63}" = protocol=17 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |
"{D806571D-EE61-4632-BF71-C695BDB5E642}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{D8178046-E5B9-4681-89AB-EAFC0964D367}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{D9284DDD-1C1B-4D0E-8E3A-C51E89EC4632}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{D9336771-847A-4FFB-8392-AB6C476DB6A9}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\repairsetup.exe |
"{DACD0559-2C49-4BDB-B4BD-30A642643639}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
"{DB5AE4E8-4ACE-4EED-94EB-FA7591E7CDFE}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
"{DC5D8BF9-5381-4628-973A-B4F2E82D838D}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"{DC750C0A-41A9-4833-BB23-29ED52686CDB}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{DD786FC7-E03D-44C9-BE75-A5305FAD6277}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DE512A20-9491-452F-BFDE-D127395456D5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{DF853603-C477-4CB1-90A3-5520757500E6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E0F2C2AB-0292-437C-AA51-EB5B32723680}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{E292AF89-9092-4989-936E-884E32F0C93D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
"{E2B51135-37EB-494C-A052-2DDC2BC43BA8}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{E2F91F79-9D76-4EC6-8B18-90AAF87C8317}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
"{E336C038-209E-436B-87CA-40443C08DA20}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E339010F-92A8-4DC5-B829-532044E3B4BA}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicatorcom.exe |
"{E4673728-CAC5-4229-9C9B-6703FC132D65}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
"{E4A592E7-5AE6-4DD1-A7A5-A0DD3D7A04D7}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{E5821699-79D0-4074-8665-A971AF74F3F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E6D02784-EB54-45DE-98B0-68B801B2BE04}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{E708C471-0355-4135-AA68-88A3FAB506A5}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
"{E742AB32-B7CE-469A-82D0-04E8BE7DD4D2}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{E9A1AEF7-ED60-4CF1-A7A5-A595DF59967B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EC19D23F-1176-42A1-B16D-CD167499F7F5}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
"{ECD3E7E8-F2BE-4ECF-94AF-AC5F2679FCD8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{EDD7BBFE-83A3-4419-9FE7-1190E6E6DA2A}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"{EE3BFE01-44F3-4F47-B70C-6BB3B8C5BEE3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{EF8C4854-0459-437D-B433-A26DE7601345}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{F24DE767-4A0D-4E8A-AA9E-FC6188F1DE87}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{F3A2331A-5E3F-40B7-9075-8F2E0A6C4030}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
"{F5BE8624-B53A-40C3-AF27-3371ECA6F2E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F64E870A-2823-44EE-B271-EA523FEE34B0}" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |
"{F6822360-F458-49EA-AA07-448143BAA485}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
"{F6BA9DF9-0C8F-4AA7-A155-CB086D89AF3B}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"{FA7872D5-E9F7-4A92-B4A0-8A2E0E2FAC52}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"{FB7368B3-59F0-443B-AD07-A9A758328A8E}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{FBC71D00-0E5B-48D3-87B9-83E69E5A2587}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
"{FD1B0000-829E-42F7-8FE9-8010BFF2F274}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
"{FDAE412D-8D26-42E6-8621-69BB70733570}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"{FDDE5E84-B1E8-4A2D-8A51-0D8DF8A7B43B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
"{FE611700-D79A-4572-BF83-19E6ACEE5ED3}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
"TCP Query User{1AAB9D36-3CC9-4EEC-8055-851FCC4D8C24}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{1B556DD7-E413-4DE3-8F4D-8EA897574971}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{427F7BA6-2F40-4FA0-A03D-BC62AB4B3D04}C:\users\guest\appdata\local\temp\fgcn_349.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\local\temp\fgcn_349.exe |
"TCP Query User{541FAACD-6DD1-488E-B097-6C8734D8B4DD}D:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"TCP Query User{6635D274-36D7-46EA-91A0-CC57F427EAF5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8496D048-DFE7-4007-8F47-BEC827B218AF}C:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BF1F3079-B0D6-4D2E-A0ED-434BD3DCF08D}C:\program files\kuwo\kwmusic\bin\kwservice.exe" = protocol=6 | dir=in | app=c:\program files\kuwo\kwmusic\bin\kwservice.exe |
"TCP Query User{C34C91DA-29D9-4817-A6BF-A1658D36A9D5}C:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C52ACD9B-8234-40A7-8D3E-B4CD7D81BAF4}C:\program files\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files\kugou2012\kugou.exe |
"UDP Query User{14BFFBD1-F812-4B93-BD24-E9C7B7BD8914}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3F3959C7-9446-43F8-9DEE-F3FC16994127}C:\users\guest\appdata\local\temp\fgcn_349.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\local\temp\fgcn_349.exe |
"UDP Query User{46EC0B6F-1F8F-4A78-8FA7-9D464D6AD18F}C:\program files\kuwo\kwmusic\bin\kwservice.exe" = protocol=17 | dir=in | app=c:\program files\kuwo\kwmusic\bin\kwservice.exe |
"UDP Query User{58B0876D-7069-4EE0-A092-5104B91D28F1}D:\pps.tv\ppstream\ppsap.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"UDP Query User{5C27CE33-0678-468C-AA3C-991B50C04620}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{5F3DB729-4AB3-4B89-9DAA-6270EB310E0E}C:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6D158A1C-BAFA-479E-8FA7-7E4BCE73BA0C}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{AA728A27-D4FF-4A00-B623-9CE2DFB83B28}C:\program files\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files\kugou2012\kugou.exe |
"UDP Query User{E6E3886C-CC7D-4344-AA0D-091FC169D9B0}C:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01AD248D-2189-4B91-BBF4-929C72154DF3}" = HP Officejet 4620 series 基本裝置軟體
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 騰訊QQ2012
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10EF35CA-C694-42DD-AA45-0585135ABD31}_is1" = 蹄僩秞氈2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
"{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}_WORD_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROPLUS_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}_WORD_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0404-0000-0000000FF1CE}" = 2007 Office system 相容性套件
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROPLUS_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}_WORD_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROPLUS_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0404-0000-0000000FF1CE}_WORD_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A9461747-B8C2-446E-B335-B39385284226}" =
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
"{A690BBE7-2548-4FC4-AC8E-502C0123B81B}" = Soluto
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C3AD9933-EF84-4226-B906-0E0578B14248}" = WD SmartWare
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C7B1C030-8B9F-48A2-91E3-6999FC624AE5}" = YTD Toolbar v6.9
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2464E10-4895-441F-8CC3-0A898D2E8F01}" = Microsoft IntelliPoint 6.11
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB61B60D-1443-41FA-BBD7-BCD8217551B7}" = QuickBooks Premier Edition 2010
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype(TM) 5.10
"{EFC0BA9B-F472-4559-B655-9C47281F9483}" = WD Security
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PPLive" = PPTV V3.2.0.0042
"PPStream" = PPStream V2.7.0.1236 Final
"PROPLUS" = Microsoft Office Professional Plus 2007
"QQMusic" = QQ音乐 2012
"RealPlayer 15.0" = RealPlayer
"Recover Files_is1" = Recover Files 3.26
"Rhapsody" = Rhapsody
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"SupernaturalScreensaver" = SupernaturalScreensaver
"The KMPlayer" = The KMPlayer (remove only)
"thunder_is1" = 捃濘7
"uTorrent" = µTorrent
"vampire_diaries_ss" = vampire_diaries_ss Screen Saver
"VLC media player" = VLC media player 1.0.1
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.21
"WORD" = Microsoft Office Word 2007
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"迅雷看看高清播放组件" = 迅雷看看高清播放组件
"迅雷看看播放器" = 迅雷看看播放器

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 8/6/2011 20:32:53 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/9/2011 22:51:11 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24/11/2011 0:28:23 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1487
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 16/4/2012 21:41:10 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 44
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/4/2012 21:41:10 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/4/2012 21:41:10 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/7/2012 11:51:50 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/10/2012 17:42:17 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372
seconds with 180 seconds of active time. This session ended with a crash.

Error - 28/10/2012 18:03:35 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1267
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 15/2/2013 18:00:40 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 516
seconds with 180 seconds of active time. This session ended with a crash.


< End of report >
 
I couldn't find McAfee Security Scan Plus in my program list in the control panel>>uninstall program, what should I do?
That's fine...

I have to run a system repair, which leads to a system restore
Did you actually use system restore?
If so, how far back did you go?​
 
Sorry for the late reply, yes I did run a system repair, after window fails to start, but I don't know how far it goes back because there is just a pop up saying something like "do you want the system to restore?" it does not show me which restore point it uses to restore. I have no idea
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [On_Demand | Stopped] -- -- (Microsoft SharePoint Workspace Audit Service)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROSALI~1\AppData\Local\Temp\catchme.sys -- (catchme)
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll File not found
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
    O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
    O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101 File not found
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

======================

Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
This is done in safe mode (first attempt has failed so I did a hard shut down and do it in the safe mode)
All processes killed
========== OTL ==========
Error: No service named Microsoft SharePoint Workspace Audit Service was found to stop!
Service\Driver key Microsoft SharePoint Workspace Audit Service not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
Error: No service named cpuz135 was found to stop!
Service\Driver key cpuz135 not found.
File C:\Windows\TEMP\cpuz135\cpuz135_x32.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\ROSALI~1\AppData\Local\Temp\catchme.sys not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QzoneMusic\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
Registry value HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\Software\Microsoft\Windows\CurrentVersion\Run\\XMP not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ada Suk Yi Ma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kitty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rosalie Blythe
->Temp folder emptied: 42302 bytes
->Temporary Internet Files folder emptied: 399127056 bytes
->Java cache emptied: 974 bytes
->Google Chrome cache emptied: 98376902 bytes
->Apple Safari cache emptied: 150714368 bytes
->Flash cache emptied: 201269 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58037754 bytes
RecycleBin emptied: 1144450 bytes

Total Files Cleaned = 675.00 mb


[EMPTYJAVA]

User: Ada Suk Yi Ma
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: IUSR_NMPR

User: Kitty
->Java cache emptied: 0 bytes

User: Public

User: Rosalie Blythe
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Ada Suk Yi Ma
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Kitty
->Flash cache emptied: 0 bytes

User: Public

User: Rosalie Blythe
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02182013_184231

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.58
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2013
Microsoft Security Essentials
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Wise Disk Cleaner 7.21
JavaFX 2.1.1
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 18-02-2013
Ran by Guest (administrator) on 18-02-2013 at 23:44:50
Running from "C:\Users\Rosalie Blythe\Desktop\tools"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-15 11:10] - [2013-01-04 06:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
If I did not post the ESET online scanner result tonight, I will post it on Wednesday, I won't be at home on Tuesday, thanks!
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

redtarget.gif
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================

redtarget.gif
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Ada Suk Yi Ma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 10968980 bytes
->Temporary Internet Files folder emptied: 177723662 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2573 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kitty
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rosalie Blythe
->Temp folder emptied: 10251478 bytes
->Temporary Internet Files folder emptied: 99478046 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 65446596 bytes
->Apple Safari cache emptied: 1205248 bytes
->Flash cache emptied: 1691 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63729151 bytes
RecycleBin emptied: 1578984753 bytes

Total Files Cleaned = 1,915.00 mb


[EMPTYFLASH]

User: Ada Suk Yi Ma
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Kitty
->Flash cache emptied: 0 bytes

User: Public

User: Rosalie Blythe
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Ada Suk Yi Ma
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: IUSR_NMPR

User: Kitty
->Java cache emptied: 0 bytes

User: Public

User: Rosalie Blythe
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02262013_104702

Files\Folders moved on Reboot...
File\Folder C:\Users\Guest\AppData\Local\Temp\JET55C.tmp not found!
C:\Users\Guest\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
C:\Users\Guest\AppData\Local\Temp\~DFBE71.tmp moved successfully.
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJ7MCWOJ\T1fLk0XaVcXXbMsGbX[1].htm moved successfully.
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL0YF51Z\alimama[1].htm moved successfully.
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL0YF51Z\tanx[1].htm moved successfully.
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL0YF51Z\tanx[2].htm moved successfully.
File move failed. C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSYKOJZM\%BA%A3%CD%E2%BE%E7%B3%A1_%CE%D2%C3%C7%BD%E1%BB%E9%B0%C9(%BD%AA%B3%C9%E5%FB%D2%FC%B6%E0%D1%AB)_%BA%AB%BE%E7%CE%D2%C3%C7%BD%E1%BB%E9%B0%C9[1].htm scheduled to be moved on reboot.
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSYKOJZM\alimama[1].htm moved successfully.
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSYKOJZM\athena_simba_taobao_com[1].htm moved successfully.
C:\Windows\temp\etilqs_0PvTLLDbHJur8qsYgFum moved successfully.
C:\Windows\temp\etilqs_94gcftQiBFuJypvRm2ao moved successfully.
C:\Windows\temp\etilqs_sVouCGUzUKvyrl7fWXLb moved successfully.
C:\Windows\temp\etilqs_tgRlYryWXFqk8zfG1lKK moved successfully.
C:\Windows\temp\etilqs_Tn5pC9vlTO1Jn0YrPR9D moved successfully.
C:\Windows\temp\etilqs_XQcqzmtPKwQGUjkWnGgH moved successfully.
C:\Windows\temp\MpCmdRun.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
I failed to update these two: Adobe Flash Player and Adobe Reader...they said something is not supporting...I am using Google Chrome.
I will be back on Thrusday! Thanks !
 
For adobe flash player, it said "Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available." and for the Java Version "[FONT=Helvetica Neue]We are unable to verify if Java is currently installed and enabled in your browser."[/FONT]
 
Back