I think my HP desktop might have a virus

Solved
By Rosalie_Blythe
Feb 9, 2013
  1. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    # AdwCleaner v2.112 - Logfile created 02/15/2013 at 16:43:37
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Rosalie Blythe - HOME-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Rosalie Blythe\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\spigot
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
    File Deleted : C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\uTorrentBar_FR
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\Ada Suk Yi Ma\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Ada Suk Yi Ma\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Kitty\AppData\Local\Conduit
    Folder Deleted : C:\Users\Kitty\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Kitty\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Kitty\AppData\LocalLow\FunWebProducts
    Folder Deleted : C:\Users\Kitty\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Kitty\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\Rosalie Blythe\AppData\LocalLow\Search Settings

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar_FR Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\TENCENT
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851639
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3070524
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B02DD0B9-6CF4-4276-860C-12194F21026E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE773C73-5D1D-4D31-966C-240B7DABF120}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6533F74-218B-41BE-9D91-5BD471FECFFD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_FR Toolbar
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\TENCENT
    Key Deleted : HKLM\Software\uTorrentBar_FR
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Users\Kitty\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [8683 octets] - [15/02/2013 16:43:37]

    ########## EOF - C:\AdwCleaner[S1].txt - [8743 octets] ##########
  2. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.3 (02.12.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Rosalie Blythe on 15/02/2013 星期五 at 17:05:28.51
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
    Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\tencent"
    Successfully deleted: [Folder] "C:\Users\Rosalie Blythe\AppData\Roaming\tencent"
    Successfully deleted: [Folder] "C:\Users\Rosalie Blythe\appdata\local\tencent"
    Successfully deleted: [Folder] "C:\Users\Rosalie Blythe\appdata\locallow\tencent"
    Successfully deleted: [Folder] "C:\Program Files\tencent"
    Successfully deleted: [Folder] "C:\Program Files\ytd toolbar"
    Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 15/02/2013 星期五 at 17:13:56.22
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    My computer has been acting very weird, today it fails to start and then I have to run a system repair, which leads to a system restore...I don't know why is this happening
  4. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    OTL logfile created on: 15/2/2013 17:15:34 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosalie Blythe\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C04 | Country: HONG KONG SAR | Language: ZHH | Date Format: d/M/yyyy

    1.99 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.15% Memory free
    4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.17 Gb Total Space | 77.02 Gb Free Space | 26.64% Space Free | Partition Type: NTFS
    Drive D: | 8.92 Gb Total Space | 0.95 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Rosalie Blythe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/15 17:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rosalie Blythe\Desktop\OTL.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2013/01/20 14:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rosalie Blythe\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
    PRC - [2012/11/16 15:57:24 | 000,194,512 | ---- | M] (深圳市迅雷网络技术有限公司) -- C:\Users\Public\Thunder Network\XMP4\Core\Program\xmp.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/31 23:53:04 | 000,251,296 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
    PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
    PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    PRC - [2012/04/05 19:42:35 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    PRC - [2011/12/16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2011/12/16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
    PRC - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    PRC - [2011/12/15 09:25:28 | 003,998,616 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    PRC - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    PRC - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    PRC - [2010/09/30 10:47:44 | 000,093,360 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\ib\olycamdetect.exe
    PRC - [2010/02/23 22:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- D:\PPS.tv\PPStream\PPSAP.exe
    PRC - [2010/01/24 23:25:14 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
    PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/15 11:21:12 | 012,638,576 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
    MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
    MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
    MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
    MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
    MOD - [2013/01/15 02:48:29 | 000,444,816 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.2542\tipsclient.dll
    MOD - [2012/11/23 05:22:05 | 000,088,008 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.2542\tipsdone.dll
    MOD - [2012/11/16 15:34:30 | 000,100,304 | ---- | M] () -- c:\Program Files\Thunder Network\Xmp4\Program\XLBugHandler.dll
    MOD - [2012/10/31 23:53:22 | 002,298,768 | ---- | M] () -- C:\WINDOWS\System32\kindling.dll
    MOD - [2012/10/31 23:52:50 | 000,622,992 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\1.0.1.2542\MngModule.dll
    MOD - [2011/12/15 09:25:24 | 000,070,040 | R--- | M] () -- C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2013/02/08 00:47:52 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/31 23:53:36 | 000,492,432 | ---- | M] (PPTV) [Auto | Running] -- C:\WINDOWS\System32\PPTVSvc.dll -- (PPTVService)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/09/13 20:09:42 | 000,603,704 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/05 19:42:35 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
    SRV - [2011/12/16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
    SRV - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
    SRV - [2011/10/14 02:32:40 | 000,087,728 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
    SRV - [2010/01/24 23:25:14 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2008/11/18 16:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
    SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
    SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
    SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
    SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
    SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
    SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROSALI~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2013/02/15 16:54:20 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5F29F63-963A-4CCF-8BA7-66B233BDD57E}\MpKsl06f0eeb8.sys -- (MpKsl06f0eeb8)
    DRV - [2013/02/09 09:44:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2012/09/13 20:03:14 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\WINDOWS\System32\drivers\Soluto.sys -- (Soluto)
    DRV - [2011/12/16 13:18:56 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2011/10/04 05:22:16 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2011/10/04 05:22:16 | 000,077,624 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/03/19 23:50:50 | 000,391,168 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
    DRV - [2008/05/08 07:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/05/08 07:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2007/10/18 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/08/12 21:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2007/08/12 21:48:43 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\DGIVECP.SYS -- (DgiVecp)
    DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{1DDDACAD-50A5-43BC-801E-299A73ED35B6}: "URL" = http://search.live.com/results.aspx...entrypoint={referrer:source?}&FORM=HVDCS7
    IE - HKLM\..\SearchScopes\{4913D242-6842-44ED-83E3-10314985B43E}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
    IE - HKLM\..\SearchScopes\{9801283B-19A2-4467-933B-2B4FA0B412A1}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
    IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..\SearchScopes\{C4CAD18F-A5B7-43FD-9BFB-F40635AA946A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.2148\npplugin2.dll (PPLive Corporation)
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
    FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll File not found
    FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll ()
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(75).dll (ShenZhen Thunder Networking Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\@xunlei.com/KKVA: C:\Program Files\Common Files\Thunder Network\KanKan\npKKVA.1.0.0.6.(76).dll (ShenZhen Thunder Networking Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 08:06:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/24 08:04:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/11 17:26:05 | 000,000,000 | ---D | M]


    ========== Chrome ==========
  5. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    CHR - homepage:
    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
    CHR - homepage:
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: QQ2011 (Enabled) = C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll
    CHR - plugin: NPTXSSO Dynamic Link Library (Enabled) = C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.36\Bin\npSSOAxCtrlForPTLogin.dll
    CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.4.(269).dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.1717\npplugin2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: QQMusic (Enabled) = C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll
    CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: YouTube = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Showwall \u660E\u661F\u52D5\u6F2B\u684C\u5E03 = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpccflpmccajjbiloadclfaelnegbf\1.2_0\
    CHR - Extension: Google Search = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Hello Kitty = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mioiobnjjjgemkflahplehgpkbjcojld\1.1_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Unblock Youku = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.1.5_0\
    CHR - Extension: Gmail = C:\Users\Rosalie Blythe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/02/15 12:27:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (VideoUrlSniffer Class) - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Users\Public\Thunder Network\XMP4\Core\Program\VideoUrlSniffer.2.0.3.100.(71).dll (深圳市迅雷网络技术有限公司)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (BrowserHelper) - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll (TODO: <Company name>)
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.3.3254.dll (深圳市迅雷网络技术有限公司)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
    O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
    O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101 File not found
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rosalie Blythe\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rosalie Blythe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: OldEnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &使用&迅雷下载 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
    O8 - Extra context menu item: &使用&迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
    O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm ()
    O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
    O9 - Extra Button: 迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
    O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.197.191.194 38.117.85.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54C2B5EC-D81C-4B8C-9CB0-B146A3BC081D}: DhcpNameServer = 204.197.191.194 38.117.85.2
    O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
    O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
    O24 - Desktop WallPaper: C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/16 13:06:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/15 17:14:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rosalie Blythe\Desktop\OTL.exe
    [2013/02/15 17:03:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/15 17:03:12 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/15 17:01:43 | 000,547,384 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rosalie Blythe\Desktop\JRT.exe
    [2013/02/15 14:28:31 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\AppData\Local\ElevatedDiagnostics
    [2013/02/15 12:46:21 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\AppData\Local\HP
    [2013/02/15 12:33:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/02/15 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\AppData\Roaming\PeerNetworking
    [2013/02/15 11:37:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/02/15 11:37:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/02/15 11:37:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/02/15 11:36:24 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/02/15 11:35:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/02/15 11:33:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/02/15 11:28:19 | 005,033,715 | R--- | C] (Swearware) -- C:\Users\Rosalie Blythe\Desktop\ComboFix.exe
    [2013/02/13 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar(47)
    [2013/02/13 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot(33)
    [2013/02/09 18:02:41 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\Desktop\mbar-1.01.0.1020
    [2013/02/09 17:22:23 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\Desktop\RK_Quarantine
    [2013/02/09 10:53:40 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\stcusb.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\pscr.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | C] (SCM Microsystems) -- C:\Windows\System32\drivers\zh-TW\SCR111.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | C] (OMNIKEY AG) -- C:\Windows\System32\drivers\zh-TW\cmbp0wdm.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | C] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\gpr400.sys.mui
    [2013/02/09 10:53:40 | 000,002,560 | ---- | C] (OMNIKEY) -- C:\Windows\System32\drivers\zh-TW\cxbp0wdm.sys.mui
    [2013/02/09 10:53:39 | 000,003,072 | ---- | C] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\grserial.sys.mui
    [2013/02/09 10:52:33 | 000,003,072 | ---- | C] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\zh-TW\ntrigdigi.sys.mui
    [2013/02/09 10:52:30 | 000,004,096 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\zh-TW\yk60x86.sys.mui
    [2013/02/09 10:46:26 | 000,005,120 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\zh-TW\ltmdmnt.sys.mui
    [2013/02/09 10:46:17 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrSerId.sys.mui
    [2013/02/09 10:46:17 | 000,002,048 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrParwdm.sys.mui
    [2013/02/09 10:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\0404
    [2013/02/09 10:44:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\0C04
    [2013/02/09 10:44:48 | 000,000,000 | ---D | C] -- C:\Windows\zh-TW
    [2013/02/09 10:43:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
    [2013/02/09 10:40:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
    [2013/02/09 10:40:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\zh-CHT
    [2013/02/09 10:40:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\Windows System Resource Manager
    [2013/02/09 10:23:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\Vistalizator
    [2013/02/09 09:44:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2013/02/02 02:30:02 | 000,000,000 | ---D | C] -- C:\found.001
    [2013/02/01 13:56:29 | 000,000,000 | ---D | C] -- C:\Users\Rosalie Blythe\Desktop\TVBOXNOW 宮
    [2013/01/21 08:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign

    ========== Files - Modified Within 30 Days ==========

    [2013/02/15 17:25:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{45D4C764-4362-407E-9FCE-066735E027A3}.job
    [2013/02/15 17:15:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rosalie Blythe\Desktop\OTL.exe
    [2013/02/15 17:02:07 | 000,547,384 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rosalie Blythe\Desktop\JRT.exe
    [2013/02/15 16:56:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/15 16:50:03 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/15 16:50:02 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/15 16:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/15 16:45:19 | 000,000,104 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/15 16:35:39 | 000,587,671 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\adwcleaner0.exe
    [2013/02/15 15:47:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/15 14:01:27 | 000,450,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/15 13:28:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/02/15 13:21:13 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/15 13:21:13 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/15 12:46:28 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
    [2013/02/15 12:27:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/02/15 11:56:31 | 000,024,109 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Roaming\UserTile.png
    [2013/02/15 11:30:44 | 005,033,715 | R--- | M] (Swearware) -- C:\Users\Rosalie Blythe\Desktop\ComboFix.exe
    [2013/02/13 17:03:08 | 000,000,047 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Roaming\CoreAVC.ini
    [2013/02/10 14:25:06 | 000,000,680 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Local\d3d9caps.dat
    [2013/02/10 01:39:39 | 000,068,585 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\未命名.jpg
    [2013/02/09 16:07:27 | 013,711,621 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\mbar-1.01.0.1020.zip
    [2013/02/09 13:38:41 | 000,000,584 | RHS- | M] () -- C:\Users\Rosalie Blythe\ntuser.pol
    [2013/02/09 13:38:39 | 000,000,210 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2013/02/09 10:53:40 | 000,003,072 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\stcusb.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\zh-TW\pscr.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | M] (SCM Microsystems) -- C:\Windows\System32\drivers\zh-TW\SCR111.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | M] (OMNIKEY AG) -- C:\Windows\System32\drivers\zh-TW\cmbp0wdm.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | M] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\grserial.sys.mui
    [2013/02/09 10:53:40 | 000,003,072 | ---- | M] (Gemplus) -- C:\Windows\System32\drivers\zh-TW\gpr400.sys.mui
    [2013/02/09 10:53:40 | 000,002,560 | ---- | M] (OMNIKEY) -- C:\Windows\System32\drivers\zh-TW\cxbp0wdm.sys.mui
    [2013/02/09 10:52:33 | 000,003,072 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\zh-TW\ntrigdigi.sys.mui
    [2013/02/09 10:52:30 | 000,004,096 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\zh-TW\yk60x86.sys.mui
    [2013/02/09 10:46:26 | 000,005,120 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\zh-TW\ltmdmnt.sys.mui
    [2013/02/09 10:46:17 | 000,005,120 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrSerId.sys.mui
    [2013/02/09 10:46:17 | 000,002,048 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\zh-TW\BrParwdm.sys.mui
    [2013/02/09 10:44:04 | 000,116,092 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\re.jpg
    [2013/02/09 09:44:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2013/02/01 12:29:17 | 000,027,681 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\cEbm9.jpg
    [2013/01/31 18:25:53 | 000,000,962 | ---- | M] () -- C:\Users\Rosalie Blythe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/01/31 18:25:42 | 000,000,948 | ---- | M] () -- C:\Users\Rosalie Blythe\Desktop\Dropbox.lnk
    [2013/01/21 17:24:19 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job

    ========== Files Created - No Company Name ==========

    [2013/02/15 16:43:57 | 000,000,104 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/15 16:34:09 | 000,587,671 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\adwcleaner0.exe
    [2013/02/15 12:46:28 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2013/02/15 11:56:10 | 000,024,109 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Roaming\UserTile.png
    [2013/02/15 11:37:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/02/15 11:37:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/02/15 11:37:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/02/15 11:37:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/02/15 11:37:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/02/10 01:39:39 | 000,068,585 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\未命名.jpg
    [2013/02/09 16:04:32 | 013,711,621 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\mbar-1.01.0.1020.zip
    [2013/02/09 10:41:53 | 000,116,092 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\re.jpg
    [2013/02/01 12:29:02 | 000,027,681 | ---- | C] () -- C:\Users\Rosalie Blythe\Desktop\cEbm9.jpg
    [2013/01/21 08:10:40 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
    [2012/11/12 20:46:57 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
    [2012/10/31 23:53:22 | 002,298,768 | ---- | C] () -- C:\Windows\System32\kindling.dll
    [2012/10/27 07:04:54 | 000,000,680 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Local\d3d9caps.dat
    [2012/05/07 11:51:10 | 000,000,047 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Roaming\CoreAVC.ini
    [2012/04/23 21:09:30 | 000,010,240 | ---- | C] () -- C:\Users\Rosalie Blythe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/23 20:39:53 | 000,000,584 | RHS- | C] () -- C:\Users\Rosalie Blythe\ntuser.pol
    [2012/01/20 17:29:25 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/06/11 15:53:18 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
    [2011/05/15 02:13:53 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
    [2011/03/21 16:15:18 | 000,000,210 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/09/30 21:24:17 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    ========== ZeroAccess Check ==========
    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/04/20 15:07:02 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Ad-Aware Antivirus
    [2012/04/20 18:09:48 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Auslogics
    [2010/04/04 21:41:34 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\AVG9
    [2010/09/30 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Blitware
    [2010/12/25 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\GetRightToGo
    [2012/09/13 16:26:09 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\KuGou7
    [2010/04/10 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\PlayFirst
    [2011/09/01 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\PPLive
    [2012/04/20 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\PPStream
    [2010/04/02 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Snapfish
    [2010/09/30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Soluto
    [2010/10/15 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\SuperMP3Download
    [2012/04/14 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Tencent
    [2011/06/23 17:54:01 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\UDown
    [2012/04/09 01:14:36 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\uTorrent
    [2010/04/05 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\WildTangent
    [2011/05/20 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\WinBatch
    [2012/04/20 19:30:41 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Wise Disk Cleaner
    [2011/07/09 12:13:02 | 000,000,000 | ---D | M] -- C:\Users\Ada Suk Yi Ma\AppData\Roaming\Youtube Downloader HD
    [2013/01/12 09:47:31 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013/01/12 09:47:31 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2012/12/12 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\AVG2013
    [2012/11/12 20:46:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\BITS
    [2013/02/15 00:16:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Dropbox
    [2012/11/12 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\FlashgetSetup
    [2013/02/15 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Kugou7
    [2012/11/06 16:33:47 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\KuGou8
    [2012/07/15 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PPLive
    [2013/02/15 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ppStream
    [2010/08/06 17:08:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Snapfish
    [2013/02/09 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Tencent
    [2012/12/08 08:27:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
    [2012/04/20 15:50:34 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Ad-Aware Antivirus
    [2012/08/08 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Application Data
    [2012/04/20 16:10:16 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Auslogics
    [2012/08/19 10:03:42 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Kugou7
    [2012/09/23 15:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\KuGou8
    [2012/08/08 19:31:38 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\PPLive
    [2012/08/09 07:46:47 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\ppStream
    [2010/04/18 14:54:45 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Snapfish
    [2011/05/23 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Soluto
    [2011/11/02 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Tencent
    [2011/06/08 20:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\TypingMaster7
    [2012/07/12 18:33:02 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\uTorrent
    [2010/10/08 23:32:59 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\WildTangent
    [2011/04/17 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\Kitty\AppData\Roaming\Youtube Downloader HD
    [2012/12/15 14:22:17 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\AVG2013
    [2013/02/15 16:55:42 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\Dropbox
    [2012/09/13 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\Kugou7
    [2012/10/28 19:32:08 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\KuGou8
    [2013/02/15 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\PeerNetworking
    [2012/05/12 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\PPLive
    [2013/02/10 17:45:52 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\ppStream
    [2012/06/09 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\QQMusicUpdate
    [2012/12/12 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\TuneUp Software
    [2012/12/16 12:53:11 | 000,000,000 | ---D | M] -- C:\Users\Rosalie Blythe\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/12/15 23:42:03 | 000,001,189 | ---- | M] ()(C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\??迅雷看看播放器.lnk) -- C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\启动迅雷看看播放器.lnk
    [2012/05/12 19:56:07 | 000,001,189 | ---- | C] ()(C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\??迅雷看看播放器.lnk) -- C:\Users\Rosalie Blythe\Application Data\Microsoft\Internet Explorer\Quick Launch\启动迅雷看看播放器.lnk
    [2011/03/29 14:25:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᰐť
    [2011/03/29 14:25:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᰐť
    [2010/11/17 03:07:36 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?α) -- C:\Windows\System32\䎀α
    [2010/11/17 03:07:36 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?α) -- C:\Windows\System32\䎀α
    [2010/10/11 14:51:50 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\쿠˳
    [2010/10/11 14:51:50 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\쿠˳
    [2010/10/03 14:27:16 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\꿠Ī
    [2010/10/03 14:27:16 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\꿠Ī
    [2010/08/11 18:12:34 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\땘̢
    [2010/08/11 18:12:34 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\땘̢
    [2010/08/04 16:16:09 | 000,000,036 | ---- | M] ()(C:\Windows\System32\禠?) -- C:\Windows\System32\禠ŏ
    [2010/08/04 16:16:09 | 000,000,036 | ---- | C] ()(C:\Windows\System32\禠?) -- C:\Windows\System32\禠ŏ
    [2010/07/06 17:40:58 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\겸Ł
    [2010/07/06 17:40:58 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\겸Ł
    [2010/06/27 18:01:23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᙀќ
    [2010/06/27 18:01:23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᙀќ
    [2010/06/13 18:54:59 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ࣈŀ
    [2010/06/13 18:54:59 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ࣈŀ
    [2010/06/03 03:36:15 | 000,000,036 | ---- | M] ()(C:\Windows\System32\讀?) -- C:\Windows\System32\讀Ŀ
    [2010/06/03 03:36:15 | 000,000,036 | ---- | C] ()(C:\Windows\System32\讀?) -- C:\Windows\System32\讀Ŀ
    [2010/05/03 05:06:31 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᨘĪ
    [2010/05/03 05:06:31 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ᨘĪ
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
    (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

    < End of report >
  6. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    OTL Extras logfile created on: 15/2/2013 17:15:34 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rosalie Blythe\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C04 | Country: HONG KONG SAR | Language: ZHH | Date Format: d/M/yyyy

    1.99 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.15% Memory free
    4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.17 Gb Total Space | 77.02 Gb Free Space | 26.64% Space Free | Partition Type: NTFS
    Drive D: | 8.92 Gb Total Space | 0.95 Gb Free Space | 10.66% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Rosalie Blythe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
    "C:\Users\Guest\AppData\Local\Temp\fgcn_349.exe" = C:\Users\Guest\AppData\Local\Temp\fgcn_349.exe:*:Enabled:fg_ol_silent


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0970C23E-CA06-4F68-993A-3A0210AFAE07}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{1015C726-F919-4E4E-B475-D863C3D48B4D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
    "{161B1296-3B0E-4BB5-8E36-B6ADF1710B43}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1A63088B-411D-43E8-AB64-C66B770F77A3}" = lport=137 | protocol=17 | dir=in | app=system |
    "{20A4667E-460D-4635-9051-C5EA0E7F1EF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{2544F794-ED69-4C47-A35C-C1C7BE7E859B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{290D20A9-2112-4618-B2B6-454AAD96DF97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{2925EA8A-C1CA-4503-84EA-7FFDF6B9439D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2B00A74F-3AA7-42CE-B109-9C51D0B251BE}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2C1A5918-05EB-4600-BA17-DDFEE911520E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{303B5E4C-9EC1-4C49-8040-245D37222F86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{30ACC688-08D3-4B38-AC68-3F829CEBE26B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{35DFBA68-E445-4FA6-AD46-363FBA0C8D93}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{3756C372-E75C-4F2B-8565-649EDF0FB1C4}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
    "{39167BE9-6CB4-4AD4-A2CB-8FB1BEB2E9AF}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{3CCF5EF8-125E-4477-9E54-97C79BD45560}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{4142AB31-463E-4AE4-8E2F-42F8BDB5454E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4158D010-3223-493F-9219-1D3D3B64FFAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4F559DA0-5EDD-4E16-A9A1-35396AA805AA}" = lport=138 | protocol=17 | dir=in | app=system |
    "{4FC83398-0A46-49D1-9A3B-C1941BBC566A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{5AFA06A6-2E3B-4FC8-8469-CEDCF768038A}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
    "{5C10DB2C-B529-4CC4-B3F1-56D6CF8323A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7363FB2B-5780-4B83-B53B-2B5B9C45377F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{73AB3D8B-4A67-4DBE-8289-67A313B4A070}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7510F71B-3A18-4EDE-9F11-39094F724E0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7C735F7C-E9F5-4FA4-A51B-01CFAC11C235}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
    "{7F85678A-EAAA-4BE9-BAFF-BA9AD5ED91F1}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{86D20B85-FCEE-4FA4-9EF2-F0E2ED673C00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{887EF69C-6A48-4022-AAC5-8E3C039BC44D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{91B1A1EA-D08A-49B8-AAE4-94C8C7DCC863}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{96D5E214-3BAC-4E25-8B1B-32CA3600ACD3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{99039C1F-97D0-44D2-AB6C-80CAA9FAE827}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9C47E243-E379-4210-8668-A2C7E997AA2D}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9DDB4DF1-1E85-444C-8A4D-70191DBD81ED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A4015CEE-C98C-4EF5-8476-1E399796EC56}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ADBCE9FD-44A9-4F65-9D9D-EBDEB3FFE96C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AFADDF23-5D70-402F-B2F3-4E5846038F01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BDD48FB9-F456-47CB-8A54-24BF6116092D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C043112D-FCD5-4F70-A22E-28C65DCE13F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
    "{C057E302-7A49-4AA7-B143-F757EC569BF4}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{C914ADD7-26E3-43AC-B34A-7CDB6191E465}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{CCDBF3F6-C066-41AF-9FE9-3EEBD245A065}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{CD35EC22-42D1-4ED6-8CE1-5596C4F7F079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DAE0C21F-6AF6-41DA-8CE6-87E4CEC8C920}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DCF5E735-9BE6-4F88-A206-38BCDE70D233}" = rport=138 | protocol=17 | dir=out | app=system |
    "{DCF8BD59-8F67-4007-9B6D-74A4AC5C99D9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{DFD7D73E-C392-4B76-9034-13B0E91B9857}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
    "{E0AFF66E-8DC0-4D94-9D36-2B888D71EC88}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{E57A6DF7-12CB-4F2A-A397-2C5D06CACA7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E59102B3-2B09-4F34-B1C1-3B5ADB3EEAEB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========
  7. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01B111EB-9B47-4E42-97A6-E3E6BCCA6BC8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
    "{01E865AF-9C74-4CF7-B95A-0CF3447A2392}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
    "{024831F1-8F3F-40AF-938F-865EE08AACA7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{05D0BB79-00BC-4487-B522-D4D2980FDF07}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{06440FD3-7B82-4873-9A55-9928AF047FC4}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
    "{06605606-0631-4419-8825-DE4B63836239}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{0683E1D2-044D-443A-A2D3-CAF9997EA967}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{0756FA90-8989-44BF-817D-64509B8B0D1F}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{078A2C10-9A9D-4B6C-AAF4-23E706FE9A2B}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{07F40082-4E26-4DA1-83F1-F22537F890F4}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{0B3A3350-5DD3-448A-BDD1-883B8B3222F4}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{0BE4C23C-8CA7-4DD8-B84B-F403203F8EDB}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{0D369716-4A2E-46F6-A5AA-152F7EDBEFA2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{0E48CF51-D782-4BF4-9030-B269E3C4EC70}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
    "{0EA87A4A-35F9-4A05-992B-D77005BE4267}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
    "{0EE9F0C6-3F7B-42AF-90D6-21849F933C8E}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
    "{0F1176AC-E8AE-4EE2-BC31-B9817794E3F2}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\ppliveu.exe |
    "{0F311545-8265-43B6-8F85-FCAC13DF3CB1}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicupdate.exe |
    "{12655268-8915-4360-8A1C-49726B5E4A14}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
    "{1291AB49-47A4-4836-BBA4-C94526BD4937}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{135F20D8-5899-40B0-876D-3503B9A71776}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{1497EF66-DD1E-42B6-AF5F-AEED623BA19E}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{151D1994-21C2-4ECC-85FB-894AA99B02ED}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\ppliveu.exe |
    "{15D89F38-BF07-4FE3-884B-C2706F30C223}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicie.exe |
    "{169E8D43-1BC6-4E5A-BF2D-15596F080505}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{16D3718C-6696-492B-B10A-5B1496699009}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic\qzonemusic.exe |
    "{18D1D7A2-60F7-4A19-9BAB-CAFBDD7539DD}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{198B383D-D900-4C47-9DA5-EF52ACB49848}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{1A40AC98-3AE7-4432-8EE2-502E2A114861}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{1B5FDF5B-2353-45BC-B3C0-B77A628DA841}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic\qzonemusic.exe |
    "{1C04D690-12C2-4469-9F62-7B12A8B46ADD}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{1C83E579-5A34-4A32-B729-F0EEFDF88C12}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{1C99AA0B-124D-49DB-A897-B7BD60DAF174}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
    "{1CF2F001-16C0-49A3-BAB7-0F27C075CCB2}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{1D34C108-064A-44BC-81B0-A7D6BAC843B5}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{1F3D8463-17A8-40E9-8CE7-5455FCD2E9C0}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
    "{208EFCF0-9DB6-4E04-952E-97E6275EB82A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{20F16ED3-0AA2-4DB5-B9EF-913DFE728BBB}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\ppliveu.exe |
    "{22D9CC4C-CEE8-4577-A296-4C83FF74C15D}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
    "{23F37FB7-BD57-4285-9EA0-B433BC7A712F}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{24426076-7B28-4495-B79E-49460A2BB3C5}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
    "{25019BF0-236E-4A9F-BF56-9F685B5B51A6}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{2653DAAD-44A0-4AE0-82A9-D66E88BA74A6}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
    "{265EC563-FB2A-4650-B310-5BB2D1DC8015}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderliveud.exe |
    "{269F1D12-C60C-4AD7-9521-D94C74355093}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
    "{26FE773E-1C17-472F-95B3-5A071261FA68}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{273EBA5E-3286-4D99-B3ED-C6F0C0E486D6}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\crashreporter.exe |
    "{282B2178-FB03-4083-99A8-8A10DEA8010B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{286048F4-B6DE-48CE-A8D8-3BFB8EE3B7AF}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{2A57D422-2AC1-4559-8534-8388AA470557}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
    "{2B1E3DCC-6065-442C-980A-D316F4EAD681}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{2CB1358D-3FF8-4F73-B4BE-AA5A0B28009D}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{2D26548B-F34C-4B57-8122-3223BB98A4E3}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\xlbugreport.exe |
    "{2D2AFA9F-7458-4E30-80B7-7E63B0242DD3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{2E484B57-F98E-475E-9B62-4B8292098EB2}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\crashreporter.exe |
    "{2F640710-4CEF-4BF0-9176-465843041B29}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
    "{3106623F-894E-460C-8186-FD7BA1043A1A}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\setupex\qqsetupex.exe |
    "{36D18A47-B585-4676-A338-C4378C3C9416}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{375B5E02-3E45-487E-A4D1-EDC8547BCDDD}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{38DDAC88-66DF-4C94-8627-25735023B81C}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{3BB9C162-1C4A-4D57-A3BC-1C49C3DAAB72}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
    "{3BE9B834-9436-4924-9CD2-7256F41C55F7}" = protocol=17 | dir=in | app=c:\users\rosalie blythe\appdata\local\temp\qqpcdetector.exe |
    "{401285A5-2E29-4B72-B082-555CEAAC5967}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{41C77756-8E6F-461C-ACD4-319C8860269E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{41D46263-07BF-4147-810E-8E8D9D6B6FA3}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
    "{438F904E-A87E-4404-9387-9C61594A370B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{44145E59-C211-4806-B2EB-4467B53294CD}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{44320236-FAF8-4C15-A4EF-292D1CD8150B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{44557529-750C-426C-8A5B-4643543276B3}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{45A1FD17-2D72-4B56-9292-3D664A4B69B5}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{45D38DBF-48A0-4CD7-AE18-D4A8BF076007}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{468B2855-F7CD-4FEA-AB50-678037A0DF9A}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{46CE7219-755F-49E8-9BD3-C80779C2004C}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{474BD6BB-A39F-4CC7-A149-AAC7D06B1C1A}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{4A630038-E9B1-47DB-8E90-9E9CFE3DD408}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
    "{4BA747CD-539F-4550-816A-2CCA27E00EA0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
    "{4C1E48AB-826A-49A5-A340-3B4E5398B2B8}" = protocol=17 | dir=in | app=c:\program files\online services\aolca\installaol.exe |
    "{4D090001-D991-4B4A-8136-49ABA234967F}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{50F11FC2-CCE7-4315-802E-AC116C2307AF}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{5135439E-81D7-45E4-819C-D15D5B13CE9C}" = protocol=6 | dir=out | app=system |
    "{5177BBA1-E669-4AA8-A034-D07F810236F3}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{52AD5094-2D52-4CAD-A43C-11976B503BAC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{530933F0-587F-42B0-8588-A27DC731C8B7}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{534A76F6-E78F-4EA7-B19B-8493BE64BF58}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{535573C7-4843-4235-89EE-B08ECF5C069A}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderliveud.exe |
    "{5572E4BC-7A10-4D47-A6D3-009D2FD28C50}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{55EF55E6-9989-4BA5-9AF0-535B9803B950}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{56215D21-FA4B-4632-85BD-89AFE5127AE0}" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\107\tencentdl.exe |
    "{5795DB26-F5B8-4ADF-A23A-5E1F2A4C73F8}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\xlbugreport.exe |
    "{596AF275-1EAE-48C9-874E-979DC02594E4}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\ppliveu.exe |
    "{5F64D5EA-1528-4FEC-83BA-AF69CBC7610F}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
    "{608293C1-3B25-4A45-B64C-D7973D1641AB}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
    "{60BAAA64-A87F-4FF3-B96F-E65F771B23E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6200FD58-36E1-489D-910B-917F87BB97AE}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
    "{63D534D9-0868-4C2B-946F-6824832289D2}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{63F5A44E-44CB-486C-B3E5-4F69488CF2F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{65C7E1D1-0951-495F-82E0-EB3B277F1F62}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{666C9A6C-73F1-4E6F-853A-76B710B43797}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{667C4045-8DC5-48CA-903C-5EDDCE4E3F82}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{6689FC36-995E-480A-9C20-5164E7E7F753}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
    "{66E6023B-5AA8-4D3B-AFDA-54FC7CD84AD9}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\repairsetup.exe |
    "{66F00ED5-E790-4FFB-A01C-F6AC2B020CD8}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicie.exe |
    "{67AF3FB3-961D-4EB6-8585-AEFF0AA70058}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{694034F6-0D54-46D7-A1EE-7FE8126A9DC1}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{698698BD-6F96-4465-B6AD-442432B93BC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{69972C9D-EF45-4E51-A58F-7618DEB4AF8A}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{699CAC42-048F-45F2-8866-506D86DAF98D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{69B141DA-B790-4CC1-B069-8EA650E9A7D3}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{6A40FB88-D816-441A-82B5-DF0CF99CA7A9}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
    "{6D548B47-DFD9-45AE-BA21-DF87A28AF8DE}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{702879E8-2DD0-453F-A2E4-0E0A9E427768}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{710A43F8-0C31-433E-94FE-18F5DC01B2C7}" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\local\temp\qqpcdetector.exe |
    "{71183EA3-9BDD-41EC-A58F-027DBA5F2BC1}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{71292472-9ABE-417C-B0D4-9F9AC880BF1F}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{721C7925-E94D-4AA5-B7BB-D95F38F95EC6}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
    "{73A6617F-D83D-4A18-AE86-B4E3DD69F60E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{769D95E2-DB83-422E-8463-DB9F52E5DA15}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{79DC29E7-88B5-4904-810D-3A6762B61347}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\txupd.exe |
    "{7C7EA3EF-76E3-4D8E-B6E8-3766CCB76061}" = protocol=17 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
    "{7CE61D89-A85F-49D9-91F4-8D823EF77FDA}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.3.3254_2\program\xldoctorui.exe |
    "{7CF1E56D-6BBB-4CD9-846F-9B5A79013B93}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
    "{7D1D23B9-91B3-4E0B-896A-DC8A6BA34F95}" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\tencent\qq\stemp\setupex~0\qqsetupex.exe |
    "{7D460178-6C4C-4AA2-A863-51740976B835}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
    "{7E40B1DD-1EB0-4415-907D-C17D90B2B6C9}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{7E6D97F5-45E7-473A-A79E-08748D61DBB2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{7EA43EC0-7A11-44D4-9D86-8D12E4DBA1E6}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\repairsetup.exe |
    "{7F2A4FF9-E448-4FF4-BE1A-D7C1F82EAE3C}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{7F69EEB7-6B16-4A22-BEE2-2AB76E7994B3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8098454F-58FE-4966-BE65-C028B6DE4252}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{837BD833-266F-43FA-B009-6FFDC48CDD99}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
    "{849B832A-9595-421C-B14D-E077802D0BE4}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{8613A1C2-8A93-4C66-9EDC-5829C8D9082C}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{86BEFC81-91DC-4643-86B6-89A44C4E7C06}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\setupex\qqsetupex.exe |
    "{870C2032-7017-4C52-8825-26F72571EF8A}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
    "{8758453D-F198-499B-9A41-0D089606515C}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{881E78B1-B448-4F01-A19C-4633BCBE77C8}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
    "{89333795-907B-4087-A866-03876031DDEE}" = protocol=17 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
    "{89C652DF-AA68-4295-A36D-28723336195F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{8B7D7DA8-F7F2-46FB-95C1-E91DAAC3E8BE}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{8BD7902B-3969-4FA5-A8F4-9FB317CCD5DA}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{8DD744EA-3307-4823-9964-4B8952F2C8EE}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{8DFEFEB0-9CC0-4F70-A34F-56C724973447}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
    "{8E28C663-AB09-4467-9EEC-927E66CA736D}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
    "{8E9BF434-00C0-4AC9-A5A9-B0362FC28513}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\txupd.exe |
    "{8EE2E95E-718F-4C8A-8BE8-E12A474719FB}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
    "{90BCB571-CE06-4E2B-BFB6-DB08E8502906}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
    "{9120C562-0EB5-4F1A-A941-525E664A4AFD}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
    "{91F572CA-E8F3-4F22-9A13-DCC402409C20}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{9241B653-B737-467F-A587-832C3BD65018}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9337A8A7-6E13-4C17-BF32-B8A7D574152D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9427FB42-8C16-4FEB-BC2C-7C90BC9C64D8}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
    "{9457A587-B74F-4270-95AC-21C7AFF51162}" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\107\tencentdl.exe |
    "{9536C406-8BB8-45B2-82AA-895615CCDB5F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{96BBCF76-147A-4623-B36F-2CE5A7EB914B}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
    "{971C516E-3AB8-4D3E-B603-0136A092883D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{98A663B6-BAE1-47A5-B390-55DAC7D23E2F}" = protocol=6 | dir=in | app=c:\program files\pandora.tv\panservice\pandoraservice.exe |
    "{99310EE1-D5B8-42DA-9AE5-8F80D1C7FFA5}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
    "{993AA46C-701F-420D-A6EB-4D49DB021D62}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{9BFE2B97-DDB2-4CB2-94E9-B44C73869A4F}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
    "{9D621559-E19A-4505-9DA7-E540F9F5A7E1}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
    "{9DB20958-5395-44E1-A17D-2006B7DBF9A2}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
    "{9E43B11E-B78A-4D63-8518-985B039A2A8C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{9E4982E2-B84B-497D-B119-7C35DD40BF05}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
    "{9E74294C-FC61-4D4D-905B-30F6EFA58A62}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\crashreporter.exe |
    "{9F8BA50B-294A-4C88-9D04-8638718FA19F}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
    "{A031AC8E-257A-487F-A704-2CEA225EDDC6}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
    "{A0498254-BEE4-4CAA-80EE-12F014D393B8}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{A1826D5F-2BCD-4479-8B0F-6784DF10BD0E}" = protocol=6 | dir=in | app=c:\program files\online services\aolca\installaol.exe |
    "{A3AFD66E-5ECA-475F-8A40-3845EAF0643B}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
    "{A4F720AF-51E1-469C-ACD7-1F67FC9754ED}" = protocol=6 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
    "{A6138E7A-CCBD-4B12-B269-176167E5B729}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
    "{A6A73347-563E-4FC1-8CCE-72A265B745D1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A70A5276-8591-456C-863D-DBC5CC663651}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{A97F8986-2F2C-4624-B636-BB073281331C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB0489D8-E025-4DBE-85CF-04B6F5CAC27B}" = protocol=6 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.2542\plugininstaller.exe |
    "{ABA0ACD8-7FC3-43D1-8A46-4D80E7B59A0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{ABD81F02-1ED8-4F8A-B377-7C62F6BB7798}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderliveud.exe |
    "{AC285BDC-8007-482C-A4CB-90FCE2A40D48}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicupdate.exe |
    "{ADC2E742-14CF-48C8-A3E8-8874677C44C7}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
    "{AE55150D-F695-4B8B-B2C6-7148B21DC29E}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{AF07D895-93F8-4538-BB5B-BDC1C538FC69}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
    "{AF38DB6D-60D8-4F50-B94F-495C2F93DDF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{AF799F22-05CB-4D17-8CCC-9E553BE299E6}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{B1000F5A-BA79-4301-90B4-4553E270ED77}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
    "{B42D2F75-2483-488C-895C-0227A8B55B7D}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\xlbugreport.exe |
    "{B4686751-9F30-4F1A-B61E-C0CD48394C1D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{B47F24D6-3892-434B-BF2F-90A5349FFBB5}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{B6F6F7CF-6DA1-4621-800A-F0D450DF55DA}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.186_1111\thunderplatform.exe |
    "{B816AB10-C5A3-409E-B978-3AFD76434D9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BA64FB54-3DF1-403C-8770-207C2613E234}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{BDC2F45B-D3D9-431F-B7C7-B561C6228DDD}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{BF972230-2FC8-4C8D-931D-F93B1B32FC8C}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{BFB8231B-00A1-4261-A6B1-3F3B5EF808E9}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
    "{C02DE3E8-B092-47EA-91AF-D29F26AF6870}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\xlbugreport.exe |
    "{C06D4C83-EBEB-414D-822F-49968D6B76C7}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
    "{C1FF4727-4CD8-45D8-9BD9-5135ABF4C32A}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\repairsetup.exe |
    "{C220655F-FEA4-496E-9BD5-DAF66D5394DF}" = protocol=6 | dir=in | app=c:\program files\pplive\pptv\3.2.0.0042\crashreporter.exe |
    "{C4A1E181-C50F-4929-B6F3-0941A2B73323}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
    "{C5232335-CB23-4784-87E5-C24C8366ED66}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.130_1111\thunderplatform.exe |
    "{C53EDB2C-B681-4EC2-AEDF-AD0F098F9B92}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
    "{C57D1ABA-82F1-4DFA-AA62-1691E4E7C18F}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{C5E47846-C2EB-4B0B-8AA7-80A125DBF2AF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{C6E7BDB3-7887-451E-B949-E29048F31FC2}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{C734591E-12CC-4BC1-AE36-0398A3C45D5F}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.3.3254_2\program\xldoctorui.exe |
    "{C757CABE-0D88-45E3-847E-CD94642584FA}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
    "{CBB325A5-3E75-4275-A1D0-DB520BF93A2E}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{CC12FFA7-B432-40F2-9065-0B19DE3DBD99}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{CCA30264-0867-428D-8A7F-F2B677867F73}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{CD8D2471-00DF-4050-9405-552649E964B3}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{CFC08325-063E-4093-9708-17E5E9DC2D6B}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{D0A02A28-8DEC-4E59-BD4B-6787E98D75FB}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{D23C5700-2837-451E-8A68-F6D2EFCADB83}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
    "{D2864757-6B95-42AC-8E6C-FA8524120A10}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{D2F78A07-2613-4F81-8C12-E4F41EF8BFDA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{D3EF2D49-2301-4102-A9E3-11AF919FE594}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
    "{D4034363-38C1-4891-94D1-4D6E044145D3}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
    "{D52E0EB2-92E7-4695-87C1-4FB55C813F2C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{D6A320A1-551D-4BDD-B455-D763940EEE69}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{D75AEA89-12F4-4AED-B4AB-DA6167A94E63}" = protocol=17 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |
    "{D806571D-EE61-4632-BF71-C695BDB5E642}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
    "{D8178046-E5B9-4681-89AB-EAFC0964D367}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{D9284DDD-1C1B-4D0E-8E3A-C51E89EC4632}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
    "{D9336771-847A-4FFB-8392-AB6C476DB6A9}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\3.1.8.0039\repairsetup.exe |
    "{DACD0559-2C49-4BDB-B4BD-30A642643639}" = protocol=17 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
    "{DB5AE4E8-4ACE-4EED-94EB-FA7591E7CDFE}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
    "{DC5D8BF9-5381-4628-973A-B4F2E82D838D}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
    "{DC750C0A-41A9-4833-BB23-29ED52686CDB}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{DD786FC7-E03D-44C9-BE75-A5305FAD6277}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{DE512A20-9491-452F-BFDE-D127395456D5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{DF853603-C477-4CB1-90A3-5520757500E6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{E0F2C2AB-0292-437C-AA51-EB5B32723680}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{E292AF89-9092-4989-936E-884E32F0C93D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
    "{E2B51135-37EB-494C-A052-2DDC2BC43BA8}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
    "{E2F91F79-9D76-4EC6-8B18-90AAF87C8317}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kgservice.exe |
    "{E336C038-209E-436B-87CA-40443C08DA20}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{E339010F-92A8-4DC5-B829-532044E3B4BA}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicatorcom.exe |
    "{E4673728-CAC5-4229-9C9B-6703FC132D65}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
    "{E4A592E7-5AE6-4DD1-A7A5-A0DD3D7A04D7}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{E5821699-79D0-4074-8665-A971AF74F3F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E6D02784-EB54-45DE-98B0-68B801B2BE04}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
    "{E708C471-0355-4135-AA68-88A3FAB506A5}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\thunderservicelite.exe |
    "{E742AB32-B7CE-469A-82D0-04E8BE7DD4D2}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{E9A1AEF7-ED60-4CF1-A7A5-A595DF59967B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{EC19D23F-1176-42A1-B16D-CD167499F7F5}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderplatform.exe |
    "{ECD3E7E8-F2BE-4ECF-94AF-AC5F2679FCD8}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |
    "{EDD7BBFE-83A3-4419-9FE7-1190E6E6DA2A}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
    "{EE3BFE01-44F3-4F47-B70C-6BB3B8C5BEE3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{EF8C4854-0459-437D-B433-A26DE7601345}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{F24DE767-4A0D-4E8A-AA9E-FC6188F1DE87}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{F3A2331A-5E3F-40B7-9075-8F2E0A6C4030}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp4\program\xlbugreport.exe |
    "{F5BE8624-B53A-40C3-AF27-3371ECA6F2E4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{F64E870A-2823-44EE-B271-EA523FEE34B0}" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |
    "{F6822360-F458-49EA-AA07-448143BAA485}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\kankan\kankanlive.exe |
    "{F6BA9DF9-0C8F-4AA7-A155-CB086D89AF3B}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
    "{FA7872D5-E9F7-4A92-B4A0-8A2E0E2FAC52}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
    "{FB7368B3-59F0-443B-AD07-A9A758328A8E}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
    "{FBC71D00-0E5B-48D3-87B9-83E69E5A2587}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\xmp.exe |
    "{FD1B0000-829E-42F7-8FE9-8010BFF2F274}" = protocol=6 | dir=in | app=c:\program files\kugou\kgmusic\kugou.exe |
    "{FDAE412D-8D26-42E6-8621-69BB70733570}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
    "{FDDE5E84-B1E8-4A2D-8A51-0D8DF8A7B43B}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp4\program\thunderliveud.exe |
    "{FE611700-D79A-4572-BF83-19E6ACEE5ED3}" = protocol=17 | dir=in | app=c:\program files\pplive\pptv\pplive.exe |
    "TCP Query User{1AAB9D36-3CC9-4EEC-8055-851FCC4D8C24}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
    "TCP Query User{1B556DD7-E413-4DE3-8F4D-8EA897574971}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
    "TCP Query User{427F7BA6-2F40-4FA0-A03D-BC62AB4B3D04}C:\users\guest\appdata\local\temp\fgcn_349.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\local\temp\fgcn_349.exe |
    "TCP Query User{541FAACD-6DD1-488E-B097-6C8734D8B4DD}D:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
    "TCP Query User{6635D274-36D7-46EA-91A0-CC57F427EAF5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{8496D048-DFE7-4007-8F47-BEC827B218AF}C:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{BF1F3079-B0D6-4D2E-A0ED-434BD3DCF08D}C:\program files\kuwo\kwmusic\bin\kwservice.exe" = protocol=6 | dir=in | app=c:\program files\kuwo\kwmusic\bin\kwservice.exe |
    "TCP Query User{C34C91DA-29D9-4817-A6BF-A1658D36A9D5}C:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{C52ACD9B-8234-40A7-8D3E-B4CD7D81BAF4}C:\program files\kugou2012\kugou.exe" = protocol=6 | dir=in | app=c:\program files\kugou2012\kugou.exe |
    "UDP Query User{14BFFBD1-F812-4B93-BD24-E9C7B7BD8914}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{3F3959C7-9446-43F8-9DEE-F3FC16994127}C:\users\guest\appdata\local\temp\fgcn_349.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\local\temp\fgcn_349.exe |
    "UDP Query User{46EC0B6F-1F8F-4A78-8FA7-9D464D6AD18F}C:\program files\kuwo\kwmusic\bin\kwservice.exe" = protocol=17 | dir=in | app=c:\program files\kuwo\kwmusic\bin\kwservice.exe |
    "UDP Query User{58B0876D-7069-4EE0-A092-5104B91D28F1}D:\pps.tv\ppstream\ppsap.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
    "UDP Query User{5C27CE33-0678-468C-AA3C-991B50C04620}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
    "UDP Query User{5F3DB729-4AB3-4B89-9DAA-6270EB310E0E}C:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{6D158A1C-BAFA-479E-8FA7-7E4BCE73BA0C}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
    "UDP Query User{AA728A27-D4FF-4A00-B623-9CE2DFB83B28}C:\program files\kugou2012\kugou.exe" = protocol=17 | dir=in | app=c:\program files\kugou2012\kugou.exe |
    "UDP Query User{E6E3886C-CC7D-4344-AA0D-091FC169D9B0}C:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rosalie blythe\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
  8. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01AD248D-2189-4B91-BBF4-929C72154DF3}" = HP Officejet 4620 series 基本裝置軟體
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 騰訊QQ2012
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{10EF35CA-C694-42DD-AA45-0585135ABD31}_is1" = 蹄僩秞氈2012
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2CCC5C78-20FF-478E-8B65-46B58CC5781B}" = AVG 2013
    "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
    "{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
    "{3E9C9EE1-1964-4519-BF80-652E7F415ECF}" = WD Drive Utilities
    "{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
    "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
    "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
    "{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
    "{7FD093C2-3493-4B17-BB15-B129A7D1DC51}" = AVG 2013
    "{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
    "{90120000-0015-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
    "{90120000-0016-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
    "{90120000-0018-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
    "{90120000-0019-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
    "{90120000-001A-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
    "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
    "{90120000-001B-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0404-0000-0000000FF1CE}_WORD_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
    "{90120000-001F-0404-0000-0000000FF1CE}_PROPLUS_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0404-0000-0000000FF1CE}_WORD_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0404-0000-0000000FF1CE}" = 2007 Office system 相容性套件
    "{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
    "{90120000-0028-0404-0000-0000000FF1CE}_PROPLUS_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0028-0404-0000-0000000FF1CE}_WORD_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
    "{90120000-0044-0404-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
    "{90120000-0044-0404-0000-0000000FF1CE}_PROPLUS_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
    "{90120000-006E-0404-0000-0000000FF1CE}_PROPLUS_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0404-0000-0000000FF1CE}_WORD_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A9461747-B8C2-446E-B335-B39385284226}" =
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A68C62E8-B243-4777-89BB-12173DFA1D45}" = OLYMPUS Digital Camera Updater
    "{A690BBE7-2548-4FC4-AC8E-502C0123B81B}" = Soluto
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
    "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{C3AD9933-EF84-4226-B906-0E0578B14248}" = WD SmartWare
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C7B1C030-8B9F-48A2-91E3-6999FC624AE5}" = YTD Toolbar v6.9
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D2464E10-4895-441F-8CC3-0A898D2E8F01}" = Microsoft IntelliPoint 6.11
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
    "{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EB61B60D-1443-41FA-BBD7-BCD8217551B7}" = QuickBooks Premier Edition 2010
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype(TM) 5.10
    "{EFC0BA9B-F472-4559-B655-9C47281F9483}" = WD Security
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
    "GOM Player" = GOM Player
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photosmart Essential" = HP Photosmart Essential 2.0
    "InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
    "Intel(R) Configuration Center" = Intel® Viiv™ Software
    "jZip" = jZip
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PPLive" = PPTV V3.2.0.0042
    "PPStream" = PPStream V2.7.0.1236 Final
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "QQMusic" = QQ音乐 2012
    "RealPlayer 15.0" = RealPlayer
    "Recover Files_is1" = Recover Files 3.26
    "Rhapsody" = Rhapsody
    "Samsung CLP-310 Series" = Samsung CLP-310 Series
    "SupernaturalScreensaver" = SupernaturalScreensaver
    "The KMPlayer" = The KMPlayer (remove only)
    "thunder_is1" = 捃濘7
    "uTorrent" = µTorrent
    "vampire_diaries_ss" = vampire_diaries_ss Screen Saver
    "VLC media player" = VLC media player 1.0.1
    "WildTangent hpdesktop Master Uninstall" = My HP Games
    "WinLiveSuite" = Windows Live Essentials
    "Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.21
    "WORD" = Microsoft Office Word 2007
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager
    "迅雷看看高清播放组件" = 迅雷看看高清播放组件
    "迅雷看看播放器" = 迅雷看看播放器

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ OSession Events ]
    Error - 8/6/2011 20:32:53 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 23/9/2011 22:51:11 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 24/11/2011 0:28:23 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1487
    seconds with 1440 seconds of active time. This session ended with a crash.

    Error - 16/4/2012 21:41:10 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 44
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 16/4/2012 21:41:10 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 16/4/2012 21:41:10 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 51
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 23/7/2012 11:51:50 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 28/10/2012 17:42:17 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 372
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 28/10/2012 18:03:35 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1267
    seconds with 1140 seconds of active time. This session ended with a crash.

    Error - 15/2/2013 18:00:40 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 516
    seconds with 180 seconds of active time. This session ended with a crash.


    < End of report >
  9. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    That's fine...

    Did you actually use system restore?
    If so, how far back did you go?​
  10. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    Sorry for the late reply, yes I did run a system repair, after window fails to start, but I don't know how far it goes back because there is just a pop up saying something like "do you want the system to restore?" it does not show me which restore point it uses to restore. I have no idea
  11. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    But this happens before I did the camfox, adcleaner and OTL...I don't think the computer will be affected...
  12. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (Microsoft SharePoint Workspace Audit Service)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
      DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROSALI~1\AppData\Local\Temp\catchme.sys -- (catchme)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found
      FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
      FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
      FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll File not found
      O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
      O2 - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
      O4 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005..\Run: [XMP] "C:\Users\Public\THUNDE~1\XMP4\Core\Program\XMP.exe" /embedding /sstartfrom Startup101 File not found
      O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
      O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-2146718395-4068598169-1799883407-1005\..Trusted Ranges: Range1 ([http] in Local intranet)
      O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ======================

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  13. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    This is done in safe mode (first attempt has failed so I did a hard shut down and do it in the safe mode)
    All processes killed
    ========== OTL ==========
    Error: No service named Microsoft SharePoint Workspace Audit Service was found to stop!
    Service\Driver key Microsoft SharePoint Workspace Audit Service not found.
    Error: No service named NwlnkFwd was found to stop!
    Service\Driver key NwlnkFwd not found.
    Error: No service named NwlnkFlt was found to stop!
    Service\Driver key NwlnkFlt not found.
    Error: No service named IpInIp was found to stop!
    Service\Driver key IpInIp not found.
    Error: No service named cpuz135 was found to stop!
    Service\Driver key cpuz135 not found.
    File C:\Windows\TEMP\cpuz135\cpuz135_x32.sys not found.
    Error: No service named catchme was found to stop!
    Service\Driver key catchme not found.
    File C:\Users\ROSALI~1\AppData\Local\Temp\catchme.sys not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QzoneMusic\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\Software\Microsoft\Windows\CurrentVersion\Run\\XMP not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ not found.
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-21-2146718395-4068598169-1799883407-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Ada Suk Yi Ma
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kitty
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rosalie Blythe
    ->Temp folder emptied: 42302 bytes
    ->Temporary Internet Files folder emptied: 399127056 bytes
    ->Java cache emptied: 974 bytes
    ->Google Chrome cache emptied: 98376902 bytes
    ->Apple Safari cache emptied: 150714368 bytes
    ->Flash cache emptied: 201269 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 58037754 bytes
    RecycleBin emptied: 1144450 bytes

    Total Files Cleaned = 675.00 mb


    [EMPTYJAVA]

    User: Ada Suk Yi Ma
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Kitty
    ->Java cache emptied: 0 bytes

    User: Public

    User: Rosalie Blythe
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Ada Suk Yi Ma
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Kitty
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Rosalie Blythe
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02182013_184231

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  14. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    Results of screen317's Security Check version 0.99.58
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2013
    Microsoft Security Essentials
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Wise Disk Cleaner 7.21
    JavaFX 2.1.1
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 11.5.502.149
    Adobe Reader 8 Adobe Reader out of Date!
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
  15. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    Farbar Service Scanner Version: 18-02-2013
    Ran by Guest (administrator) on 18-02-2013 at 23:44:50
    Running from "C:\Users\Rosalie Blythe\Desktop\tools"
    Windows Vista (TM) Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2013-02-15 11:10] - [2013-01-04 06:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  16. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    If I did not post the ESET online scanner result tonight, I will post it on Wednesday, I won't be at home on Tuesday, thanks!
  17. Broni

    Broni Malware Annihilator Posts: 45,217   +243

  18. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    Sorry for the late reply! the scan said no threats are found!
  19. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================

    [​IMG] Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  20. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Ada Suk Yi Ma
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 10968980 bytes
    ->Temporary Internet Files folder emptied: 177723662 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2573 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kitty
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rosalie Blythe
    ->Temp folder emptied: 10251478 bytes
    ->Temporary Internet Files folder emptied: 99478046 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 65446596 bytes
    ->Apple Safari cache emptied: 1205248 bytes
    ->Flash cache emptied: 1691 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 63729151 bytes
    RecycleBin emptied: 1578984753 bytes

    Total Files Cleaned = 1,915.00 mb


    [EMPTYFLASH]

    User: Ada Suk Yi Ma
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Kitty
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Rosalie Blythe
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Ada Suk Yi Ma
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: IUSR_NMPR

    User: Kitty
    ->Java cache emptied: 0 bytes

    User: Public

    User: Rosalie Blythe
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 02262013_104702

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Guest\AppData\Local\Temp\JET55C.tmp not found!
    C:\Users\Guest\AppData\Local\Temp\MainFrame.Log.txt moved successfully.
    C:\Users\Guest\AppData\Local\Temp\~DFBE71.tmp moved successfully.
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJ7MCWOJ\T1fLk0XaVcXXbMsGbX[1].htm moved successfully.
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL0YF51Z\alimama[1].htm moved successfully.
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL0YF51Z\tanx[1].htm moved successfully.
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TL0YF51Z\tanx[2].htm moved successfully.
    File move failed. C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSYKOJZM\%BA%A3%CD%E2%BE%E7%B3%A1_%CE%D2%C3%C7%BD%E1%BB%E9%B0%C9(%BD%AA%B3%C9%E5%FB%D2%FC%B6%E0%D1%AB)_%BA%AB%BE%E7%CE%D2%C3%C7%BD%E1%BB%E9%B0%C9[1].htm scheduled to be moved on reboot.
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSYKOJZM\alimama[1].htm moved successfully.
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSYKOJZM\athena_simba_taobao_com[1].htm moved successfully.
    C:\Windows\temp\etilqs_0PvTLLDbHJur8qsYgFum moved successfully.
    C:\Windows\temp\etilqs_94gcftQiBFuJypvRm2ao moved successfully.
    C:\Windows\temp\etilqs_sVouCGUzUKvyrl7fWXLb moved successfully.
    C:\Windows\temp\etilqs_tgRlYryWXFqk8zfG1lKK moved successfully.
    C:\Windows\temp\etilqs_Tn5pC9vlTO1Jn0YrPR9D moved successfully.
    C:\Windows\temp\etilqs_XQcqzmtPKwQGUjkWnGgH moved successfully.
    C:\Windows\temp\MpCmdRun.log moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  21. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    I failed to update these two: Adobe Flash Player and Adobe Reader...they said something is not supporting...I am using Google Chrome.
    I will be back on Thrusday! Thanks !
  22. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    I need to know exact error messages.
  23. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    For adobe flash player, it said "Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available." and for the Java Version "We are unable to verify if Java is currently installed and enabled in your browser."
  24. Broni

    Broni Malware Annihilator Posts: 45,217   +243

  25. Rosalie_Blythe

    Rosalie_Blythe Newcomer, in training Topic Starter Posts: 45

    That's the error I got from the Java

    Attached Files:

    • eee.jpg
      eee.jpg
      File size:
      101.2 KB
      Views:
      1
    • err.jpg
      err.jpg
      File size:
      101.2 KB
      Views:
      1


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.