TechSpot

Infected by Agent.BA, Conedex.B, Sirefef.AP all from one site

By roy392003
Aug 22, 2012
  1. As stated in the topic I have been infected by Agend.BA, Conedex.B, Sirefef.AP
    I have read and performed the 5 steps.
    • Malwarebytes Anti-Malware log
    • GMER log
    • DDS logs: both DDS.txt and Attach.txt
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.22.04
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Roy Yip :: ROYYIP-PC [administrator]
    Protection: Enabled
    22/8/2012 8:21 AM
    mbam-log-2012-08-22 (08-21-09).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 252629
    Time elapsed: 2 minute(s), 24 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Roy Yip\Favorites\Free porn video.url (Rogue.Link) -> Quarantined and deleted successfully.
    (end)
    ====================================================================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-22 10:39:21
    Windows 6.1.7601 Service Pack 1
    Running: rpb7un5o.exe

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4394
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4394@002548bd833f 0x1F 0x42 0x71 0xE5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0xB5 0x51 0x14 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0xCB 0x26 0x11 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xB4 0x91 0x5E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x56 0xE0 0xF1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4394 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4394@002548bd833f 0x1F 0x42 0x71 0xE5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0xB5 0x51 0x14 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x1A 0xDD 0xFC ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xB4 0x91 0x5E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x56 0xE0 0xF1 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\x300a星海爭霸 II\x300b\\x300a星海爭霸 II\x300b.lnk 1
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\x300a星海爭霸 II\x300b\\x300a星海爭霸 II\x300b.lnk 1
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@8^(u#\xe46c}摸\0 1
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@?D} 1
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@琫\nN 0
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@?琫\0 0
    Reg HKCU\Software\Microsoft\Windows Live\Companion\roy392003@yahoo.com.hk@d8816fb1e840ab0254a4dfada7f6c24c\r\n 0x11 0x06 0x50 0x6F ...
    ---- Files - GMER 1.0.15 ----
    File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team.manifest 588 bytes
    File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team@1.0.0..manifest 588 bytes
    File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team.manifest 588 bytes
    File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team@1.9.7..manifest 588 bytes
    File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team.manifest 588 bytes
    File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team@1.9.9..manifest 588 bytes
    ---- EOF - GMER 1.0.15 ----
    ====================================================================

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Roy Yip at 10:43:08 on 2012-08-22
    Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.13605 [GMT -7:00]
    .
    AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: 個人防火牆 *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\PPS.tv\PPStream\PPSAP.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe
    C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
    C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Roy Yip\Desktop\rpb7un5o.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.charter.net/google/index.php?q=
    uStart Page = hxxp://www.yahoo.com.hk/
    uWindow Title = Powered by Charter Communications
    uInternet Settings,ProxyOverride = local
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Roy Yip\AppData\Roaming\Complitly\AutocompletePro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - C:\Program Files (x86)\Tudou\?速Tudou\tudouDetector.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID 登入協助程式: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
    TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [PPS Accelerator] C:\PPS.tv\PPStream\ppsap.exe
    uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
    mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
    mRun: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [IME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
    StartupFolder: C:\Users\ROYYIP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\速土豆~1.LNK -
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIO-RE~1.LNK - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: 傳送至 OneNote(&N) - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    LSP: mswsock.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C} : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}\37471627771627 : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}\A4F686E67237 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{B8BC4DE1-5F10-49D7-91BA-A70F9A1960B4} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    {02478D38-C3F9-4efb-9B51-7695ECA05670}
    {0FB6A909-6086-458F-BD92-1F8EE10042A0}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
    {43BEAFD9-E005-483D-A367-146BA6C8A32E}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {9D425283-D487-4337-BAB6-AB8354A81457}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    {9D425283-D487-4337-BAB6-AB8354A81457}
    {EF99BD32-C1FB-11D2-892F-0090271D4F88}
    TB-X64: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
    mRun-x64: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
    mRun-x64: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
    mRun-x64: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
    mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
    mRun-x64: [IME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
    IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
    IE-X64: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
    IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-2-20 14136]
    R1 BS_I2cIo;BS_I2cIo;\??\C:\Windows\system32\drivers\BS_I2c64.sys --> C:\Windows\system32\drivers\BS_I2c64.sys [?]
    R1 BS_TPIO;BS_TPIO;\??\C:\Windows\system32\drivers\BS_TPIO64.sys --> C:\Windows\system32\drivers\BS_TPIO64.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-8-31 131320]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-9 974944]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-22 655944]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-6-13 386344]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
    R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
    R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-14 250056]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
    S3 BthAvrcp;Bluetooth AVRCP 組態檔;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
    S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
    S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
    S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
    S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
    S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
    S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\WN111x.sys --> C:\Windows\system32\DRIVERS\WN111x.sys [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-22 15:20:05 -------- d-----w- C:\Users\Roy Yip\AppData\Roaming\Malwarebytes
    2012-08-22 15:19:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-22 15:19:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-22 15:19:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 12:07:31 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{ACF9169F-1CD1-476B-9C0E-F80B8C97D048}
    2012-08-22 00:07:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{63490997-CB3E-4E78-B163-C32B984496FE}
    2012-08-21 12:06:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{83052195-C2E3-4AB4-A076-15CB0473D700}
    2012-08-21 00:06:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{199F1084-1D5D-4D1E-931F-9911B7D1F2C5}
    2012-08-20 23:00:33 -------- d-----w- C:\ProgramData\Battle.net
    2012-08-20 22:45:04 -------- d-----w- C:\ProgramData\Blizzard Entertainment
    2012-08-20 22:45:04 -------- d-----w- C:\Program Files (x86)\StarCraft II
    2012-08-20 22:45:04 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    2012-08-20 12:06:17 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9E110453-E715-4C7B-B6FF-A76CF897764D}
    2012-08-20 00:06:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B6761FC3-3DEB-4381-8A9A-EEDE0D5154DA}
    2012-08-19 12:05:52 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{DA031531-C94A-442D-A360-264AF0A932A3}
    2012-08-19 00:05:39 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{0AA137AD-C40A-4AD5-8CA5-050F9B248690}
    2012-08-18 12:05:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3BFA2964-9DED-4BBB-8054-50E500CC4866}
    2012-08-18 00:04:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6690BC6B-96EE-4ED1-B71D-CFDDC28F1C28}
    2012-08-17 09:30:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9EC34FF4-CB67-49EB-86D0-93088119888F}
    2012-08-17 09:30:23 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{AFC381E6-0279-4172-8FA5-302343002404}
    2012-08-16 21:31:09 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8DFE87C6-74F4-4C6B-B097-4E01745909D0}
    2012-08-16 09:30:45 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{468A4D13-AFF7-4F7F-A100-1A0B899CE983}
    2012-08-16 09:30:23 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4E723BBE-562C-40B8-B5D8-3A3A5335A358}
    2012-08-15 21:29:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5D26C4F5-5E5C-4B72-B10B-A6F240D84A6C}
    2012-08-15 21:29:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C49B059A-BAF3-41AD-838C-4D7971C2C11B}
    2012-08-15 10:04:24 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2012-08-15 07:42:42 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-08-15 00:58:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C4A47706-2335-4471-9710-0753847B01CB}
    2012-08-15 00:58:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4A27EC3B-2E2F-4BC0-858F-6E7571AB69A3}
    2012-08-14 14:18:30 -------- d-----w- C:\Program Files\CPUID
    2012-08-14 14:06:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-14 14:06:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-14 12:57:58 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7EAFAAB3-37CF-49BB-B510-BBAFB926ACBD}
    2012-08-14 12:57:30 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F33E184B-C00A-4875-9CAB-7D7197DD62C4}
    2012-08-14 05:53:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BF2D6CD0-83AA-46A6-9C0C-66309842971D}
    2012-08-14 05:53:01 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{53C15148-8777-419E-A8D3-08647DDA1DEA}
    2012-08-13 17:52:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5383E5EE-88AA-4D0D-864D-7A109AF2E69D}
    2012-08-13 17:52:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{580633FE-07B6-4841-9D18-529FC6B6A7F4}
    2012-08-13 05:51:37 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{12FC1627-06B6-4C4A-8C08-A4E9546F69F0}
    2012-08-13 05:51:14 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{24C18583-5591-4F08-AF95-D24028FFC043}
    2012-08-12 17:50:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4FB48938-E7F4-4F39-A448-F2A041A1F02C}
    2012-08-12 17:50:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{211A0E65-9125-40B9-81D1-FF4F68D152A2}
    2012-08-12 05:49:58 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{19EACD02-E456-41CF-B96C-811BB1DBBDF5}
    2012-08-12 05:49:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3114121F-4A21-4368-AEA9-B67C8105F564}
    2012-08-11 17:49:09 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{46DF1A1A-9B4E-4681-BDF9-738B987FD84D}
    2012-08-11 17:48:47 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1A14E8CC-B835-4B80-A133-BBA51EFB1305}
    2012-08-11 05:48:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{EE29170B-8606-48CF-9926-EFC984798AA6}
    2012-08-11 05:47:59 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{26410040-5714-4C5B-86B7-A802FF2CB2D0}
    2012-08-10 17:47:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5E19881C-8065-47AF-8B0F-3147ABA31138}
    2012-08-10 17:47:12 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{320ECA2D-FB29-4252-9B96-F3377F1C788D}
    2012-08-10 05:46:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D86488D1-47DC-4E59-9AA0-3FE52B3FABE1}
    2012-08-10 05:46:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{CA0DFE5D-7F60-43F5-90EE-42EC7486DC1A}
    2012-08-09 17:47:57 -------- d-----w- C:\Users\Roy Yip\AppData\Roaming\AnvSoft
    2012-08-09 17:47:42 -------- d-----w- C:\Program Files (x86)\AnvSoft
    2012-08-09 17:46:03 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6A4FA2EE-F8A2-44D4-891D-4756A76FF8AB}
    2012-08-09 17:45:41 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{AD756DD4-7AFC-4B05-B980-F38C3A4DEB8E}
    2012-08-09 05:45:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{15D45FC8-F6DC-4196-AB70-512D77539EF5}
    2012-08-09 05:44:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A269BFEE-57F6-4269-AFDF-0A430673BF67}
    2012-08-08 17:44:18 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A6C94227-D5B3-4BD5-A427-63648313CA94}
    2012-08-08 17:43:56 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4C4041AA-ABB4-4B51-BC9C-DF420C34A27A}
    2012-08-08 05:43:33 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B8102E89-BE15-4671-A263-347286D8A655}
    2012-08-08 05:43:07 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6DC7EB9B-2BAE-4CF9-803A-F98D119E27CE}
    2012-08-07 17:42:44 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B69473C5-54E4-4B0A-A0E2-2036816D061C}
    2012-08-07 17:42:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B3276097-62A5-458C-9187-C5839BAE7C65}
    2012-08-07 05:41:55 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6A1EA3BD-AECC-41DB-8BC6-B05D98064C65}
    2012-08-07 05:41:43 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B35F87F6-1FFB-48AE-809D-572CBF197ED6}
    2012-08-06 17:41:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{34AC9246-9773-45A0-BAFB-A3999F28D6CF}
    2012-08-06 17:41:16 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{814BCCB6-CFD9-4DCC-B42A-E3F07CC21300}
    2012-08-06 05:40:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{482494B0-E705-4609-B3ED-F93B07AB8570}
    2012-08-06 05:40:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2804BC33-900A-49BA-BBEC-F014668D588F}
    2012-08-05 17:40:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{24E514C4-1A8C-4F61-9EEC-BE763A1ECF14}
    2012-08-05 17:39:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{611EE387-9777-47E3-8B65-0C1FB26A9911}
    2012-08-05 05:39:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9AEF48F7-ADA8-44EB-8FA4-CE58C82CD304}
    2012-08-05 05:38:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{79BDF927-A1DA-47F9-B3F6-F8EF0A07ACCC}
    2012-08-04 17:38:33 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{696929C8-C2E0-408D-9F4C-DE90B77B0FFD}
    2012-08-04 17:38:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D6AC97F9-A5E7-428F-AE59-4BC1B95B3FF5}
    2012-08-04 05:37:48 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3E8E3C9F-4D2D-46B1-B3A1-4F259644D1DA}
    2012-08-04 05:37:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A214482A-860D-4A06-8437-663F11A57B5D}
    2012-08-03 17:36:50 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BCD290C9-9AFB-4F3E-9DDE-CCB5CF8E348C}
    2012-08-03 17:36:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{EB935108-B16E-4FEF-A7F8-3EC0EC2427DC}
    2012-08-03 05:36:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E2933D49-5F64-494A-962C-1169877C9BCC}
    2012-08-03 05:35:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8E29FA66-D960-4A1C-983C-DDF2694D8CD3}
    2012-08-02 17:35:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2A82CBA1-64BA-4BC1-B6A6-B0BEC808F496}
    2012-08-02 17:34:56 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7DDF60BB-3401-416F-918D-81C5C0C7A0AF}
    2012-08-02 07:40:55 16 ----a-w- C:\Windows\SysWow64\22AS6EJH.dll
    2012-08-02 07:32:26 -------- d-----w- C:\Program Files (x86)\蜓樅毞狟5
    2012-08-02 05:34:20 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F398C358-0CA3-4F9E-8A96-CE37D8AAC168}
    2012-08-02 05:33:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{041500D4-9675-448F-863E-0DC5EAE31C8F}
    2012-08-01 17:33:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1F7DD50A-71DF-4B38-918B-AB4BD2B28B7A}
    2012-08-01 17:33:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2D52F759-7164-442B-B2E7-63F92CCC44DF}
    2012-08-01 05:32:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6740FF7B-AE98-46BA-94EC-1184549B6D87}
    2012-08-01 05:32:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4C8788E9-7913-4654-9110-517BB270DE8A}
    2012-07-31 23:32:24 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
    2012-07-31 17:50:24 -------- d-----w- C:\Program Files\T-TIME
    2012-07-31 17:31:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D54EE760-BDD9-4173-B4ED-111786DF56E7}
    2012-07-31 17:31:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8A8770F0-CBA6-43E8-9B09-C3058DCD419E}
    2012-07-31 05:30:52 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D51543CA-F39C-4DAF-AA55-62E4CE486436}
    2012-07-31 05:30:30 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D293A778-7930-4435-A12D-DD820A46817B}
    2012-07-30 17:30:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{372B8875-0C8A-4342-8E69-4082DD78A9C9}
    2012-07-30 17:29:44 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{221A3F42-CC5F-4803-BC10-009149DCC753}
    2012-07-30 10:28:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-30 10:28:04 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-30 05:29:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{78DBD22D-1789-4E5C-8629-34A5AD48B4BA}
    2012-07-30 05:28:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{85A7A9A2-C6B6-4B15-AAC0-37B967D223D1}
    2012-07-29 17:28:16 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{159B28E9-40B8-4E3D-980C-A1028B2C68D7}
    2012-07-29 17:27:53 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{FD368396-22D8-433B-A101-DB914E0F4FA4}
    2012-07-29 05:27:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{337544D9-2DC0-4292-8DC5-E427A13CD7DD}
    2012-07-29 05:27:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C32A417E-BB2B-4EC9-90A2-5F60FAA62FEB}
    2012-07-28 17:26:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6D265A40-49C3-4913-B258-30CDED8BB59A}
    2012-07-28 17:26:20 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F7FE290C-8CDF-49B4-BCE6-F12A372E75CD}
    2012-07-28 05:25:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9A47CB7C-0784-46BE-A9E7-E2BBA0B25A4B}
    2012-07-28 05:25:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{023A6F4E-6699-4FB1-BFF7-E731F408D7C2}
    2012-07-27 17:25:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{12DDA58D-A402-4ACF-9EE5-7526A8980E6A}
    2012-07-27 17:24:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A75FDC00-1C9D-4B90-844C-C86E631735EF}
    2012-07-27 05:24:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{755A5476-CC78-4FED-96A1-A8AC73D119C5}
    2012-07-27 05:24:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D64988D1-197B-4D77-93F9-B2C97CA1D306}
    2012-07-26 17:23:25 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E583F511-51AE-4C5E-B341-090BFD6AE47D}
    2012-07-26 17:23:02 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5845E1E4-95C3-41FB-B306-60F0CB7C2330}
    2012-07-26 05:22:37 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F9A93FAB-66D4-461E-A574-515AFFBDA885}
    2012-07-26 05:22:14 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{80738819-E7C1-4D7A-99DD-2FD5854D4673}
    2012-07-25 17:21:50 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{190ED281-1CDC-4C6E-8294-811F5C5CB255}
    2012-07-25 17:21:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1CD56FC7-9B7D-42E5-AD3D-92E95F83A251}
    2012-07-25 05:21:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BB45A82B-434A-46F0-B3DD-172A8150116D}
    2012-07-25 05:20:41 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{184DD765-30C2-47F4-872B-06287893CE27}
    2012-07-24 17:20:18 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{67094822-F382-4425-BB4C-35BEBCA9AB8D}
    2012-07-24 17:19:55 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C2D73A27-53E8-4541-8737-6E0FDC877954}
    2012-07-24 05:19:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4CBEBC53-FB5A-43A2-AAB2-582064BA4ABF}
    2012-07-24 05:19:00 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{834EBA7D-E67C-4C05-816A-43AEDBC1E554}
    .
    ==================== Find3M ====================
    .
    2012-08-20 11:34:04 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-08-04 10:48:56 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
    2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-06-07 03:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 10:43:28.90 ===============
     
  2. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 旗艦版
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/2/2011 2:18:13 AM
    System Uptime: 22/8/2012 8:29:34 AM (2 hours ago)
    .
    Motherboard: BIOSTAR Group | | TA890FXE
    Processor: AMD Phenom(tm) II X6 1055T Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 235 GiB total, 49.649 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 699 GiB total, 484.982 GiB free.
    F: is FIXED (NTFS) - 466 GiB total, 6.164 GiB free.
    G: is FIXED (NTFS) - 1863 GiB total, 1.514 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 0.31 GiB free.
    I: is FIXED (NTFS) - 466 GiB total, 309.067 GiB free.
    J: is FIXED (NTFS) - 75 GiB total, 24.419 GiB free.
    K: is FIXED (NTFS) - 466 GiB total, 0.271 GiB free.
    L: is FIXED (NTFS) - 932 GiB total, 0.247 GiB free.
    M: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ?速土豆 1.40.19.0
    《星海爭霸 II》
    7-Zip 9.15 beta
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4) - Chinese Traditional
    Advertising Center
    All Video Fixer 8.9
    Amazon Add to Wish List IE Extension 1.1
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Antiphishing Domain Advisor
    Any Video Converter 3.4.2
    Apple Software Update
    Apple 應用程式支援
    Arena CAH Death Match
    Battlefield 3? Open Beta
    Battlelog Web Plugins
    BFME1->BFME2 Map Pack BETA
    BIO-Remote
    BIOScreen
    BiosNotice
    BitComet(比特彗星) 1.29
    CA Yahoo! Anti-Spy (remove only)
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Complitly
    CyberLink PowerDirector 10
    CyberPower PowerPanel Personal Edition 1.2.3
    D3DX10
    DAEMON Tools Lite
    DolbyFiles
    Ease Audio Converter 5.21
    eHOT Line
    erLT
    ESN Sonar
    Fraps
    Free YouTube Downloader 3.3.115
    GameRanger
    HydraVision
    ImagXpress
    iTudou 2.7.2.1
    Java Auto Updater
    Java(TM) 6 Update 32
    JDownloader
    Junk Mail filter update
    LightScribe System Software
    Logitech Webcam 軟體
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.62.0.1300
    Menu Templates - Starter Kit
    Microsoft .NET Framework 1.1
    Microsoft AppLocale
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual J# .NET Redistributable Package 1.1
    MobTime Cell Phone Manager V6.6.5
    Movie Templates - Starter Kit
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need For Speed Most Wanted
    Need For Speed Underground
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero DiscSpeed
    Nero DiscSpeed Help
    Nero DriveSpeed
    Nero DriveSpeed Help
    Nero Express Help
    Nero InfoTool
    Nero InfoTool Help
    Nero Installer
    Nero Online Upgrade
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    NETGEAR WN121T wireless USB 2.0 adapter
    NVIDIA PhysX
    OpenAL
    Origin
    PPStream V2.7.0.1336 Final
    PunkBuster Services
    QuickTime
    RAIDXpert
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Rise of the Witch King Unofficial Patch 2.02
    Saints Row The Third
    SAMSUNG Intelli-studio
    Search Toolbar
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    SmartSound Quicktracks 5
    SpeedFan (remove only)
    StarCraft II
    T-Utility Green Power Utility II
    TeamViewer 7
    The Lord of the Rings - Conquest?
    Tom Clancy's Rainbow Six Vegas 2
    TOVERCLOCKER
    Tseries BIOS Update
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Video Fixer 3.23
    VLC media player 1.1.7
    Watson
    WinAVI Video Converter
    Windows 7 USB/DVD Download Tool
    Windows Live Communications Platform
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Live 程式集
    Windows Live 影像中心
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Mail Advisor
    Yahoo! Software Update
    Yahoo! Toolbar
    Zombie Driver 1.1.6b
    中世?2全面??之王?游?完美?化版
    流星蝴蝶劍
    富甲天下四
    童話
    蜓樅毞狟5 楛极笢恅V1.03唳
    跡宒馱釦 2.70
    影音之星 5.3
    適用遠端連線的 Windows Live Mesh ActiveX 控制項
    魔戒:中土戰爭II 巫王的崛起
    .
    ==== End Of File ===========================
     
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  4. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool Version: 22-08-2012
    Ran by SYSTEM at 22-08-2012 11:49:25
    Running from J:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2716216 2009-12-16] (ESET)
    HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-02] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
    HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
    HKLM-x32\...\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
    HKU\Roy Yip\...\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
    HKU\Roy Yip\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
    HKU\Roy Yip\...\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe [x]
    HKU\Roy Yip\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Roy Yip\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [x]
    HKU\Roy Yip\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
    HKU\Roy Yip\...\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [10811696 2010-12-08] (www.BitComet.com)
    HKU\Roy Yip\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
    HKU\Roy Yip\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [203928 2009-04-23] (Alcohol Soft Development Team)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\desktop(183).ini ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk
    ShortcutTarget: NETGEAR WN121T Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe (No File)
    ==================== Services (Whitelisted) ======
    2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-05-05] ()
    3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [23296 2009-12-16] (ESET)
    4 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [735960 2009-12-16] (ESET)
    2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-02-08] ()
    2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214864 2010-03-14] ()
    2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [868352 2009-05-27] (Cyber Power Systems, Inc.)
    2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
    ========================== Drivers (Whitelisted) =============
    3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [44344 2008-12-27] (MICRO-STAR INT'L CO., LTD.)
    2 eamon; C:\Windows\System32\Drivers\eamon.sys [145336 2009-12-16] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-12-16] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [169080 2009-12-18] (ESET)
    3 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [33608 2010-01-08] (ESET)
    2 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [44944 2009-12-18] (ESET)
    3 FLASHSYS; C:\Windows\SysWow64\Drivers\FLASHSYS.sys [9216 2008-02-01] ()
    3 IPvE; C:\Windows\System32\DRIVERS\IPvEx64.sys [32304 2010-06-01] (IPVE)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
    3 MRV6X64U; C:\Windows\System32\DRIVERS\WN111x.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
    3 MSILiveVirtualCamera; C:\Windows\System32\Drivers\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
    3 RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [75576 2008-12-19] (Your Corporation)
    3 RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [33080 2009-03-05] (Your Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-25] (Duplex Secure Ltd.)
    3 aspnet_state; [x]
    3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
    3 Mrvleap; C:\Windows\System32\DRIVERS\mrv64drv.sys [x]
    3 MSICDSetup; \??\D:\CDriver64.sys [x]
    3 NMIndexingService; [x]
    3 NVHDA; [x]
    3 WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [x]
    3 X6va003; [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    ============ 3 Months Modified Files ========================

    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 7%
    Total physical RAM: 16375.88 MB
    Available physical RAM: 15224.66 MB
    Total Pagefile: 16374.03 MB
    Available Pagefile: 15204.12 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:6.09 GB) NTFS
    3 Drive e: (?????) (Fixed) (Total:465.76 GB) (Free:309.07 GB) NTFS
    4 Drive f: (?????) (Fixed) (Total:465.76 GB) (Free:0.31 GB) NTFS
    5 Drive h: (BYTECC) (Fixed) (Total:698.63 GB) (Free:484.98 GB) NTFS
    6 Drive I: (SimpleDrive) (Fixed) (Total:465.76 GB) (Free:0.27 GB) NTFS
    7 Drive j: () (Removable) (Total:14.99 GB) (Free:0.45 GB) NTFS
    8 Drive k: (Elements) (Fixed) (Total:1863.01 GB) (Free:1.51 GB) NTFS
    9 Drive l: (WD USB 2) (Fixed) (Total:74.53 GB) (Free:24.42 GB) NTFS
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    11 Drive y: (FantomHD) (Fixed) (Total:931.51 GB) (Free:0.25 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 931 GB 1024 KB
    Disk 2 Online 465 GB 100 MB
    Disk 3 Online 698 GB 0 B
    Disk 4 Online 465 GB 1024 KB
    Disk 5 Online 14 GB 0 B
    Disk 6 Online 1863 GB 0 B
    Disk 7 Online 74 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y FantomHD NTFS Partition 931 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB
    Partition 2 Primary 465 GB 465 GB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 F ????? NTFS Partition 465 GB Healthy
    ==================================================================================
    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E ????? NTFS Partition 465 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 101 MB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C NTFS Partition 465 GB Healthy
    ==================================================================================
    Partitions of Disk 3:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 1024 KB
    ==================================================================================
    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H BYTECC NTFS Partition 698 GB Healthy
    ==================================================================================
    Partitions of Disk 4:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB
    ==================================================================================
    Disk: 4
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I SimpleDrive NTFS Partition 465 GB Healthy
    ==================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 31 KB
    ==================================================================================
    Disk: 5
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J NTFS Removable 14 GB Healthy
    ==================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K Elements NTFS Partition 1863 GB Healthy
    ==================================================================================
    Partitions of Disk 7:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 74 GB 1024 KB
    ==================================================================================
    Disk: 7
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 L WD USB 2 NTFS Partition 74 GB Healthy
    ==================================================================================
    Last Boot: 2011-01-07 04:47
    ======================= End Of Log ==========================

    Farbar Recovery Scan Tool Version: 22-08-2012
    Ran by SYSTEM at 2012-08-22 11:51:58
    Running from J:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  5. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    I really need a help..Please:oops:
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Something wasn't run correctly. Try the scan again please. (You made sure to get the right FRST for your OS?)
     
  7. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    Yes,I did. I get the 64 bit FRST for my OS . Which one you want me to scan again?all scan? or just the FRST scan part?
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Just FRST please.
     
  9. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool Version: 22-08-2012
    Ran by SYSTEM at 24-08-2012 06:26:07
    Running from J:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2716216 2009-12-16] (ESET)
    HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-02] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
    HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
    HKLM-x32\...\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
    HKU\Roy Yip\...\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
    HKU\Roy Yip\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
    HKU\Roy Yip\...\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe [x]
    HKU\Roy Yip\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Roy Yip\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [x]
    HKU\Roy Yip\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
    HKU\Roy Yip\...\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [10811696 2010-12-08] (www.BitComet.com)
    HKU\Roy Yip\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
    HKU\Roy Yip\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [203928 2009-04-23] (Alcohol Soft Development Team)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\desktop(183).ini ()
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk
    ShortcutTarget: NETGEAR WN121T Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe (No File)
    ==================== Services (Whitelisted) ======
    2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-05-05] ()
    3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [23296 2009-12-16] (ESET)
    4 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [735960 2009-12-16] (ESET)
    2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-02-08] ()
    2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214864 2010-03-14] ()
    2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [868352 2009-05-27] (Cyber Power Systems, Inc.)
    2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
    ========================== Drivers (Whitelisted) =============
    3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [44344 2008-12-27] (MICRO-STAR INT'L CO., LTD.)
    2 eamon; C:\Windows\System32\Drivers\eamon.sys [145336 2009-12-16] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-12-16] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [169080 2009-12-18] (ESET)
    3 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [33608 2010-01-08] (ESET)
    2 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [44944 2009-12-18] (ESET)
    3 FLASHSYS; C:\Windows\SysWow64\Drivers\FLASHSYS.sys [9216 2008-02-01] ()
    3 IPvE; C:\Windows\System32\DRIVERS\IPvEx64.sys [32304 2010-06-01] (IPVE)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
    3 MRV6X64U; C:\Windows\System32\DRIVERS\WN111x.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
    3 MSILiveVirtualCamera; C:\Windows\System32\Drivers\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
    3 RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [75576 2008-12-19] (Your Corporation)
    3 RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [33080 2009-03-05] (Your Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-25] (Duplex Secure Ltd.)
    3 aspnet_state; [x]
    3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
    3 Mrvleap; C:\Windows\System32\DRIVERS\mrv64drv.sys [x]
    3 MSICDSetup; \??\D:\CDriver64.sys [x]
    3 NMIndexingService; [x]
    3 NVHDA; [x]
    3 WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [x]
    3 X6va003; [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    ============ 3 Months Modified Files ========================

    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 7%
    Total physical RAM: 16375.88 MB
    Available physical RAM: 15228.52 MB
    Total Pagefile: 16374.03 MB
    Available Pagefile: 15204.36 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:6.09 GB) NTFS
    3 Drive e: (?????) (Fixed) (Total:465.76 GB) (Free:4.72 GB) NTFS
    4 Drive f: (?????) (Fixed) (Total:465.76 GB) (Free:308.91 GB) NTFS
    5 Drive g: (SimpleDrive) (Fixed) (Total:465.76 GB) (Free:0.15 GB) NTFS
    6 Drive h: (BYTECC) (Fixed) (Total:698.63 GB) (Free:484.98 GB) NTFS
    7 Drive j: () (Removable) (Total:14.99 GB) (Free:0.45 GB) NTFS
    8 Drive k: (Elements) (Fixed) (Total:1863.01 GB) (Free:1.53 GB) NTFS
    9 Drive l: (WD USB 2) (Fixed) (Total:74.53 GB) (Free:24.42 GB) NTFS
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    11 Drive y: (FantomHD) (Fixed) (Total:931.51 GB) (Free:0.25 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 931 GB 1024 KB
    Disk 2 Online 465 GB 1024 KB
    Disk 3 Online 698 GB 0 B
    Disk 4 Online 465 GB 100 MB
    Disk 5 Online 14 GB 0 B
    Disk 6 Online 1863 GB 0 B
    Disk 7 Online 74 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 31 KB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y FantomHD NTFS Partition 931 GB Healthy
    ==================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB
    Partition 2 Primary 465 GB 465 GB
    ==================================================================================
    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E ????? NTFS Partition 465 GB Healthy
    ==================================================================================
    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F ????? NTFS Partition 465 GB Healthy
    ==================================================================================
    Partitions of Disk 2:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB
    ==================================================================================
    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G SimpleDrive NTFS Partition 465 GB Healthy
    ==================================================================================
    Partitions of Disk 3:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 698 GB 1024 KB
    ==================================================================================
    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H BYTECC NTFS Partition 698 GB Healthy
    ==================================================================================
    Partitions of Disk 4:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 101 MB
    ==================================================================================
    Disk: 4
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 C NTFS Partition 465 GB Healthy
    ==================================================================================
    Partitions of Disk 5:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 14 GB 31 KB
    ==================================================================================
    Disk: 5
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J NTFS Removable 14 GB Healthy
    ==================================================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1863 GB 1024 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K Elements NTFS Partition 1863 GB Healthy
    ==================================================================================
    Partitions of Disk 7:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 74 GB 1024 KB
    ==================================================================================
    Disk: 7
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 L WD USB 2 NTFS Partition 74 GB Healthy
    ==================================================================================
    Last Boot: 2011-01-07 04:47
    ======================= End Of Log ==========================

    Farbar Recovery Scan Tool Version: 22-08-2012
    Ran by SYSTEM at 2012-08-24 06:27:44
    Running from J:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Back to Normal Mode...
    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  11. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    ComboFix 12-08-24.02 - Roy Yip 08/2012 週五 13:25:48.1.6 - x64
    Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.14042 [GMT -7:00]
    執行位置: c:\users\Roy Yip\Desktop\ComboFix.exe
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: 個人防火牆 *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\default\hk_sres.data
    c:\data\heotzsqqt_o\hk_sres.data
    c:\program files (x86)\Complitly
    c:\program files (x86)\Complitly\chrome\autocompleteprochrome.crx
    c:\program files (x86)\Complitly\FireFoxExtension.exe
    c:\program files (x86)\Complitly\InstTracker.exe
    c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
    c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
    c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
    c:\program files (x86)\Complitly\unins000.dat
    c:\program files (x86)\Complitly\unins000.exe
    c:\program files (x86)\driver
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\programdata\Amazon.ico
    c:\programdata\MercadoLivre.ico
    c:\programdata\Poker.ico
    c:\programdata\QuickStores.ico
    c:\windows\apppatch\AppLoc.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\@
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\L\00000004.@
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\00000004.@
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\00000008.@
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\000000cb.@
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000032.@
    c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000064.@
    c:\windows\SysWow64\cnm8E6.tmp
    c:\windows\SysWow64\SET49FE.tmp
    c:\windows\SysWow64\update
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\XSxS
    G:\autorun.inf
    .
    發現受感染 c:\windows\system32\services.exe 並且成功解毒
    從 - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe 恢復原來檔案
    .
    .
    ((((((((((((((((((((((((( 2012-07-24 至 2012-08-24 的新的檔案 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-22 18:28 . 2012-08-22 18:28 -------- d-----w- C:\FRST
    2012-08-22 15:20 . 2012-08-22 15:20 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\Malwarebytes
    2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 15:19 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-20 23:00 . 2012-08-20 23:00 -------- d-----w- c:\programdata\Battle.net
    2012-08-20 22:45 . 2012-08-20 23:14 -------- d-----w- c:\program files (x86)\StarCraft II
    2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\programdata\Blizzard Entertainment
    2012-08-15 10:04 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-08-15 07:42 . 2012-08-15 07:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-14 15:12 . 2012-08-14 15:12 -------- d-----w- c:\users\Guest
    2012-08-14 14:18 . 2012-08-14 14:18 -------- d-----w- c:\program files\CPUID
    2012-08-14 14:06 . 2012-08-14 14:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-14 14:06 . 2012-08-14 14:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-14 11:02 . 2012-08-14 11:02 -------- d-----w- c:\programdata\ATI
    2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\AnvSoft
    2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\program files (x86)\AnvSoft
    2012-08-02 07:40 . 2007-02-01 07:40 16 ----a-w- c:\windows\SysWow64\22AS6EJH.dll
    2012-08-02 07:32 . 2012-08-02 07:41 -------- d-----w- c:\program files (x86)\蜓樅毞狟5
    2012-07-31 23:32 . 2012-08-01 00:14 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
    2012-07-31 17:50 . 2012-08-01 00:11 -------- d-----w- c:\program files\T-TIME
    2012-07-30 10:28 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-30 10:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-20 11:34 . 2011-10-08 12:28 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-15 10:01 . 2011-02-21 08:06 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-04 10:48 . 2011-03-14 07:53 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-21 09:10 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-09 05:43 . 2012-07-11 11:22 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-11 11:22 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 11:22 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 11:22 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 11:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 11:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 11:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 02:48 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 02:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 02:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 02:48 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 02:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 02:48 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 02:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 02:48 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-21 02:48 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-11 11:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 11:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 11:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 11:22 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 11:22 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 11:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 11:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 11:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 11:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白與合法缺省登錄將不會被顯示
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
    c:\program files (x86)\Tudou\?速Tudou\tudouDetector.dll [?]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-09-23 11515184]
    "PPS Accelerator"="c:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-06-15 994304]
    "PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2009-05-27 315392]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
    "IME14 CHT Uninstall"="c:\program files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BIO-Remote.lnk - c:\program files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe [2011-2-20 687616]
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
    NETGEAR WN121T Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN121T\wn121t.exe [2008-3-17 2498560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
    R3 ALSysIO;ALSysIO;c:\users\ROYYIP~1\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BthAvrcp;Bluetooth AVRCP 組態檔;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-11 21504]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [2007-10-29 340480]
    R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrv64drv.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2010-01-19 234040]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2010-01-15 14136]
    S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-18 15408]
    S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys [2009-04-29 13360]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-18 279616]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-09-01 131320]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-09 974944]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
    S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
    S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;QuickCam Pro for Notebooks(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    ‘計劃任務’ 文件夾 裡的內容
    .
    2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 14:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-01 10806816]
    "CheckIt Diagnostics 8"="c:\program files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe" [2010-05-11 54088]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-09 4036176]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    "WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- 而外的掃描 -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com.hk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = local
    IE: &使用BitComet下載 - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &使用BitComet下載全部連結 - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: 傳送至 OneNote(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
    WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
    AddRemove-Complitly_is1 - c:\program files (x86)\Complitly\unins000.exe
    AddRemove-FormatFactory - j:\program files (x86)\FreeTime\FormatFactory\uninst.exe
    AddRemove-iTudou - j:\program files (x86)\Tudou\iTudou\uninst.exe
    AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    AddRemove-?速土豆 - c:\program files (x86)\Tudou\?速Tudou\uninst.exe
    .
    .
    "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
    [\]^_?\00?\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~?\00?\00\00\00w\00\00\00\00\00\00\00\00 "
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*vi.bc%21]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:45,3a,5c,e5,90,89,e6,b2,a2,e6,98,8e,e6,ad,a9,e3,81,ae,e9,a8,8e,e4,b9,
    97,e4,bd,8d,e7,8b,82,5c,53,4f,45,2d,36,30,31,2e,61,76,69,2e,62,63,21,00,38,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\SecuROM\License information*]
    "datasecu"=hex:f0,b9,bd,72,39,e8,3b,8b,c7,34,81,d7,c1,ed,73,28,26,3d,66,6c,cd,
    88,37,ed,82,64,08,83,42,0a,e4,aa,a7,e4,6d,d7,7e,49,be,b6,29,97,9f,91,fb,7c,\
    "rkeysecu"=hex:43,ea,53,ad,d3,f3,48,db,5b,63,23,0f,b1,c5,0f,53
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\j *3*3*6*0*0* *b*p*s* *xe焺_j:*:*(*jxe焺_j^?W)*:*:*M*I*c*r*o*s*o*f*t*\Responses]
    "<cr>"=hex:01,00,00,00,00,00,00,00,00,00
    "<lf>"=hex:01,00,00,00,00,00,00,00,00,00
    "<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
    "<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
    "<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
    "<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
    "<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
    "<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
    "<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
    "<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
    "0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
    "2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
    "3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
    "4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
    "6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
    "7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
    "8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
    "OK"=hex:00,00,00,00,00,00,00,00,00,00
    "RING"=hex:08,00,00,00,00,00,00,00,00,00
    "NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
    "ERROR"=hex:03,00,00,00,00,00,00,00,00,00
    "NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
    "NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
    "BUSY"=hex:06,00,00,00,00,00,00,00,00,00
    "NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
    "FAX"=hex:03,00,00,00,00,00,00,00,00,00
    "DATA"=hex:03,00,00,00,00,00,00,00,00,00
    "VOICE"=hex:03,00,00,00,00,00,00,00,00,00
    "RINGING"=hex:01,00,00,00,00,00,00,00,00,00
    "DIALING"=hex:01,00,00,00,00,00,00,00,00,00
    "RRING"=hex:01,00,00,00,00,00,00,00,00,00
    "DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
    "BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
    "+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
    "CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
    "CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
    "CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
    "CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
    "CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
    "CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
    "CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
    "CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
    "CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
    "CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
    "CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
    "CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
    "CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
    "CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
    "CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
    "CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
    "CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
    "CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
    "CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
    "CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
    "CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
    "CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
    "CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
    "CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
    "CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
    "CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
    "CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
    "CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
    "CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
    "CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
    "CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
    "CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
    "CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
    "CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
    "CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
    "CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
    "CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
    "CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
    "CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
    "CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
    "CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
    "CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
    "CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
    "CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
    "CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
    "CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
    "CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
    "CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
    "CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
    "CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
    "CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
    "CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
    "CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
    "CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
    "CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
    "CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
    "CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
    "CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
    "CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
    "CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
    "CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
    "CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
    "CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
    "CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
    "CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
    "CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
    "COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
    "COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
    "PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
    "PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
    "AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
    "AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
    "AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
    "CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
    "CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
    "CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
    "CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
    "CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
    "CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
    "CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
    "CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
    "CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
    "1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
    "5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
    "<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
    "<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
    "<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
    "<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
    "<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
    "<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
    "<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
    "<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
    "<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
    "<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
    "<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
    "<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
    "<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
    "<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
    "<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
    "<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
    "<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ 其他運行進程 ------------------------
    .
    c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    完成時間: 2012-08-24 13:35:56 - 電腦已重新啟動
    ComboFix-quarantined-files.txt 2012-08-24 20:35
    .
    Pre-Run: 55,462,686,720 bytes free
    Post-Run: 67,518,132,224 bytes free
    .
    - - End Of File - - 0E5726EB7E4CBA3CE8E54FE0473EA1F3
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  13. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    ComboFix 12-08-24.02 - Roy Yip 08/2012 週日 10:56:52.2.6 - x64
    Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.13704 [GMT -7:00]
    執行位置: c:\users\Roy Yip\Desktop\ComboFix.exe
    Command switches used :: c:\users\Roy Yip\Desktop\CFScript.txt
    AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: 個人防火牆 *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * 成功創造新還原點
    .
    .
    ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\update
    .
    .
    ((((((((((((((((((((((((( 2012-07-26 至 2012-08-26 的新的檔案 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-26 18:00 . 2012-08-26 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-08-26 18:00 . 2012-08-26 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-22 18:28 . 2012-08-22 18:28 -------- d-----w- C:\FRST
    2012-08-22 15:20 . 2012-08-22 15:20 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\Malwarebytes
    2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-22 15:19 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-20 23:00 . 2012-08-20 23:00 -------- d-----w- c:\programdata\Battle.net
    2012-08-20 22:45 . 2012-08-20 23:14 -------- d-----w- c:\program files (x86)\StarCraft II
    2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
    2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\programdata\Blizzard Entertainment
    2012-08-15 10:04 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-08-15 07:42 . 2012-08-15 07:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-14 15:12 . 2012-08-14 15:12 -------- d-----w- c:\users\Guest
    2012-08-14 14:18 . 2012-08-14 14:18 -------- d-----w- c:\program files\CPUID
    2012-08-14 14:06 . 2012-08-14 14:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-14 14:06 . 2012-08-14 14:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-14 11:02 . 2012-08-14 11:02 -------- d-----w- c:\programdata\ATI
    2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\AnvSoft
    2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\program files (x86)\AnvSoft
    2012-08-02 07:40 . 2007-02-01 07:40 16 ----a-w- c:\windows\SysWow64\22AS6EJH.dll
    2012-08-02 07:32 . 2012-08-02 07:41 -------- d-----w- c:\program files (x86)\蜓樅毞狟5
    2012-07-31 23:32 . 2012-08-01 00:14 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
    2012-07-31 17:50 . 2012-08-01 00:11 -------- d-----w- c:\program files\T-TIME
    2012-07-30 10:28 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-30 10:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-20 11:34 . 2011-10-08 12:28 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-08-15 10:01 . 2011-02-21 08:06 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-04 10:48 . 2011-03-14 07:53 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-21 09:10 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-09 05:43 . 2012-07-11 11:22 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06 . 2012-07-11 11:22 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 11:22 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 11:22 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 11:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 11:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 11:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 02:48 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 02:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 02:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 02:48 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 02:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 02:48 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 02:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 02:48 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-21 02:48 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:50 . 2012-07-11 11:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 11:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 11:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 11:22 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 11:22 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 11:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 11:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 11:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 11:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-24_20.34.23 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-02-20 10:30 . 2012-08-24 20:35 44220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2011-02-20 10:43 . 2012-08-24 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-20 10:43 . 2012-08-24 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-20 10:43 . 2012-08-24 20:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-20 10:43 . 2012-08-24 20:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-20 10:43 . 2012-08-24 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-20 10:43 . 2012-08-24 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-20 11:02 . 2012-08-26 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-20 11:02 . 2012-08-24 20:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-20 11:02 . 2012-08-26 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-20 11:02 . 2012-08-24 20:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白與合法缺省登錄將不會被顯示
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
    c:\program files (x86)\Tudou\?速Tudou\tudouDetector.dll [?]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-09-23 11515184]
    "PPS Accelerator"="c:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-06-15 994304]
    "PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2009-05-27 315392]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
    "Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
    "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
    "IME14 CHT Uninstall"="c:\program files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    BIO-Remote.lnk - c:\program files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe [2011-2-20 687616]
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
    NETGEAR WN121T Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN121T\wn121t.exe [2008-3-17 2498560]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
    R3 ALSysIO;ALSysIO;c:\users\ROYYIP~1\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
    R3 BthAvrcp;Bluetooth AVRCP 組態檔;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-11 21504]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
    R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
    R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
    R3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [2007-10-29 340480]
    R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrv64drv.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
    S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2010-01-19 234040]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2010-01-15 14136]
    S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-18 15408]
    S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys [2009-04-29 13360]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-18 279616]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-09-01 131320]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-09 974944]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
    S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
    S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
    S3 LVUVC64;QuickCam Pro for Notebooks(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    ‘計劃任務’ 文件夾 裡的內容
    .
    2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 14:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-01 10806816]
    "CheckIt Diagnostics 8"="c:\program files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe" [2010-05-11 54088]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-09 4036176]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    "WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
    .
    ------- 而外的掃描 -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com.hk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = local
    IE: &使用BitComet下載 - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &使用BitComet下載全部連結 - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: 傳送至 OneNote(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
    AddRemove-?速土豆 - c:\program files (x86)\Tudou\?速Tudou\uninst.exe
    .
    .
    "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
    [\]^_?\00?\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~?\00?\00\00\00w\00\00\00\00\00\00\00\00 "
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*vi.bc%21]
    @Allowed: (Read) (RestrictedCode)
    "0"=hex:45,3a,5c,e5,90,89,e6,b2,a2,e6,98,8e,e6,ad,a9,e3,81,ae,e9,a8,8e,e4,b9,
    97,e4,bd,8d,e7,8b,82,5c,53,4f,45,2d,36,30,31,2e,61,76,69,2e,62,63,21,00,38,\
    "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
    .
    [HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\SecuROM\License information*]
    "datasecu"=hex:f0,b9,bd,72,39,e8,3b,8b,c7,34,81,d7,c1,ed,73,28,26,3d,66,6c,cd,
    88,37,ed,82,64,08,83,42,0a,e4,aa,a7,e4,6d,d7,7e,49,be,b6,29,97,9f,91,fb,7c,\
    "rkeysecu"=hex:43,ea,53,ad,d3,f3,48,db,5b,63,23,0f,b1,c5,0f,53
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\j *3*3*6*0*0* *b*p*s* *xe焺_j:*:*(*jxe焺_j^?W)*:*:*M*I*c*r*o*s*o*f*t*\Responses]
    "<cr>"=hex:01,00,00,00,00,00,00,00,00,00
    "<lf>"=hex:01,00,00,00,00,00,00,00,00,00
    "<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
    "<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
    "<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
    "<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
    "<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
    "<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
    "<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
    "<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
    "0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
    "2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
    "3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
    "4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
    "6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
    "7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
    "8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
    "OK"=hex:00,00,00,00,00,00,00,00,00,00
    "RING"=hex:08,00,00,00,00,00,00,00,00,00
    "NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
    "ERROR"=hex:03,00,00,00,00,00,00,00,00,00
    "NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
    "NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
    "BUSY"=hex:06,00,00,00,00,00,00,00,00,00
    "NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
    "FAX"=hex:03,00,00,00,00,00,00,00,00,00
    "DATA"=hex:03,00,00,00,00,00,00,00,00,00
    "VOICE"=hex:03,00,00,00,00,00,00,00,00,00
    "RINGING"=hex:01,00,00,00,00,00,00,00,00,00
    "DIALING"=hex:01,00,00,00,00,00,00,00,00,00
    "RRING"=hex:01,00,00,00,00,00,00,00,00,00
    "DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
    "BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
    "+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
    "CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
    "CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
    "CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
    "CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
    "CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
    "CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
    "CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
    "CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
    "CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
    "CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
    "CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
    "CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
    "CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
    "CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
    "CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
    "CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
    "CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
    "CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
    "CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
    "CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
    "CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
    "CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
    "CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
    "CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
    "CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
    "CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
    "CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
    "CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
    "CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
    "CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
    "CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
    "CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
    "CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
    "CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
    "CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
    "CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
    "CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
    "CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
    "CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
    "CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
    "CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
    "CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
    "CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
    "CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
    "CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
    "CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
    "CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
    "CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
    "CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
    "CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
    "CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
    "CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
    "CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
    "CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
    "CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
    "CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
    "CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
    "CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
    "CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
    "CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
    "CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
    "CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
    "CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
    "CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
    "CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
    "CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
    "CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
    "CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
    "CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
    "CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
    "CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
    "CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
    "CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
    "CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
    "CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
    "CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
    "CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
    "CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
    "CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
    "CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
    "CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
    "CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
    "CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
    "CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
    "CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
    "CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
    "CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
    "COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
    "COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
    "COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
    "PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
    "PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
    "PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
    "AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
    "AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
    "AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
    "CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
    "CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
    "CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
    "CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
    "CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
    "CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
    "CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
    "CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
    "CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
    "CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
    "CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
    "CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
    "CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
    "1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
    "5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
    "<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
    "<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
    "<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
    "<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
    "<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
    "<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
    "<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
    "<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
    "<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
    "<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
    "<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
    "<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
    "<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
    "<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
    "<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
    "<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
    "<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
    "<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
    "<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
    "<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
    "<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
    "<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
    "<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
    "<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
    "<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
    "<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
    "<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
    "<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
    "<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
    00
    "<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
    00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
    "<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
    "<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    完成時間: 2012-08-26 11:02:19
    ComboFix-quarantined-files.txt 2012-08-26 18:02
    ComboFix2.txt 2012-08-24 20:35
    .
    Pre-Run: 67,338,436,608 bytes free
    Post-Run: 67,075,502,080 位元組可用
    .
    - - End Of File - - 615F957A095AD6D1338DE1E01B752138
     
  14. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    # AdwCleaner v1.801 - Logfile created 08/26/2012 at 11:06:24
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Roy Yip - ROYYIP-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Roy Yip\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Users\Roy Yip\AppData\Roaming\Complitly
    Folder Found : C:\ProgramData\boost_interprocess
    File Found : C:\Users\Public\Desktop\QuickStores.url
    ***** [Registry] *****
    Key Found : HKCU\Software\Complitly
    Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
    [x64] Key Found : HKCU\Software\Complitly
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
    ***** [Registre - GUID] *****
    Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    [x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    [x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.7601.17514
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [2423 octets] - [26/08/2012 11:06:24]
    ########## EOF - C:\AdwCleaner[R1].txt - [2551 octets] ##########
     
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Remove the Adware.
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    Please post the log.

    Please run the F-Secure Online Scanner
    • Accept the License Agreement and check the box. Then click on Run Check.
    • [​IMG]
    • It will ask you to Run the Java plugin. Please confirm.
    • Once the download completes, the window for the scanner will launch.
    • Please confirm anymore prompts, and then select Full Scan.
    • The scan will take some time to finish, so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • It will run its cleaning.
    • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
     
  16. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    # AdwCleaner v1.801 - Logfile created 08/27/2012 at 04:07:27
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Roy Yip - ROYYIP-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Roy Yip\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Users\Roy Yip\AppData\Roaming\Complitly
    Folder Deleted : C:\ProgramData\boost_interprocess
    File Deleted : C:\Users\Public\Desktop\QuickStores.url
    ***** [Registry] *****
    Key Deleted : HKCU\Software\Complitly
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
    ***** [Registre - GUID] *****
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    [x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.7601.17514
    [OK] Registry is clean.
    *************************
    AdwCleaner[R1].txt - [2534 octets] - [26/08/2012 11:06:24]
    AdwCleaner[S1].txt - [1986 octets] - [27/08/2012 04:07:27]
    ########## EOF - C:\AdwCleaner[S1].txt - [2114 octets] ##########
     
  17. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24


    Scanning Report

    Monday, August 27, 2012 04:17:08 - 10:37:35

    Computer name: ROYYIP-PC
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\ E:\ G:\ H:\ I:\ K:\ L:\
    29 malware found

    TrackingCookie.Questionmarket (spyware)
    • System (Disinfected)
    TrackingCookie.Adinterax (spyware)
    • System (Disinfected)
    TrackingCookie.2o7 (spyware)
    • System (Disinfected)
    TrackingCookie.Advertising (spyware)
    • System (Disinfected)
    TrackingCookie.Atdmt (spyware)
    • System (Disinfected)
    TrackingCookie.Adtech (spyware)
    • System (Disinfected)
    TrackingCookie.Adform (spyware)
    • System (Disinfected)
    TrackingCookie.Doubleclick (spyware)
    • System (Disinfected)
    TrackingCookie.Revsci (spyware)
    • System (Disinfected)
    Trojan.Generic.KDV (spyware)
    • System (Disinfected)
    TrackingCookie.WebTrendsLive (spyware)
    • System (Disinfected)
    TrackingCookie.Clickbank (spyware)
    • System (Disinfected)
    TrackingCookie.Zanox (spyware)
    • System (Disinfected)
    TrackingCookie.Fastclick (spyware)
    • System (Disinfected)
    TrackingCookie.Adbrite (spyware)
    • System (Disinfected)
    TrackingCookie.Xiti (spyware)
    • System (Disinfected)
    TrackingCookie.Webtrends (spyware)
    • System (Disinfected)
    TrackingCookie.Mediaplex (spyware)
    • System (Disinfected)
    TrackingCookie.Liveperson (spyware)
    • System (Disinfected)
    TrackingCookie.Tradedoubler (spyware)
    • System (Disinfected)
    TrackingCookie.Statcounter (spyware)
    • System (Disinfected)
    TrackingCookie.Atwola (spyware)
    • System (Disinfected)
    TrackingCookie.Yieldmanager (spyware)
    • System (Disinfected)
    Trojan.Generic.KDV.690061 (virus)
    • C:\USERS\ROY YIP\DESKTOP\3\TEKNOR6VEGAS2.EXE (Not cleaned)
    Trojan.Generic.KDV.690061 (virus)
    • C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S RAINBOW SIX VEGAS 2\TEKNOR6VEGAS2.EXE (Renamed & Submitted)
    Trojan.Generic.KDV.690061 (virus)
    • C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S RAINBOW SIX VEGAS 2\BINARIES\TEKNOR6VEGAS2.EXE (Renamed & Submitted)
    Trojan.Generic.6852895 (virus)
    • C:\PROGRAM FILES (X86)\METEOR\AI306\PKAIMK.EXE (Renamed & Submitted)
    Suspicious:W32/Malware!Gemini (virus)
    • C:\PROGRAM FILES (X86)\METEOR\METEOR.EXE (Not cleaned & Submitted)
    Gen:Variant.Kazy.68159 (virus)
    • C:\PPS.TV\PPSTREAM\UPDATE.EXE (Renamed & Submitted)
    Statistics

    Scanned:
    • Files: 85392
    • System: 6666
    • Not scanned: 267
    Actions:
    • Disinfected: 23
    • Renamed: 4
    • Deleted: 0
    • Not cleaned: 2
    • Submitted: 5
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\TEMP\ETILQS_5UJOP9DCSOMX0HQDMAW3
    • C:\WINDOWS\TEMP\ETILQS_5WTSFHQ2ZV01CB3RLRQU
    • C:\WINDOWS\TEMP\ETILQS_AB79TQ5HMLYV232QHL8R
    • C:\WINDOWS\TEMP\ETILQS_AXVJ3OEQ0QZDSZUCA0I7
    • C:\WINDOWS\TEMP\ETILQS_ELS0LMRSIWYWF3K6UIDX
    • C:\WINDOWS\TEMP\ETILQS_NXZPXOFZL7VZOJEWFQTO
    • C:\WINDOWS\TEMP\ETILQS_PURHNTONFXCMU7RKHL0Z
    • C:\WINDOWS\TEMP\HSPERFDATA_ROYYIP-PC$\3668
    • C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF10F18BB8538E4E29.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF19B67FA3495E7DC1.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF1AC2D0B219708944.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF350A4DBEAEFF7244.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF43FB465A64EB8AD4.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF71E82E246DDF1E71.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF72F95DCFE9986EDE.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF7ED4B51FF11EE91B.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DFC067940B2102D7A3.TMP
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\HSPERFDATA_ROY YIP\5188
    • C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\HSPERFDATA_ROY YIP\5984
    • C:\SYSTEM VOLUME INFORMATION\{21000954-DDBE-11E1-ADEB-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{569465E6-EC8B-11E1-97C2-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{6602CA26-E242-11E1-819D-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{6602CAF6-E242-11E1-819D-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{72EE2BFD-E60D-11E1-B137-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{7E93201E-E618-11E1-9760-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{A8937742-E609-11E1-BF4B-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{A8937752-E609-11E1-BF4B-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{F5BBBA73-E5FE-11E1-B1F0-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00B66CDC448A3FF9443E225A65AE2616_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0233D6D2742295155676D68B950BB091_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\042133DF7F0A02BDAEAC242B0020CCAD_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\052E926CC9779860D8D184492BCA1E9B_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\069B9DBF2B9F7A27E5593227AB456618_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05F83BA7E9815EB43E9A4323B229DE58_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0870A64D20D365F597B85D2B6858D6D4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08BFB24ABBC68E11E644299E47C0ECD3_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B940D2F2AF66D1595ECA3CB2EEC1670_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C331D49C2D8FAFA279292DA16526DA5_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C3C94A6DF8CD9BE9C37ABAD7BF1E118_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DD71634A6C5F0035CE03CBE8D5EBA80_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E680576BDDB66586697846609D08E3F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12B47D0210C28778DD4DCBCC7B14F529_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1444B3E912FCA46FADD1110A9183B11E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1897929E08C2AC6D5F76594970C479EC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19E87295126A4E362AE71EDFB4D6163E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A03B3F045C9909AE7B1AA7CBD210680_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A6CCE4206FCA26660AE18C73898C6BF_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C7A4D5B20E1166EB2A0D4936ED245B1_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD7152393BE7AFCAA91C9EF30DFB190_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E266F1B1DEEC71140C9E8E6A718788C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E57D5C32CDA53D3F1C9F388BD2DBAF4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20276785BE000FCA65DC1E9454792815_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20AE8C601D029098AEE5C01CCD6EC0CE_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\211EC6CCE911E89DFF3EBC22ECC81F8C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22097022F3B19D062BEEFFA3801E90DC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\224F876CC2A0755DE624EE0845805EB9_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\226E918CB9B3B67BC7CC3B3D8199D458_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25ABC3D7AF1611EBB8C579F869511C9C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25CBDC39C97708A2EF58E995C557D572_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26756D1174D8CDC8DE66C5AC112951C0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\281FF9B0C3C15DC8B4EC992F5AF6430A_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28621BEE574981F83B1399DFEDCD6F15_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B1D44452FB381523968717DDC595B86_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B87CF1A6F55826705504A0EECA7B8B2_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BEC82F1AA3E9B64A8501B484BF71031_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DC9D01A15F38743808851A8D6C965A1_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FFDC0BE62C049D1E304F226932FBD3E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\329BEAC322263D9EFDAA2AE49B4A4864_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32CC9EA695E5DA37590BEEFCA8584D3F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\348DB4844D19C7155A82A50DA097CDDF_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3893EB9E8F3E51AD33EF44D6CBDE2DB0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39D4A322052C6E1A61499521E15ACF90_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A067ECED4154F8A011D53493B08517C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39E5B6F4470D3EF2093C2A6440F37481_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B6F771D33BEB362EDFC055C2C9564B0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B74A1EAD258EC53F84B295EDF560214_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3221FC795FB9710CAEE51930968A71_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EB137F3E14AEF665B33D4752FE00ACB_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F7F2B744944FBAF05E30F9A5115F49F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42A06C0C18D1188BC53677E725268566_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43D117948535957015E654C8A3F98F3F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42B9D875B603E1739088BF657671BE74_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4344DA1997F0A1DC2D54450BFD3F52FE_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4420069078C7543E4DF64686E2713ED6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\443AA28F2B7246D80E7F91462986726D_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46FEB9390BA0678EF4DE410E8A80EEFC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\478EDDC663F2A905A0EA5F4839C3CC07_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\448C9EB1B53EF565039AF9DF9F5A0D0F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47B3B7E5CB3C6B217ECF728E9BA53F32_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D51533F3E68345DB27ECB67FD8DABB8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A632BAF764A9F376FAE1DA6FA0B0B2E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B4FD122C45B24397022F42DDD59AF33_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50C8005DC453D6BF5412B64C708A37D8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5326181D38179D54644BA0F5A8306622_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\56F0F23EC9757ED8B97F2DD4750EEB16_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5719287186CE4CEC335176A75303FD9C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55B68389C48B509B69A1195F33091E62_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\573D2B58B4CABB1B79877CF05374433F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AFAF5E2909ADD6C9AED2250FB24B1C4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B62A52BF2C7BF77E2D2B9A042E4E8D4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5788330123D5CC6C883112281861B4B9_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CF73218FD91716E82C383963A874223_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6057CE5A0D808EFCC186E8FF2BEAF58A_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6121D5446813CA48E000629B843BF16E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D56645A90831A0E3CC7B55628DE1C73_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62989C9F3230D1A13FA4244F76199816_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62D7516994930A50DE97FB8FDE56AA04_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63132FB716F2EBD3917D91CF6EFFFEB6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6429965FA0AAABFCA0E38B943EED06E4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\673975BD02E07F765EE54F54C62BC463_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68C74B7CDF34D9A1211D1F93A1888DAD_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\674D78E808352F94F8F5B3AF35AB8284_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69988E054A509B0707AD9DE490B88864_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B8DFDA171363BB7ACD00E6A49E1116A_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E45ABA1DABD605344256DFF9D352320_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70CC0EF9AC13718045AF1FF208D71EDF_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7273915D901F4A18591DF3BE53170D36_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FFE0BF90680A21082657195D1B23FFC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\727B452B0B8BEF79E4D1D082438FE184_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\744E4B7860B69A864CF39D046F7B07D4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\734CD2BE3CB4E61F11C4EA9076986B2B_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75D7BC6818E84ECC7622049E96BF32FA_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\761B660BD3DE12BBBC3CEBFA9F35F8A3_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\774BC224E5282B1AD4A6DA6234D19CD8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\782353EC3FC9AA46FEF2A2646F3CA0EC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77C8DA9ED63D69CC63A71FE4D51AC868_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D0E63AC742C674C5886A3642E2B5BDB_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D2DDB6B852EA1D556EB0528E367567E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D3FF503169B9C96B7107DF11D185BC7_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FB23693EF1678327809F427FD414A4F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\808470EF6EFBE4C68AEE0B9FD36ADDF2_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8102D23AB16A189AA3B674BC3B79307E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83802C8064DAB9FA0CB206256DF998D8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84873A9A408E957E6C025425D0C49D74_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8177EEE76B577E73D9E7520BB35E25D9_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\854874B3908D97F80CA02B81C2A0429E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86171B48031BD1B6A571682F1293CAF5_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8576FD000AADC9CBB4AAE4E51709A9E3_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87373271DEF8C8E9982199555396AF4A_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\882E72C3DD7B41DB44D22162E64B5995_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B3725D31C52960EDF13F41DF008D657_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C24EEF4A3A672B366EC01BEC2E6765C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\885FCBBA5FB7344E91F43DBF580C427C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DC5285EA359AD0872DC8EF8BC825DF8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E41261BA3D25171DFBA614038BB10E3_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F04DB2643337C6330609027D1AFB789_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F489D7C45C6050426671C05C930CC89_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9050C937D8455DBA02A23A78C741C147_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\922225B26620D901A486BB03097584C0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9377CBF77DFB169D083648419E8F3CFA_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\928B146EED7C3540F38550ADA01F7AA8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93C28145270B404D035B1B1C9B5F6707_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9440506DE7F99154E140BA0C5DAEF722_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9590655D2DA203DDD3729CC3B432FFC7_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97A7F15F212EA21385482701373EBE6A_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98C85174B6E6C78179E701E3B541BFEB_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99DDD47B4D97F27A560A3A533D05D425_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CBC4C5D900EC9A634FAB54992D8384E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D16B07497DF1ED5EF925CC649CD1C44_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01DC43D75AF725FA8CF6A0FD8E7E03D_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A11779FDB16EAB0D63AA69E91B7980B6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A15E4671868B50AA994DBCCA52D62089_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A184161B3677198483EED8C33A958A6F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1BD2F4C0E1845377ACA0BB50ABD2521_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1EBB99EE4F8B85E1A97A80039D915BE_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2A198980C2C32DD59BA3ADC497AC0BE_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A27C84C3D0326D534462AE6559092526_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A55D5CBE1BA405E33755C29805E86AE5_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2EB268E93C8255986E206DEF2AFD61D_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5BE1C48503D35A7E1BAB1662EAB7F93_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A62F90BB80D75AF5FB588CA1EADD140E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7AC03753966A5D8793BDE4ADCFE4CEB_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9FC32729200F074ED619919852C0BD5_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8501E55ABFFFEE3BA46D5FD6D55EDB5_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE3A59C64327416BEF25BF64FAB223AE_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF46246D04922DCCE8923FD1E25B7DAD_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACECD32E3261C7C6B6CA98FB91F7AEF8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF60236EB28F6C2BDE002FB0286C6671_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0AE8D449287A2AEC9D16A7FEB1A9E51_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0E65F32C7246FD35DFFDB976FDFB0EC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B038B7550398E42AD279F506A0790A52_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1429A56D1F743B06DE190EBC6033729_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B23A38ED66F05E3B06C040C1DFB24CA1_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B363749AF9CED049748BEC953B16E97B_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F3D392620404EC38FA8FD6635CF018_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7228CC87EA5BA9E9791517459B13210_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6EEBD6CF291F51589EEBAC8D17F55F6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6085C316CE7F27D61CD3D4774C3A5A6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B852DC9A4F43C7474BD677230C7FBEA0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B97AE9BFA83818F1DAFB6E755DB248C8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA4D03545494A8773D64D9B4C224387E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7D2C099ECDF0DE85CE6760C3ECC7C0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFEC5C50A62F3A0099B7C29E4BE1041E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE1EBF1E1FD729ECEF23C1A801217EE2_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0A3697ACCB4C994C75D7DFCD214FF1F_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C17D0BCE1D489EBD014FD69BD0B11FCF_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2F794D71597E9EDD798BCB68900ED21_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C33CC62CDB67C584D1F3C575F0F41954_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4D3164208098F5C2637DAC0258170E1_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4F88B87A1A68AE90BFE8B4BA7C2A4EB_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C60926E949A7B0324F54E96B505FB526_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C606B0E26E2E5C5C1CBCD99D7AC2969C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C709E228F7EC2F37E75E5888D174F6AC_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7A8E66371A542F91DD3480445CC017C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7C9306629B2F6EF0FAC8664AE723E26_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C857EB6C713864B0021ABAC4A3B71D89_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C90E68314E0282F6C54E5EB4048E6D97_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8E6442D70B5C9F38D76ECE040BFAEC7_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9EC86BA46425378057AB3EAD0600063_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD081E40965BCC61AFEA3E8FF804520A_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD992AB89FB0E5F6126D2DBE12019A67_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFDB5CF0778736A952C2814A1DBDC3D6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D952C01C2AE12A9D280D61D3D571D310_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0FF6B5E3009A5870CD9BB3ABFB494E4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03408BF11EEB8595B63E308F24536FA_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D989C34888B0D4E1275397432F59F932_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DACB18839B0A72F67A7530E1EF6C2FBD_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF2E1E9614703A72C5B4589A3E9B2CD2_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB666FB6F2597B14D0C3386A9A85CE97_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFA6DAA38732F02796560C14AD9DF1C4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF3B72DA76D62AE564762D3813C97D96_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2140F05393BD67ED91D1FEF119826E7_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2F7DEA527015C3B02380153208CC1C9_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3637C3D116FCC7FCC65270861B932C9_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6FE1D78C9A2745E45C5659EBCDFBDC6_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED3F2EF1AD7A1C7CCC865856D4B171FE_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED62B3F8C2A3448ADD6EF65FBE2D7B08_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF51DDA8CDFFC6FB76086250854BA38C_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE817EAC062CC17913D83F9469F2CC21_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF6A28386975A903E527A29878D7E3E4_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F128089467D28097EBDF24C67A4F4685_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2ADB86F6949018C61BF13C53599397B_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3FC02FC4A35D9D2660094D3226BE50B_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F47ECEBC6E0A013DE04684E573506EF0_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F564B2AA65B94FAFA663C119553E0755_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F656FA6DF45FC66BD957EEAED8272604_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F72C92DB2C8173585BB38DF17B219CD8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F90B3F268096771E2E81B69EDBC1CFA2_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FACDEB3EBACD867265FE1F671BC3E041_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FADBBEB887B92064ADE81C346D03C663_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9DCC7A914A1D550D446FBD659A75D15_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD4497EB8B580608D3FBEA97A7972DD7_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD7908C36B699A1DFC5BB17F82041B7E_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDD1F4CF663F0558A8F592A792BD0625_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD965500809E385FEF02955F8C2560A5_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE0FC6F96BA7153C8F1549D5AF2CE385_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE6BDFDB1E81971EA12BEF3098DBE080_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFC157A1713949CFD40A245EF2FBF1FF_8E6EEED5-9C3C-48DC-B88F-877054F98912
    • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF3FD8779D312D80229FB692BD37E7E8_8E6EEED5-9C3C-48DC-B88F-877054F98912
    Options

    Scanning engines:
    Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
    • Use advanced heuristics
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Does this game still work: TOM CLANCY'S RAINBOW SIX VEGAS 2 ?

    Did you buy/obtain it legally? I want to make sure, because if not, then it needs to be cleaned.
     
  19. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    Yes, it work. I bought it.

    ESET always block some thing from "C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000000.@

    "C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\000000cb.@"

    "C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\00000008.@"

    The reson is ...They are Agent BA ,Conedex B and Siretet.AP.Hope it would help,thank!:)
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  21. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    OTL logfile created on: 30/8/2012 12:28:34 PM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Roy Yip\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

    15.99 Gb Total Physical Memory | 13.16 Gb Available Physical Memory | 82.27% Memory free
    31.98 Gb Paging File | 28.89 Gb Available in Paging File | 90.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 234.59 Gb Total Space | 61.77 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
    Drive E: | 698.63 Gb Total Space | 482.19 Gb Free Space | 69.02% Space Free | Partition Type: NTFS
    Drive F: | 74.53 Gb Total Space | 24.42 Gb Free Space | 32.76% Space Free | Partition Type: NTFS
    Drive G: | 1863.01 Gb Total Space | 1.41 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 2.41 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
    Drive I: | 465.76 Gb Total Space | 308.91 Gb Free Space | 66.32% Space Free | Partition Type: NTFS
    Drive K: | 465.76 Gb Total Space | 0.14 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
    Drive L: | 931.51 Gb Total Space | 0.25 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

    Computer Name: ROYYIP-PC | User Name: Roy Yip | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/30 12:25:27 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Yip\Desktop\OTL.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2011/11/10 02:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2011/10/01 03:56:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/09/23 00:02:58 | 011,515,184 | ---- | M] (www.BitComet.com) -- C:\Program Files (x86)\BitComet\BitComet.exe
    PRC - [2011/09/09 13:43:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2011/08/31 18:43:10 | 000,131,320 | ---- | M] (AMD) -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    PRC - [2011/08/31 18:43:08 | 000,147,704 | ---- | M] (AMD) -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    PRC - [2011/08/31 18:43:08 | 000,131,320 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    PRC - [2011/08/31 18:43:08 | 000,073,976 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    PRC - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe
    PRC - [2010/11/25 21:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    PRC - [2010/11/12 08:38:54 | 000,221,144 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
    PRC - [2010/11/11 03:45:20 | 006,372,656 | ---- | M] (http://www.bitcomet.com) -- C:\Program Files (x86)\BitComet\plugin_emule\plugin_eMule.exe
    PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2010/02/23 20:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\PPS.tv\PPStream\PPSAP.exe
    PRC - [2009/07/31 18:36:14 | 002,680,160 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2009/07/31 14:23:22 | 000,354,128 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
    PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/06/08 15:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2009/06/03 16:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    PRC - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
    PRC - [2009/05/27 16:08:36 | 000,315,392 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
    PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
    PRC - [2009/04/03 19:17:42 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    PRC - [2008/03/17 17:11:42 | 002,498,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/11/25 21:30:40 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\hydrazht.dll
    MOD - [2010/11/12 10:23:44 | 000,330,584 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
    MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2008/03/17 17:11:42 | 002,498,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/12/15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
    SRV:64bit: - [2011/12/15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV:64bit: - [2011/12/15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2011/09/09 13:43:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010/08/19 17:43:22 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
    SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/08/14 07:06:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/10/01 03:56:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011/08/31 18:43:08 | 000,131,320 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
    SRV - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/30 22:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/11/18 02:19:57 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/11/17 09:36:31 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2011/01/12 02:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/09 19:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2010/11/09 19:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
    DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/06/06 20:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2010/05/17 18:11:20 | 000,015,408 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2c64.sys -- (BS_I2cIo)
    DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2010/04/19 23:42:38 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2010/01/19 11:39:04 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
    DRV:64bit: - [2010/01/15 02:57:36 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
    DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/28 20:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV:64bit: - [2009/07/28 18:38:00 | 000,058,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV:64bit: - [2009/07/27 20:09:48 | 000,058,368 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV:64bit: - [2009/07/24 11:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/07 21:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
    DRV:64bit: - [2009/06/19 10:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV:64bit: - [2009/06/19 09:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV:64bit: - [2009/06/17 12:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/29 14:48:22 | 000,013,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_TPIO64.sys -- (BS_TPIO)
    DRV:64bit: - [2008/07/10 18:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2007/10/28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U)
    DRV - [2010/01/15 02:57:36 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/09/11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.hk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-hk
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 38 74 59 F6 D0 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {59BDBA67-DA9B-4FD4-88DA-41D009386BEE}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{59BDBA67-DA9B-4FD4-88DA-41D009386BEE}: "URL" = http://hk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Roy Yip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/16 06:44:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/16 06:44:43 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/08/24 13:34:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files (x86)\Tudou\飞速Tudou\tudouDetector.dll (土豆网)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [CheckIt Diagnostics 8] C:\Program Files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe (Smith Micro)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Antiphishing Domain Advisor] C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe (Visicom Media Inc.)
    O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
    O4 - HKCU..\Run: [PPS Accelerator] C:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012/08/27 10:37:15 | 000,000,000 | ---D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
    O8:64bit: - Extra context menu item: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
    O8:64bit: - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O8:64bit: - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
    O9 - Extra Button: Reg Error: Key error. - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (裝置偵測)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8BC4DE1-5F10-49D7-91BA-A70F9A1960B4}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/02 14:32:34 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
    ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4BD491C7-2222-1504-DC0C-A8CED9560C83} - DirectX
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {60F214E7-55D8-FF34-B7EF-8F4A2E7F8695} - Java (Sun)
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
    ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - ff_vfw.dll File not found
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.tscc - C:\Program Files (x86)\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  22. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/30 12:25:27 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Roy Yip\Desktop\OTL.exe
    [2012/08/27 04:17:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\f-secure
    [2012/08/27 04:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2012/08/27 04:10:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/27 04:10:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\update
    [2012/08/24 13:24:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/24 13:24:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/24 13:24:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/24 13:11:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/24 13:11:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/24 13:10:11 | 004,737,458 | R--- | C] (Swearware) -- C:\Users\Roy Yip\Desktop\ComboFix.exe
    [2012/08/24 05:08:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{1876BEDB-37D1-4B4C-82C0-BFD822DD4B98}
    [2012/08/23 17:08:31 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{70AC10F9-5A03-4EE0-887C-2CB6FC4934F5}
    [2012/08/23 05:08:18 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{02F3329C-6BCF-447C-B40E-B91BED3AF3F8}
    [2012/08/22 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{461B2F03-1D60-4BEB-807B-C8D6317979CA}
    [2012/08/22 11:28:16 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/22 08:20:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Malwarebytes
    [2012/08/22 08:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/22 08:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/22 08:19:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/22 08:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/22 05:07:31 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{ACF9169F-1CD1-476B-9C0E-F80B8C97D048}
    [2012/08/21 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{63490997-CB3E-4E78-B163-C32B984496FE}
    [2012/08/21 05:06:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{83052195-C2E3-4AB4-A076-15CB0473D700}
    [2012/08/21 01:48:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rise of the Witch King Unofficial Patch 2.02
    [2012/08/20 17:06:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{199F1084-1D5D-4D1E-931F-9911B7D1F2C5}
    [2012/08/20 16:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\《星海爭霸 II》
    [2012/08/20 16:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2012/08/20 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
    [2012/08/20 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II.temp
    [2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\Documents\StarCraft II
    [2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
    [2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2012/08/20 05:06:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{9E110453-E715-4C7B-B6FF-A76CF897764D}
    [2012/08/19 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B6761FC3-3DEB-4381-8A9A-EEDE0D5154DA}
    [2012/08/19 05:05:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{DA031531-C94A-442D-A360-264AF0A932A3}
    [2012/08/18 17:05:39 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{0AA137AD-C40A-4AD5-8CA5-050F9B248690}
    [2012/08/18 05:05:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{3BFA2964-9DED-4BBB-8054-50E500CC4866}
    [2012/08/17 17:04:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6690BC6B-96EE-4ED1-B71D-CFDDC28F1C28}
    [2012/08/17 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{9EC34FF4-CB67-49EB-86D0-93088119888F}
    [2012/08/17 02:30:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{AFC381E6-0279-4172-8FA5-302343002404}
    [2012/08/16 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{8DFE87C6-74F4-4C6B-B097-4E01745909D0}
    [2012/08/16 02:30:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{468A4D13-AFF7-4F7F-A100-1A0B899CE983}
    [2012/08/16 02:30:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4E723BBE-562C-40B8-B5D8-3A3A5335A358}
    [2012/08/15 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{5D26C4F5-5E5C-4B72-B10B-A6F240D84A6C}
    [2012/08/15 14:29:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{C49B059A-BAF3-41AD-838C-4D7971C2C11B}
    [2012/08/15 01:33:48 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/15 01:33:46 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/15 01:33:46 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/15 01:33:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/15 01:33:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/15 01:33:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/15 01:33:45 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/08/15 01:33:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/15 01:33:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/15 01:33:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/15 01:33:32 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/08/15 01:33:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/15 01:33:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/15 01:33:31 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/15 01:33:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/15 01:33:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/15 01:33:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/15 01:33:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
    [2012/08/15 00:42:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/08/14 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{C4A47706-2335-4471-9710-0753847B01CB}
    [2012/08/14 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4A27EC3B-2E2F-4BC0-858F-6E7571AB69A3}
    [2012/08/14 07:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2012/08/14 07:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2012/08/14 07:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2012/08/14 07:06:07 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/14 07:06:07 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/14 05:57:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{7EAFAAB3-37CF-49BB-B510-BBAFB926ACBD}
    [2012/08/14 05:57:30 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{F33E184B-C00A-4875-9CAB-7D7197DD62C4}
    [2012/08/14 04:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/08/13 22:53:24 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{BF2D6CD0-83AA-46A6-9C0C-66309842971D}
    [2012/08/13 22:53:01 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{53C15148-8777-419E-A8D3-08647DDA1DEA}
    [2012/08/13 10:52:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{5383E5EE-88AA-4D0D-864D-7A109AF2E69D}
    [2012/08/13 10:52:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{580633FE-07B6-4841-9D18-529FC6B6A7F4}
    [2012/08/12 22:51:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{12FC1627-06B6-4C4A-8C08-A4E9546F69F0}
    [2012/08/12 22:51:14 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{24C18583-5591-4F08-AF95-D24028FFC043}
    [2012/08/12 10:50:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4FB48938-E7F4-4F39-A448-F2A041A1F02C}
    [2012/08/12 10:50:24 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{211A0E65-9125-40B9-81D1-FF4F68D152A2}
    [2012/08/11 22:49:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{19EACD02-E456-41CF-B96C-811BB1DBBDF5}
    [2012/08/11 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{3114121F-4A21-4368-AEA9-B67C8105F564}
    [2012/08/11 10:49:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{46DF1A1A-9B4E-4681-BDF9-738B987FD84D}
    [2012/08/11 10:48:47 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{1A14E8CC-B835-4B80-A133-BBA51EFB1305}
    [2012/08/11 00:11:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/08/10 22:48:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{EE29170B-8606-48CF-9926-EFC984798AA6}
    [2012/08/10 22:47:59 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{26410040-5714-4C5B-86B7-A802FF2CB2D0}
    [2012/08/10 10:47:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{5E19881C-8065-47AF-8B0F-3147ABA31138}
    [2012/08/10 10:47:12 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{320ECA2D-FB29-4252-9B96-F3377F1C788D}
    [2012/08/09 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{D86488D1-47DC-4E59-9AA0-3FE52B3FABE1}
    [2012/08/09 22:46:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{CA0DFE5D-7F60-43F5-90EE-42EC7486DC1A}
    [2012/08/09 10:47:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\Documents\Any Video Converter
    [2012/08/09 10:47:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\AnvSoft
    [2012/08/09 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2012/08/09 10:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
    [2012/08/09 10:46:03 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6A4FA2EE-F8A2-44D4-891D-4756A76FF8AB}
    [2012/08/09 10:45:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{AD756DD4-7AFC-4B05-B980-F38C3A4DEB8E}
    [2012/08/08 22:45:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{15D45FC8-F6DC-4196-AB70-512D77539EF5}
    [2012/08/08 22:44:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{A269BFEE-57F6-4269-AFDF-0A430673BF67}
    [2012/08/08 10:44:18 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{A6C94227-D5B3-4BD5-A427-63648313CA94}
    [2012/08/08 10:43:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4C4041AA-ABB4-4B51-BC9C-DF420C34A27A}
    [2012/08/07 22:43:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B8102E89-BE15-4671-A263-347286D8A655}
    [2012/08/07 22:43:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6DC7EB9B-2BAE-4CF9-803A-F98D119E27CE}
    [2012/08/07 10:42:44 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B69473C5-54E4-4B0A-A0E2-2036816D061C}
    [2012/08/07 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B3276097-62A5-458C-9187-C5839BAE7C65}
    [2012/08/06 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6A1EA3BD-AECC-41DB-8BC6-B05D98064C65}
    [2012/08/06 22:41:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B35F87F6-1FFB-48AE-809D-572CBF197ED6}
    [2012/08/06 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{34AC9246-9773-45A0-BAFB-A3999F28D6CF}
    [2012/08/06 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{814BCCB6-CFD9-4DCC-B42A-E3F07CC21300}
    [2012/08/05 22:40:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{482494B0-E705-4609-B3ED-F93B07AB8570}
    [2012/08/05 22:40:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{2804BC33-900A-49BA-BBEC-F014668D588F}
    [2012/08/05 10:40:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{24E514C4-1A8C-4F61-9EEC-BE763A1ECF14}
    [2012/08/05 10:39:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{611EE387-9777-47E3-8B65-0C1FB26A9911}
    [2012/08/04 22:39:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{9AEF48F7-ADA8-44EB-8FA4-CE58C82CD304}
    [2012/08/04 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{79BDF927-A1DA-47F9-B3F6-F8EF0A07ACCC}
    [2012/08/04 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{696929C8-C2E0-408D-9F4C-DE90B77B0FFD}
    [2012/08/04 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{D6AC97F9-A5E7-428F-AE59-4BC1B95B3FF5}
    [2012/08/03 22:37:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{3E8E3C9F-4D2D-46B1-B3A1-4F259644D1DA}
    [2012/08/03 22:37:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{A214482A-860D-4A06-8437-663F11A57B5D}
    [2012/08/03 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{BCD290C9-9AFB-4F3E-9DDE-CCB5CF8E348C}
    [2012/08/03 10:36:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{EB935108-B16E-4FEF-A7F8-3EC0EC2427DC}
    [2012/08/02 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{E2933D49-5F64-494A-962C-1169877C9BCC}
    [2012/08/02 22:35:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{8E29FA66-D960-4A1C-983C-DDF2694D8CD3}
    [2012/08/02 10:35:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{2A82CBA1-64BA-4BC1-B6A6-B0BEC808F496}
    [2012/08/02 10:34:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{7DDF60BB-3401-416F-918D-81C5C0C7A0AF}
    [2012/08/02 00:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[BTBBT]蜓樅毞狟5楛极笢恅賤唳
    [2012/08/02 00:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\蜓樅毞狟5
    [2012/08/02 00:09:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\Desktop\新增資料夾 (12)
    [2012/08/01 22:34:20 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{F398C358-0CA3-4F9E-8A96-CE37D8AAC168}
    [2012/08/01 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{041500D4-9675-448F-863E-0DC5EAE31C8F}
    [2012/08/01 10:33:34 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{1F7DD50A-71DF-4B38-918B-AB4BD2B28B7A}
    [2012/08/01 10:33:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{2D52F759-7164-442B-B2E7-63F92CCC44DF}
    [2012/07/31 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6740FF7B-AE98-46BA-94EC-1184549B6D87}
    [2012/07/31 22:32:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4C8788E9-7913-4654-9110-517BB270DE8A}
    [2012/07/31 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\T-TIME
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
     
  23. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    ========== Files - Modified Within 30 Days ==========

    [2012/08/30 12:25:27 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Yip\Desktop\OTL.exe
    [2012/08/30 12:23:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/30 02:40:08 | 001,286,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/30 02:40:08 | 001,043,536 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
    [2012/08/30 02:40:08 | 000,740,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/30 02:40:08 | 000,733,674 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
    [2012/08/30 02:40:08 | 000,005,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/27 21:07:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/27 21:07:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/27 04:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/27 04:09:37 | 4288,581,630 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/26 10:47:26 | 000,618,227 | ---- | M] () -- C:\Users\Roy Yip\Desktop\adwcleaner.exe
    [2012/08/24 13:34:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/24 13:09:49 | 004,737,458 | R--- | M] (Swearware) -- C:\Users\Roy Yip\Desktop\ComboFix.exe
    [2012/08/22 08:40:06 | 000,302,592 | ---- | M] () -- C:\Users\Roy Yip\Desktop\rpb7un5o.exe
    [2012/08/22 08:19:54 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/21 01:48:42 | 000,002,203 | ---- | M] () -- C:\Users\Roy Yip\Desktop\Unofficial 2.02 Patch Launcher.lnk
    [2012/08/20 16:02:59 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\《星海爭霸 II》.lnk
    [2012/08/20 04:34:04 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/08/18 01:10:11 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/08/18 01:09:40 | 000,555,042 | ---- | M] () -- C:\Users\Roy Yip\Desktop\2012-08-18 01.08.50.jpg
    [2012/08/17 02:31:50 | 000,030,720 | ---- | M] () -- C:\Users\Roy Yip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/08/16 05:41:49 | 000,053,715 | ---- | M] () -- C:\Users\Roy Yip\Desktop\hk-travel_hk_gotrip_com_20120815095247328.jpg
    [2012/08/16 02:47:04 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    [2012/08/16 02:42:51 | 000,028,356 | ---- | M] () -- C:\Users\Roy Yip\Desktop\xxxxxx2.jpg
    [2012/08/16 02:36:51 | 000,048,169 | ---- | M] () -- C:\Users\Roy Yip\Desktop\xxxxx.jpg
    [2012/08/15 14:28:47 | 000,428,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/14 08:14:23 | 000,000,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    [2012/08/14 07:06:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/14 07:06:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/09 10:47:47 | 000,001,200 | ---- | M] () -- C:\Users\Roy Yip\Desktop\Any Video Converter.lnk
    [2012/08/09 09:51:12 | 1199,097,052 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/09 03:27:57 | 000,070,099 | ---- | M] () -- C:\Users\Roy Yip\Desktop\Joker.jpg
    [2012/08/09 03:18:26 | 000,374,438 | ---- | M] () -- C:\Users\Roy Yip\Desktop\2012-08-09 03.17.18.jpg
    [2012/08/04 03:48:56 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2012/07/31 17:17:31 | 000,000,945 | ---- | M] () -- C:\Users\Roy Yip\Desktop\富甲天下四.lnk
    [2012/07/31 17:14:09 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/26 10:47:21 | 000,618,227 | ---- | C] () -- C:\Users\Roy Yip\Desktop\adwcleaner.exe
    [2012/08/24 13:24:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/24 13:24:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/24 13:24:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/24 13:24:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/24 13:24:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/22 08:40:04 | 000,302,592 | ---- | C] () -- C:\Users\Roy Yip\Desktop\rpb7un5o.exe
    [2012/08/22 08:19:54 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/21 01:48:42 | 000,002,203 | ---- | C] () -- C:\Users\Roy Yip\Desktop\Unofficial 2.02 Patch Launcher.lnk
    [2012/08/20 15:45:04 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\《星海爭霸 II》.lnk
    [2012/08/18 01:09:02 | 000,555,042 | ---- | C] () -- C:\Users\Roy Yip\Desktop\2012-08-18 01.08.50.jpg
    [2012/08/16 06:34:04 | 000,053,715 | ---- | C] () -- C:\Users\Roy Yip\Desktop\hk-travel_hk_gotrip_com_20120815095247328.jpg
    [2012/08/16 02:42:50 | 000,028,356 | ---- | C] () -- C:\Users\Roy Yip\Desktop\xxxxxx2.jpg
    [2012/08/16 02:36:51 | 000,048,169 | ---- | C] () -- C:\Users\Roy Yip\Desktop\xxxxx.jpg
    [2012/08/14 07:18:30 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    [2012/08/14 07:08:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/08/14 07:06:08 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/09 10:47:47 | 000,001,200 | ---- | C] () -- C:\Users\Roy Yip\Desktop\Any Video Converter.lnk
    [2012/08/09 03:27:57 | 000,070,099 | ---- | C] () -- C:\Users\Roy Yip\Desktop\Joker.jpg
    [2012/08/09 03:18:23 | 000,374,438 | ---- | C] () -- C:\Users\Roy Yip\Desktop\2012-08-09 03.17.18.jpg
    [2012/08/02 00:40:55 | 000,000,017 | ---- | C] () -- C:\Windows\tg0157c.ini
    [2012/08/02 00:40:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\tg0157b.ini
    [2012/08/02 00:40:55 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\tg0157a.ini
    [2012/08/02 00:40:55 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\22AS6EJH.dll
    [2012/07/31 17:13:11 | 000,000,945 | ---- | C] () -- C:\Users\Roy Yip\Desktop\富甲天下四.lnk
    [2012/07/31 16:32:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2012/03/28 16:16:10 | 000,000,095 | ---- | C] () -- C:\Users\Roy Yip\AppData\Local\fusioncache.dat
    [2012/03/28 13:45:57 | 000,005,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/02/29 12:15:59 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\BeepApp.exe
    [2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/01/10 19:14:40 | 000,002,048 | -HS- | C] () -- C:\Users\Roy Yip\AppData\Local\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\@
    [2011/10/08 05:28:07 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/05/21 04:18:33 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
    [2011/04/16 01:50:42 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
    [2011/03/29 09:20:34 | 000,000,017 | ---- | C] () -- C:\Users\Roy Yip\AppData\Local\resmon.resmoncfg
    [2011/03/14 00:53:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011/03/06 01:24:24 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/03/06 01:24:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011/03/05 01:57:03 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
    [2011/03/05 01:24:51 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
    [2011/03/05 01:24:28 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFICHT.DLL
    [2011/02/24 01:55:34 | 000,000,171 | ---- | C] () -- C:\Users\Roy Yip\AppData\Roaming\default.rss
    [2011/02/22 13:34:56 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/02/22 06:36:31 | 000,030,720 | ---- | C] () -- C:\Users\Roy Yip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/20 03:59:09 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\CNMVS53.DLL
    [2011/02/19 11:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/11/09 19:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2010/11/09 19:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2010/11/09 19:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2009/11/23 12:42:14 | 016,834,517 | ---- | C] () -- C:\Program Files\CheckIt Diagnostics.pdf

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2012/06/26 22:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >
     
  24. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    < %PROGRAMFILES%\*. >
    [2011/03/02 15:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
    [2012/02/29 11:20:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\A bootable USB
    [2012/08/14 07:08:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
    [2011/02/20 04:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ahead
    [2011/02/22 05:43:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alcohol Soft
    [2011/03/17 03:54:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\All Video Fixer
    [2011/06/26 02:14:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
    [2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
    [2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
    [2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD AVT
    [2012/08/09 10:47:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnvSoft
    [2012/06/13 03:21:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
    [2011/10/17 01:05:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battlelog Web Plugins
    [2012/02/09 08:16:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BIOSTAR
    [2011/05/12 02:07:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitComet
    [2011/02/22 05:18:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CA Yahoo! Anti-Spy
    [2011/05/19 02:49:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\chartertoolbar
    [2012/08/26 10:58:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2011/02/21 01:41:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Convar
    [2011/04/16 01:59:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
    [2011/04/16 01:37:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
    [2012/06/13 03:20:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
    [2012/08/30 00:00:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
    [2011/11/18 02:19:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2011/09/11 08:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA GAMES
    [2011/05/21 04:14:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EaseAudioConverter
    [2011/02/20 03:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eHOT Line
    [2012/05/22 23:17:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
    [2011/10/20 03:05:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free YouTube Downloader
    [2012/08/14 05:55:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/08/15 03:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2011/10/20 01:58:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2011/03/09 05:05:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JDownloader
    [2011/02/20 04:20:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
    [2012/08/22 08:19:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/03/23 17:02:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Medieval II Total War - Kingdoms
    [2011/07/14 12:32:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Meteor
    [2012/06/21 02:12:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2011/02/21 04:01:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    [2012/08/15 14:31:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/05/10 03:01:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2011/02/24 01:40:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2011/10/11 14:05:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2011/10/11 14:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2011/10/17 01:59:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
    [2011/10/11 14:05:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2011/02/22 06:56:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mp3DirectCut
    [2011/02/20 05:38:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MpcStar
    [2011/10/11 14:05:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/02/21 01:52:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
    [2011/02/20 04:11:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
    [2011/02/20 03:40:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NETGEAR
    [2012/05/12 01:11:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTI
    [2011/03/05 01:25:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
    [2011/10/01 03:02:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
    [2011/10/01 03:16:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
    [2012/06/13 03:21:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2012/08/14 05:55:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2011/05/21 02:56:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
    [2012/04/01 17:17:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SEGA
    [2012/06/13 03:21:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software
    [2012/02/01 00:57:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpeedFan
    [2012/08/20 16:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
    [2012/02/11 02:06:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
    [2012/08/14 05:25:14 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2012/03/13 16:02:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\THQ
    [2011/11/28 01:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toshiba
    [2012/07/30 03:10:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tseries BIOS Update
    [2011/02/22 04:38:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tudou
    [2011/03/14 00:45:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
    [2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2012/06/13 02:30:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Video Converter
    [2011/03/17 17:15:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\videofixer
    [2011/02/22 05:09:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
    [2009/08/28 21:17:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2012/06/21 02:11:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2011/02/27 00:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
    [2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
    [2012/02/23 04:19:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xenocode
    [2011/02/20 05:29:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
    [2011/02/28 20:09:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\YouKu
    [2011/04/30 13:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zombie Driver
    [2011/11/28 02:07:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\玩轉手機
    [2012/08/02 00:41:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\蜓樅毞狟5
     
  25. roy392003

    roy392003 TS Rookie Topic Starter Posts: 24

    < %appdata%\*.* >
    [2011/03/07 03:58:18 | 000,000,171 | ---- | M] () -- C:\Users\Roy Yip\AppData\Roaming\default.rss

    < MD5 for: AFD.SYS >
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
    [2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
    [2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
    [2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
    [2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2010/11/20 06:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
    [2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
    [2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
    [2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
    [2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
    [2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
    [2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2009/07/13 18:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
    [2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
    [2011/03/02 23:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 06:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
    [2011/03/02 23:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
    [2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
    [2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
    [2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...